Linux Heap Exploitation - Part 1
Learn hands-on GLIBC heap exploitation with HeapLAB.
4.85 (686 reviews)
4,440
students
5 hours
content
Aug 2021
last update
$79.99
regular price
What you will learn
Scripting exploits with pwntools
Introspecting the heap with pwndbg
The House of Force technique
The Fastbin Dup technique
The Unsafe Unlink technique
The Safe Unlink technique
The House of Orange technique
Using one-gadgets to drop a shell
Leveraging a single-byte heap overflow to drop a shell
Why take this course?
For nearly 20 years, exploiting memory allocators has been something of an art form. Become part of that legacy with HeapLAB.
The GNU C Library (GLIBC) is a fundamental part of most Linux desktop and many embedded distributions; its memory allocator is used in everything from starting threads to dealing with I/O. Learn how to leverage this vast attack surface via different heap exploitation techniques, from the original "Unsafe Unlink" to the beautiful overflow-to-shell "House of Orange".
In this hands-on course, students will alternate between learning new techniques and developing their own exploits based on what they've learned. We'll make use of the pwntools and pwndbg frameworks to drop shells from vulnerable practice binaries, and you'll take on challenges that test what you've learned.
Content
Introduction
Welcome
What is GLIBC?
What is malloc?
Environment setup
The House of Force
The top chunk
Our 1st vulnerable binary
Arbitrary write via the House of Force
Code execution via the House of Force
The Fastbin Dup
The fastbins
Arbitrary write via the Fastbin Dup
Code execution via the Fastbin Dup
CHALLENGE: Fastbin Dup 2
Fastbin Dup 2
Unsafe Unlink
Unlinking
The original Unsafe Unlink
Safe Unlink
The Safe Unlink
The House of Orange
What is the House of Orange?
File stream exploitation
The Unsortedbin Attack
The complete House of Orange
CHALLENGE: One-Byte
Remaindering
One-Byte
Farewell
Outro
Screenshots
Reviews
Azulath
October 25, 2023
The content is interesting and the lecturer clearly knowledgeable. There are two things that could be improved:
1) It would probably be easier to have more exercises leading up to the challenge binaries. This would help honing one's skills as well as make them easier
2) The blue background on blue text is a (tiny) bit hard to read and a higher contrast would have been more pleasing.
Alon
August 26, 2023
The level of professionalism emanating from the instructor is extraordinary. Everything is presented in a crystal-clear manner, and the depth of the explanations is unparalleled. Honestly, I have not encountered such thoroughness in an online course before. Max has earned my utmost respect, and I am truly delighted to have discovered this course.
I would also like to note that I found this course through Max's ROP Emporium website: https://ropemporium.com/.
I am eager to dive into the upcoming chapters of the course!
Thank you, Max.
M
July 14, 2023
This course was one of the most organized, well presented and knowledge intensive course I have taken in any platform. Excellent in so many ways.
Vinicius
May 24, 2023
Easily the best course in Udemy, Max is such a genius teacher, I will praticy everything from this class before going to part 2.
Itay
December 5, 2022
This course is amazing.
Probably the best way to get into heap exploitation nowadays.
This couse teaches a solid base of heap exploitation "theory", along with many examples and concise summary.
Along with the techniques, it teaches some good heap research methodologies.
I've learned alot from it, and I'm looking forward the next courses.
Anthony
November 20, 2022
A huge time saving course. I learning heap exploitation on my own with online resource then I found this course. It requires a bit of knowledge about the data structures that are involved but that is described in the paper, as videos focus mostly on practice. I my case (basic knowledge about how heap works) this is a perfect to learn techniques fast.
Thank you Max !
Conor
November 8, 2022
Tricky topics require a special kind of instructor to navigate. As someone with no prior experience directly interacting with the heap or malloc and its associated quirks, not once did I feel left behind or feel like something hadn't been explained to me properly.
By far the highest quality course I have taken and I almost feel bad I paid as little as I did for it. Excited to jump into HeapLAB Part 2 soon.
Laurence
August 17, 2022
Course teaches vulnerabilities and lacks at teaching exploit development. Example: one of the templates uses (and I quote) "0xffffffffffffffff" instead of just 2**64-1 . Furthermore it's a great course for those that are stuck on the ROP-level skill plateau of binexp.
Tsurumi
June 3, 2022
tcacheと切り離すことで、glibc mallocへの攻撃方法が分かりやすく説明されている。
またテストベッドはライブラリバージョンが一通り揃っていて、ソースまでついているので、自前で環境を用意することなく、手元で挙動を試すことができる。
P
May 30, 2022
This course was absolutely brilliant. The exercises and the material's depth allow students to really understand the content and be successful at not just completing the labs, but also to apply the knowledge for real-life and complex scenarios with modern mitigations.
Gianni
May 26, 2022
Detailed explanations of the various House of 'X' techniques. The instructor has a mastery of the malloc system internals which he shares with us students in a series of fun and worked examples. This is an extremely high quality course on a subject that is hard to begin learning. 5 Stars.
Sebastian
May 26, 2022
Outstanding quality content.
Often demanding and requiring the search for additional sources.
Don't worry about the pain and the tears. They are normal. It means you are learning.
I highly recommend and want more.
Andrea
April 27, 2022
I tried to study heap exploitation by my own, although internet is full of tutorials self-own study it's very time consuming, so i decided to buy this course.
My first impression was not really positive, because initial arguments aren't really complicated and the course didn't say much more respect to a free article, but now that I completed the unlinking exploitation I think that this course is awesome! I loved the tricks about one gadget explained in the section 3 and the Max's capacity to explain a complex argument in a rigorous and accurate way.
The only thing i didn't like is the fact that the course is very short in my opinion. But it's ok after all.
Eddie
March 1, 2022
This was by far the best course I've seen on udemy. The amount of time spent preparing the labs is amazing as the scripts had all the linkers all setup. Thank you!!
むわ
February 7, 2021
i remember searching "heap exploit" on youtube but all i found is old technique with old school fashion way (ex: black terminal with vanila gdb)
and later that day i found max video about him teaching heap exploit in more modern and easy explanatory way
it's so sad that i can't be in the video, learning heap exp onsite with him. but surprisingly he decide to make a course similar to that video in udemy
i like the way he explain things, sometimes it's not easy to understand but later i rewind again the course it's actually takes time to understand
Charts
Price
Rating
Enrollment distribution
Related Topics
2982240
udemy ID
4/10/2020
course created date
7/20/2020
course indexed date
Bot
course submited by