Introduction to GLIBC heap exploitation

Presented at 44CON 2019, Sept. 12, 2019, 1:30 p.m. (119 minutes).

A 2-hour workshop introducing folks to the basics of GLIBC heap exploitation, covering two publicly known but oft-misunderstood GLIBC heap exploit methods. VMs will be provided with the workshop, and the “House of force” and “fastbin dup” techniques will be covered in depth. Students will learn two heap exploitation techniques whilst writing exploits against two vulnerable binaries. It is aimed at those will little to no GLIBC heap experience. A lot of people who CTF are keen on learning about heap exploitation since there are always heap-based challenges and each year new techniques are brought to light. What stops them from learning these techniques is the misconception that heap exploits are prohibitively difficult to write, my workshop is there to dispel this myth and provide a starting point for those who wish to start learning new exploit development techniques.

Presenters:

  • Max Kamper - Applied Intelligence Laboratories
    An ex-Royal Marines Commando turned cyber-security enthusiast. Max cut his teeth on electronic warfare operations and now works as a researcher for Applied Intelligence Laboratories. Author of the “ROP Emporium”, he spends his time compiling the GNU C library and wondering how those MOVAPS instructions got into that one version on Ubuntu.

Links:

Similar Presentations: