Linux Heap Exploitation - Part 1
- 5 hours on-demand video
- 3 downloadable resources
- Full lifetime access
- Access on mobile and TV
- Certificate of Completion
Get your team access to 4,000+ top Udemy courses anytime, anywhere.Try Udemy for Business
- Scripting exploits with pwntools
- Introspecting the heap with pwndbg
- The House of Force technique
- The Fastbin Dup technique
- The Unsafe Unlink technique
- The Safe Unlink technique
- The House of Orange technique
- Using one-gadgets to drop a shell
- Leveraging a single-byte heap overflow to drop a shell
- Familiarity with the Linux command line environment
- Basic debugging skills
- A Linux VM or Host
For nearly 20 years, exploiting memory allocators has been something of an art form. Become part of that legacy with HeapLAB.
The GNU C Library (GLIBC) is a fundamental part of most Linux desktop and many embedded distributions; its memory allocator is used in everything from starting threads to dealing with I/O. Learn how to leverage this vast attack surface via different heap exploitation techniques, from the original "Unsafe Unlink" to the beautiful overflow-to-shell "House of Orange".
In this hands-on course, students will alternate between learning new techniques and developing their own exploits based on what they've learned. We'll make use of the pwntools and pwndbg frameworks to drop shells from vulnerable practice binaries, and you'll take on challenges that test what you've learned.
- Exploit developers
- Capture The Flag (CTF) players
- Those wishing to learn more about exploit dev than just stack buffer overflows
- Anyone interested in weird machines
We take a look at our first vulnerable practice binary, doing our due diligence to find out which protections it uses.
To prepare for our next heap exploitation technique, we learn about the free() function and how the fastbins operate.
Learn about the unsortedbin and malloc's unlink() macro/function in preparation for the Unsafe Unlink technique.