how2heap
how2heap copied to clipboard
shellphish
A repository for learning various heap exploitation techniques.
Hey all, I'm learning heap exploitation right now and decided to make a indexer for how2heap content. Thought I would shear with you all the JSON files I compiled https://github.com/cbechie-kiss/how2heapIndexerJSON....
Hi all, I was working on a new heap exploitation technique for older versions of glibc (< 2.27). House of Gods hijacks the thread_arena within only 8 allocations (9 if...
Corrupting the bk of a freed unsorted bin attack can be exploited to gain shell or any other security impact. The technique was found when auditing GlibC 2.32 source code,...
It'd be nice to see some write-ups on SLUB / SLAB exploitation. It should be relatively easy to rip out the allocator and turn it into a user-space library a...
This attack will give arbitrary write by Tcache list poisoning. I propose the name **House Of Mango**. This is just a PoC I will refine the code and comments readability...
Hi, all. I would like to introduce my recent work, ArcHeap: https://arxiv.org/pdf/1903.00503.pdf and also found techniques by this one. I already reported unsorted_bin_into_stack, and [this repo](https://github.com/sslab-gatech/ArcHeap/tree/master/techniques) contains other techniques (all...
https://www.alchemistowl.org/pocorgtfo/pocorgtfo18.pdf Page 22-36 has a nice write-up of the "forgotten" art of frontlinks, by abusing the largebins->nextsize ptrs.
Saw this today: http://shift-crops.hatenablog.com/entry/2017/09/17/213235 Will try to create an example here when I find the time
Metadata
Owner
Metadata
A repository for learning various heap exploitation techniques.