[Ebook] Heap Exploitation

Heap Exploitation

This short book is written for people who want to understand the internals of ‘heap memory’, particularly the implementation of glibc’s ‘malloc’ and ‘free’ procedures, and also for security researchers who want to get started in the field of heap exploitation.

The first section of the book covers and in-depth, yet concise, description about heap internals. The second section covers some of the most famous attacks. It is assumed that the reader is unfamiliar with this topic. For experienced readers, this text might be good for a quick revision.

Table of Contents

Introduction Heap Memory
Diving into glibc heap

  • malloc_chunk
  • malloc_state
  • Bins and Chunks
  • Internal Functions
  • Core Functions
  • Security Checks

Heap Exploitation

  • First Fit
  • Double Free
  • Forging chunks
  • Unlink Exploit
  • Shrinking Free Chunks
  • House of Spirit
  • House of Lore
  • House of Force
  • House of Einherjar

Secure Coding Guidelines



Source: Github