CANSECWEST 2022 DOJO

Heap Exploitation

Instructor: Maxwell Dulin

May 16-17

Maxwell Dulin

More details to be added.

 

Course Schedule

From May 16 to May 17.

 

Course Abstract

As exploit mitigations have made exploitation more difficult, modern exploit development has moved to the heap. However, heap exploitation is a subject that has evaded many people for years for one reason: they focus on the techniques instead of the allocator. By learning with an allocator first style with as many visuals as possible, the techniques practically fall right out of the allocator and become practical to use.

This training is for learning heap exploit development in GLibC Malloc, which is the default allocator on most Linux distros. With this hands-on introduction into GLibC Malloc heap exploitation we will learn how the allocator functions, heap specific vulnerability classes, such as use after frees & double frees and a variety of allocator specific techniques for compromising a program.

After taking this course people will understand the GLibC Malloc allocator, and be able to discover heap specific vulnerability classes - pwning the heap with a variety of techniques, with the capability to easily learn more. In the first day of training, we dive into fd poison, classic unlink + the newer 'unsafe unlink', overlapping chunks and the house of force. On the second day, we go over mmap chunks, unsorted bin attack, information leaks and advanced heap grooming then wrap up with a final challenge.

 

Course Pre-requisites

To be added.

 

Course Learning Objectives

  • To be added.

 

Course Agenda

To be added.

 

Hardware Requirements

  • To be added.

 

Software Requirements

To be added.

Previous
Previous

Automated Program Analysis Using Machine Learning

Next
Next

Cognitive Security