Linux Heap Exploitation - Part 3

This is a continuation of the HeapLAB Part 2 course, a.k.a Linux Heap Exploitation - Part 2.

If you haven't taken the above course, I highly recommend you do so before embarking on this one.

HeapLAB Part 3 is the same hands-on, practical heap exploitation, just with more new techniques for you to learn!

This part of the course is considered "Expert", whereas the previous parts were labelled "Intermediate", that's because I'm expecting more autonomy from you this time, for example you'll be browsing the GLIBC source code in search of bugs. Don't worry though, we're going to learn a few different ways of browsing that code first.

We're covering just one more "House" of heap exploitation, know as the House of Corrosion. It's complicated but I know you're ready! We'll also be exploiting mmapped chunks, learning how multithreaded malloc works, bypassing the "Safe Linking" exploit mitigation and exploiting any GLIBC bugs we find along the way. There are also a couple more challenge binaries for you to test your new skills against, an updated PDF with all the latest techniques and mitigations, and an improved malloc testbed with multithreading and mallopt options!

Make sure you watch the Environment Setup video, even if you already have an exploit development environment set up from Part 2, you'll need to install one more tool so that you can follow along.

Hack the planet!