Dynamic Allocator Misuse

program-security

0/40 challenges completed

The glibc heap consists of many components distinct parts that balance performance and security. In this introduction to the heap, the thread caching layer, tcache will be targeted for exploitation. tcache is a fast thread-specific caching layer that is often the first point of interaction for programs working with dynamic memory allocations.

Dynamic Allocator Misuse Resources

Dynamic Allocator Misuse: What is the Heap?

Video

Slides

Dynamic Allocator Misuse: Dangers

Video

Slides

Dynamic Allocator Misuse: tcache

Video

Slides

Use After Free

Freebie (Easy)

Freebie (Hard)

Freebin Feint (Easy)

Freebin Feint (Hard)

Free Flag Fumble (Easy)

Free Flag Fumble (Hard)

Metadata Mischief Resources

Dynamic Allocator Misuse: Chunks and Metadata

Video

Slides

Dynamic Allocator Misuse: Metadata Corruption

Video

Slides

Metadata Mischief

Fickle Free (Easy)

Fickle Free (Hard)

Malloc Mirage (Easy)

Malloc Mirage (Hard)

Seeking Secrets (Easy)

Seeking Secrets (Hard)

Seeking Substantial Secrets (Easy)

Seeking Substantial Secrets (Hard)

Seeking Spanless Secrets (Easy)

Seeking Spanless Secrets (Hard)

Seeking Smuggled Secrets (Easy)

Seeking Smuggled Secrets (Hard)

Heap Hijinx

Sus Sequence (Easy)

Sus Sequence (Hard)

Echo Emanations (Easy)

Echo Emanations (Hard)

Stack Spoofing (Easy)

Stack Spoofing (Hard)

Stack Summoning (Easy)

Stack Summoning (Hard)

Enterprising Echo (Easy)

Enterprising Echo (Hard)

Ephemeral Echo (Easy)

Ephemeral Echo (Hard)

Subverting Safe-Linking Resources

Dynamic Allocator Misuse: Safe-Linking

Video

Slides

Subverting Safe-Linking Challenges

Seeking Safe Secrets (Easy)

Seeking Safe Secrets (Hard)

Sus Sequence Safety (Easy)

Sus Sequence Safety (Hard)

Safely Stack Summoning (Easy)

Safely Stack Summoning (Hard)

Exploitation

Overlapping Odyssey (Easy)

Overlapping Odyssey (Hard)

Tcache Terror (Easy)

Tcache Terror (Hard)