- Once upon a free()
- Vudo - An object superstitiously believed to embody magical powers
- MALLOC DES-MALEFICARUM
- Understanding the HEAP breaking it
- Understanding glibc malloc
- Heap Exploitation slides from from Modern Binary Exploitation
- Heap Exploitation short book about internals of 'heap memory'
- Post about visualizing heap operations and exploiting them
- Phrack's Yet another free() article
- libheap python library to examine ptmalloc (the glibc userland heap implementation). It has a very interesting image describing the internal flow chart of glibc.
- writeup about
- Use after free in Exim CVE-2017-16943 with POC
- Riding free on the heap – Double free attacks!
- GIST overwrite
malloc_hookby fastbins unlink attack
- Heap Safari - Thread Local Caching
- Adobe Flash Exploitation, Then and Now: From CVE-2015-5119 to CVE-2018-4878
- Post about new cache mechanism into glibc malloc that reduce security
- From Heap to RIP
- Linux Heap Exploitation Intro Series
- House Of Roman
- Glibc Heap Exploitation Basics : Introduction to ptmalloc2 internals
- Heap Overflow Exploitation on Windows 10 Explained
- how2heap a repository for learning various heap exploitation techniques.
- Linux Heap Fast Bin Double Free Exploitation
- House of corrosion A description of the "House of Corrosion" GLIBC heap exploitation technique.
- HEAP OVERFLOWS AND THE IOS KERNEL HEAP
- How a double-free bug in WhatsApp turns to RCE
- yannayl/glibc_malloc_for_exploiters GlibC Malloc for Exploiters presentation
- House of Husk: here and here for more explanation
- House of Io: bypass safe-linking by targeting directly the main tcache metadata that is pointed to from free()d allocations
- Bypassing GLIBC 2.32’s Safe-Linking Without Leaks into Code Execution: The House of Rust
- Safe-Linking – Eliminating a 20 year-old malloc() exploit primitive xoring the pointers in the single linked lists using the base address of the