
Welcome back!
In this video we set up our exploit development environment, it simply involves getting a VM started and installing a couple of tools. If you already have a working environment from Part 1, you're good to go.
We take a look at one of the Malloc Maleficarum techniques, in which we exploit being able to call free() on an arbitrary address.
In this short video we turn our House of Spirit primitive into a shell.
Learn how to link fake chunks into the unsortedbin by leveraging a write-after-free bug.
Learn how to link fake chunks into the smallbins.
Learn how to link fake chunks into the largebins.
An introduction to single null-byte overflows on the heap, followed by a House of Einherjar tutorial.
Learn how to leverage the Google Poison Null Byte technique to create overlapping chunks via a single null-byte overflow.
The first challenge binary of HeapLAB Part 2!
Use what you've learned so far to drop a shell from this binary, do the best you can without any help!
Learn the convoluted House of Rabbit technique along with a lot of malloc internals!
Learn how to manipulate the GLIBC heap layout to your advantage during exploit development.
Learn about GLIBC's thread caching capability and how to manipulate it.
Learn how to leverage a quirk of the tcache to bypass a double-free exploit mitigation.
Practice what you've learned about the tcache to drop a shell from this challenge binary!
Thank you for supporting HeapLAB, now get out there and exploit some heap bugs!
This is a continuation of the HeapLAB Part 1 course, a.k.a Linux Heap Exploitation - Part 1.
If you haven't taken the above course, I highly recommend you do so before embarking on this one.
HeapLAB Part 2 is the same hands-on, practical heap exploitation, just with more new techniques for you to learn!
We're covering some more Houses, including the rather complex House of Rabbit and the oldschool House of Spirit. If you didn't break a sweat during Part 1's One-Byte challenge, in which we exploited a single byte overflow, I've built a single null-byte overflow challenge for you to test your skills against. We'll also be learning about the tcache, the Tcache Dup technique, some more obscure malloc internals such as the glibc tunables, and plenty more besides. Check out the primary learning objectives for further details.
If you already have an exploit development environment set up from Part 1, you'll be able to start right away. Hack the planet!
You can stop reading now, this part is only here because Udemy seem to think their time is best spent enforcing arbitrary limits on the length of course descriptions and telling us we can't have text in our course images rather than improving their appalling instructor experience.