Udemy
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
Development
Web Development Data Science Mobile Development Programming Languages Game Development Database Design & Development Software Testing Software Engineering Development Tools No-Code Development
Business
Entrepreneurship Communications Management Sales Business Strategy Operations Project Management Business Law Business Analytics & Intelligence Human Resources Industry E-Commerce Media Real Estate Other Business
Finance & Accounting
Accounting & Bookkeeping Compliance Cryptocurrency & Blockchain Economics Finance Finance Cert & Exam Prep Financial Modeling & Analysis Investing & Trading Money Management Tools Taxes Other Finance & Accounting
IT & Software
IT Certification Network & Security Hardware Operating Systems Other IT & Software
Office Productivity
Microsoft Apple Google SAP Oracle Other Office Productivity
Personal Development
Personal Transformation Personal Productivity Leadership Career Development Parenting & Relationships Happiness Religion & Spirituality Personal Brand Building Creativity Influence Self Esteem & Confidence Stress Management Memory & Study Skills Motivation Other Personal Development
Design
Web Design Graphic Design & Illustration Design Tools User Experience Design Game Design Design Thinking 3D & Animation Fashion Design Architectural Design Interior Design Other Design
Marketing
Digital Marketing Search Engine Optimization Social Media Marketing Branding Marketing Fundamentals Marketing Analytics & Automation Public Relations Advertising Video & Mobile Marketing Content Marketing Growth Hacking Affiliate Marketing Product Marketing Other Marketing
Lifestyle
Arts & Crafts Beauty & Makeup Esoteric Practices Food & Beverage Gaming Home Improvement Pet Care & Training Travel Other Lifestyle
Photography & Video
Digital Photography Photography Portrait Photography Photography Tools Commercial Photography Video Design Other Photography & Video
Health & Fitness
Fitness General Health Sports Nutrition Yoga Mental Health Dieting Self Defense Safety & First Aid Dance Meditation Other Health & Fitness
Music
Instruments Music Production Music Fundamentals Vocal Music Techniques Music Software Other Music
Teaching & Academics
Engineering Humanities Math Science Online Education Social Science Language Teacher Training Test Prep Other Teaching & Academics
AWS Certification Microsoft Certification AWS Certified Solutions Architect - Associate AWS Certified Cloud Practitioner CompTIA A+ Cisco CCNA AWS Certified Developer - Associate CompTIA Security+ Amazon AWS
Photoshop Graphic Design Adobe Illustrator Drawing Digital Painting InDesign Canva Character Design Figure Drawing
Life Coach Training Neuro-Linguistic Programming Mindfulness Personal Development Personal Transformation Life Purpose Meditation Neuroscience Emotional Intelligence
Web Development JavaScript React Angular CSS PHP Node.Js Python Vue JS
Google Flutter Android Development iOS Development Swift React Native Dart Programming Language Mobile Development Kotlin Redux Framework
Digital Marketing Google Ads (Adwords) Social Media Marketing Google Ads (AdWords) Certification Marketing Strategy Internet Marketing YouTube Marketing Retargeting Email Marketing
SQL Microsoft Power BI Tableau Business Analysis Business Intelligence Data Analysis MySQL Data Modeling Big Data
Business Fundamentals Entrepreneurship Fundamentals Business Strategy Startup Business Plan Freelancing Blogging Online Business Home Business
Unity Game Development Fundamentals Unreal Engine C# 3D Game Development C++ 2D Game Development Unreal Engine Blueprints Blender
30-Day Money-Back Guarantee

This course includes:

  • 5 hours on-demand video
  • 3 downloadable resources
  • Full lifetime access
  • Access on mobile and TV

Training 5 or more people?

Get your team access to 5,000+ top Udemy courses anytime, anywhere.

Try Udemy for Business
IT & Software Network & Security Linux Security

Linux Heap Exploitation - Part 1

Learn hands-on GLIBC heap exploitation with HeapLAB.
Bestseller
Rating: 4.8 out of 54.8 (119 ratings)
627 students
Created by Max Kamper
Last updated 8/2020
English
English
Current price$69.99
Original Price$99.99
Discount30% off
5 hours left at this price!
Buy now
30-Day Money-Back Guarantee

What you'll learn

  • Scripting exploits with pwntools
  • Introspecting the heap with pwndbg
  • The House of Force technique
  • The Fastbin Dup technique
  • The Unsafe Unlink technique
  • The Safe Unlink technique
  • The House of Orange technique
  • Using one-gadgets to drop a shell
  • Leveraging a single-byte heap overflow to drop a shell

Requirements

  • Familiarity with the Linux command line environment
  • Basic debugging skills
  • A Linux VM or Host

Description

For nearly 20 years, exploiting memory allocators has been something of an art form. Become part of that legacy with HeapLAB.

The GNU C Library (GLIBC) is a fundamental part of most Linux desktop and many embedded distributions; its memory allocator is used in everything from starting threads to dealing with I/O. Learn how to leverage this vast attack surface via different heap exploitation techniques, from the original "Unsafe Unlink" to the beautiful overflow-to-shell "House of Orange".

In this hands-on course, students will alternate between learning new techniques and developing their own exploits based on what they've learned. We'll make use of the pwntools and pwndbg frameworks to drop shells from vulnerable practice binaries, and you'll take on challenges that test what you've learned.

Who this course is for:

  • Exploit developers
  • Capture The Flag (CTF) players
  • Those wishing to learn more about exploit dev than just stack buffer overflows
  • Anyone interested in weird machines

Course content

9 sections • 22 lectures • 4h 51m total length

  • Preview01:33
  • What is GLIBC?
    04:48
  • What is malloc?
    02:40
  • Environment setup
    04:37

  • The top chunk
    09:51
  • Preview08:01
  • Arbitrary write via the House of Force
    16:54
  • Code execution via the House of Force
    12:15

  • Preview09:54
  • Arbitrary write via the Fastbin Dup
    17:16
  • Code execution via the Fastbin Dup
    14:40

  • Fastbin Dup 2
    24:04

  • Preview10:13
  • The original Unsafe Unlink
    22:09

  • The Safe Unlink
    22:20

  • What is the House of Orange?
    01:09
  • File stream exploitation
    10:42
  • The Unsortedbin Attack
    15:38
  • The complete House of Orange
    34:04

  • Remaindering
    06:38
  • One-Byte
    39:14

  • Outro
    02:32

Instructor

Max Kamper
Exploit Developer
Max Kamper
  • 4.8 Instructor Rating
  • 119 Reviews
  • 627 Students
  • 1 Course

Max Kamper is a researcher and exploit developer. A former Royal Marines Commando, Max was a member of the Information Exploitation Group's electronic warfare squadron. Having traded radio signals for process signals, he now specializes in exploit development against Linux platforms. Max is also the author of the ROP Emporium website, a resource for learning practical x86 return-oriented programming.

  • Udemy for Business
  • Teach on Udemy
  • Get the app
  • About us
  • Contact us
  • Careers
  • Blog
  • Help and Support
  • Affiliate
  • Terms
  • Privacy policy and cookie policy
  • Sitemap
  • Featured courses
Udemy
© 2020 Udemy, Inc.