Udemy
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
Development
Web Development Data Science Mobile Apps Programming Languages Game Development Databases Software Testing Software Engineering Development Tools E-Commerce
Business
Finance Entrepreneurship Communications Management Sales Strategy Operations Project Management Business Law Data & Analytics Home Business Human Resources Industry Media Real Estate Other
Finance & Accounting
Accounting & Bookkeeping Compliance Cryptocurrency & Blockchain Economics Finance Finance Cert & Exam Prep Financial Modeling & Analysis Investing & Trading Money Management Tools Taxes Other Finance & Economics
IT & Software
IT Certification Network & Security Hardware Operating Systems Other
Office Productivity
Microsoft Apple Google SAP Oracle Other
Personal Development
Personal Transformation Productivity Leadership Personal Finance Career Development Parenting & Relationships Happiness Religion & Spirituality Personal Brand Building Creativity Influence Self Esteem Stress Management Memory & Study Skills Motivation Other
Design
Web Design Graphic Design Design Tools User Experience Game Design Design Thinking 3D & Animation Fashion Architectural Design Interior Design Other
Marketing
Digital Marketing Search Engine Optimization Social Media Marketing Branding Marketing Fundamentals Analytics & Automation Public Relations Advertising Video & Mobile Marketing Content Marketing Growth Hacking Affiliate Marketing Product Marketing Other
Lifestyle
Arts & Crafts Food & Beverage Beauty & Makeup Travel Gaming Home Improvement Pet Care & Training Other
Photography
Digital Photography Photography Fundamentals Portraits Photography Tools Commercial Photography Video Design Other
Health & Fitness
Fitness General Health Sports Nutrition Yoga Mental Health Dieting Self Defense Safety & First Aid Dance Meditation Other
Music
Instruments Production Music Fundamentals Vocal Music Techniques Music Software Other
Teaching & Academics
Engineering Humanities Math Science Online Education Social Science Language Teacher Training Test Prep Other Teaching & Academics
Financial Analysis Stock Trading Investing Finance Fundamentals Forex Financial Modeling Accounting Excel Options Trading
AWS Certification AWS Certified Solutions Architect - Associate Microsoft Certification CompTIA A+ AWS Certified Cloud Practitioner Cisco CCNA AWS Certified Developer - Associate CompTIA Security+ Microsoft AZ-900
Photoshop Graphic Design Adobe Illustrator Drawing Digital Painting InDesign Character Design Canva Logo Design
Life Coach Training Reiki Energy Healing Neuro-Linguistic Programming Mindfulness Personal Development Personal Transformation Neuroscience Meditation
Web Development JavaScript React Angular CSS PHP Node.Js Python WordPress
Google Flutter Android Development iOS Development Swift React Native Dart Programming Language Mobile Development Kotlin Redux Framework
Digital Marketing Google Ads (Adwords) Social Media Marketing Google Ads (AdWords) Certification Marketing Strategy Internet Marketing Email Marketing Google Analytics Facebook Ads
SQL Microsoft Power BI Tableau Business Analysis Business Intelligence Data Analysis MySQL Data Modeling Big Data
Business Fundamentals Amazon FBA Dropshipping Entrepreneurship Fundamentals Business Strategy Startup Business Plan Shopify Blogging
Unity Game Development Fundamentals Unreal Engine C# 3D Game Development C++ 2D Game Development Unreal Engine Blueprints Blender
30-Day Money-Back Guarantee

This course includes:

  • 5 hours on-demand video
  • 3 downloadable resources
  • Full lifetime access
  • Access on mobile and TV

Training 5 or more people?

Get your team access to 4,000+ top Udemy courses anytime, anywhere.

Try Udemy for Business
IT & Software Network & Security Linux Security

Linux Heap Exploitation - Part 1

Learn hands-on GLIBC heap exploitation with HeapLAB.
Bestseller
Rating: 4.8 out of 54.8 (105 ratings)
534 students
Created by Max Kamper
Last updated 8/2020
English
English
Current price$69.99
Original Price$99.99
Discount30% off
5 hours left at this price!
Buy now
30-Day Money-Back Guarantee

What you'll learn

  • Scripting exploits with pwntools
  • Introspecting the heap with pwndbg
  • The House of Force technique
  • The Fastbin Dup technique
  • The Unsafe Unlink technique
  • The Safe Unlink technique
  • The House of Orange technique
  • Using one-gadgets to drop a shell
  • Leveraging a single-byte heap overflow to drop a shell

Requirements

  • Familiarity with the Linux command line environment
  • Basic debugging skills
  • A Linux VM or Host

Description

For nearly 20 years, exploiting memory allocators has been something of an art form. Become part of that legacy with HeapLAB.

The GNU C Library (GLIBC) is a fundamental part of most Linux desktop and many embedded distributions; its memory allocator is used in everything from starting threads to dealing with I/O. Learn how to leverage this vast attack surface via different heap exploitation techniques, from the original "Unsafe Unlink" to the beautiful overflow-to-shell "House of Orange".

In this hands-on course, students will alternate between learning new techniques and developing their own exploits based on what they've learned. We'll make use of the pwntools and pwndbg frameworks to drop shells from vulnerable practice binaries, and you'll take on challenges that test what you've learned.

Who this course is for:

  • Exploit developers
  • Capture The Flag (CTF) players
  • Those wishing to learn more about exploit dev than just stack buffer overflows
  • Anyone interested in weird machines

Course content

9 sections • 22 lectures • 4h 51m total length

4 lectures • 14minIntroduction

  • Preview01:33
  • What is GLIBC?
    04:48
  • What is malloc?
    02:40
  • Environment setup
    04:37

4 lectures • 47minThe House of Force

  • The top chunk
    09:51
  • Preview08:01
  • Arbitrary write via the House of Force
    16:54
  • Code execution via the House of Force
    12:15

3 lectures • 42minThe Fastbin Dup

  • Preview09:54
  • Arbitrary write via the Fastbin Dup
    17:16
  • Code execution via the Fastbin Dup
    14:40

1 lecture • 24minCHALLENGE: Fastbin Dup 2

  • Fastbin Dup 2
    24:04

2 lectures • 32minUnsafe Unlink

  • Preview10:13
  • The original Unsafe Unlink
    22:09

1 lecture • 22minSafe Unlink

  • The Safe Unlink
    22:20

4 lectures • 1hr 2minThe House of Orange

  • What is the House of Orange?
    01:09
  • File stream exploitation
    10:42
  • The Unsortedbin Attack
    15:38
  • The complete House of Orange
    34:04

2 lectures • 46minCHALLENGE: One-Byte

  • Remaindering
    06:38
  • One-Byte
    39:14

1 lecture • 3minFarewell

  • Outro
    02:32

Instructor

Max Kamper
Exploit Developer
Max Kamper
  • 4.8 Instructor Rating
  • 105 Reviews
  • 534 Students
  • 1 Course

Max Kamper is a researcher and exploit developer. A former Royal Marines Commando, Max was a member of the Information Exploitation Group's electronic warfare squadron. Having traded radio signals for process signals, he now specializes in exploit development against Linux platforms. Max is also the author of the ROP Emporium website, a resource for learning practical x86 return-oriented programming.

  • Udemy for Business
  • Teach on Udemy
  • Get the app
  • About us
  • Contact us
  • Careers
  • Blog
  • Help and Support
  • Affiliate
  • Terms
  • Privacy policy and cookie policy
  • Sitemap
  • Featured courses
Udemy
© 2020 Udemy, Inc.