Kyle Zeng

Let me repeat what the technique is about to make sure I understand it correctly: 1. it uses a UAF write bug to link the `binmap-chunk` into the `unsorted bin`...

I think the technique is interesting, especially step 2. I have a question though: with step 1 & 2, which is using fastbin to fake an unsortedbin header inside main_arena,...

can you plz answer the question above (about whether it is possible to allocate a chunk inside `main_arena` using unsortedbin) ? thanks

> Step 6 (or stage 3 in the paper) is actually just a small demonstration of how one could potentially abuse the hijacked arena in order to execute arbitrary code....

I have another question, in your original example, you used non-pie binary, which means heap pointers are relatively small. Does it still work with PIE heap pointers? PIE heap pointers...

I like this technique a lot and I think it is very cool. It opens the door to exploiting arenas. However, I'm a little hesitant about merging this because it...

I think you are right. The purpose of this repository is to teach and inspire more people to explore the art of heap exploitation instead of just serving as a...

thanks!

the 2.24 version of house-of-gods works so I tried to port it to 2.23. But it seems it stops working in 2.23 and the crash seems non-trivial, can you take...

it is good to know that this technique can be improved to need fewer primitives. It'd be great if you can 1. update the existing technique in the repo to...