Heap

• Once upon a free()
• Vudo - An object superstitiously believed to embody magical powers
• MALLOC DES-MALEFICARUM
• Understanding the HEAP breaking it
• Understanding glibc malloc
• Heap Exploitation slides from from Modern Binary Exploitation
• Heap Exploitation short book about internals of 'heap memory'
• Post about visualizing heap operations and exploiting them
• Phrack's Yet another free() article
• libheap python library to examine ptmalloc (the glibc userland heap implementation). It has a very interesting image describing the internal flow chart of glibc.
• writeup about rhme3 exploitation challenge
• Use after free in Exim CVE-2017-16943 with POC
• Riding free on the heap – Double free attacks!
• GIST overwrite malloc_hook by fastbins unlink attack
• Heap Safari - Thread Local Caching
• Adobe Flash Exploitation, Then and Now: From CVE-2015-5119 to CVE-2018-4878
• Post about new cache mechanism into glibc malloc that reduce security
• From Heap to RIP
• Linux Heap Exploitation Intro Series
  • printf might be leaking!
  • Used and Abused – Use After Free
  • The magicians cape – 1 Byte Overflow
  • Riding free on the heap – Double free attacks!
  • Set you free()
• House Of Roman
• heap-feng-shui
• Glibc Heap Exploitation Basics : Introduction to ptmalloc2 internals
• Heap Overflow Exploitation on Windows 10 Explained
• how2heap a repository for learning various heap exploitation techniques.
• Linux Heap Fast Bin Double Free Exploitation
• House of corrosion A description of the "House of Corrosion" GLIBC heap exploitation technique.
• HEAP OVERFLOWS AND THE IOS KERNEL HEAP
• How a double-free bug in WhatsApp turns to RCE
• yannayl/glibc_malloc_for_exploiters GlibC Malloc for Exploiters presentation
• House of Husk: here and here for more explanation
• House of Io: bypass safe-linking by targeting directly the main tcache metadata that is pointed to from free()d allocations
• Bypassing GLIBC 2.32’s Safe-Linking Without Leaks into Code Execution: The House of Rust
• Safe-Linking – Eliminating a 20 year-old malloc() exploit primitive xoring the pointers in the single linked lists using the base address of the mmaping
• Exploiting a Use-After-Free for code execution in every version of Python 3
• Overview of GLIBC heap exploitation techniques up to GLIBC 2.34, including their ideas and introduced mitigations along the way (february 2022)
• heap-exploitation short book written for people who want to understand the internals of 'heap memory'
• MeshyJSON: A TP-Link tdpServer JSON Stack Overflow: the heap of the musl libc library is involved.
• The Return of the JIT (Part 1) exploiting the heap using JIT-spray