Linux Heap Exploitation - Part 2

Continue your GLIBC heap exploitation adventure with HeapLAB Part 2!

5.00 (119 reviews)

Udemy

platform

English

language

Network & Security

What you will learn

The House of Spirit technique

The House of Lore technique

Leveraging single null byte overflows for code execution

The House of Einherjar technique

The Google Poison Null Byte technique

The House of Rabbit technique

Heap Feng Shui

The Tcache Dup technique

Why take this course?

This is a continuation of the HeapLAB Part 1 course, a.k.a Linux Heap Exploitation - Part 1.

If you haven't taken the above course, I highly recommend you do so before embarking on this one.

HeapLAB Part 2 is the same hands-on, practical heap exploitation, just with more new techniques for you to learn!

We're covering some more Houses, including the rather complex House of Rabbit and the oldschool House of Spirit. If you didn't break a sweat during Part 1's One-Byte challenge, in which we exploited a single byte overflow, I've built a single null-byte overflow challenge for you to test your skills against. We'll also be learning about the tcache, the Tcache Dup technique, some more obscure malloc internals such as the glibc tunables, and plenty more besides. Check out the primary learning objectives for further details.

If you already have an exploit development environment set up from Part 1, you'll be able to start right away. Hack the planet!

You can stop reading now, this part is only here because Udemy seem to think their time is best spent enforcing arbitrary limits on the length of course descriptions and telling us we can't have text in our course images rather than improving their appalling instructor experience.

Screenshots

Linux Heap Exploitation - Part 2 - Screenshot_01

Linux Heap Exploitation - Part 2 - Screenshot_02

Linux Heap Exploitation - Part 2 - Screenshot_03

Linux Heap Exploitation - Part 2 - Screenshot_04

Reviews

Vinicius

June 20, 2023

The Heap labs are the best Udemy courses. I cannot thank's Max enough for the amount of effort he puts in these contents. If you want to learn Heap exploitation there is no better resource on the internet, I doubt that SANS have content like this one, the videos, the challenges, the heap internals sections. I will just take one week to recover from all the challenges and I will go straight to part 3.

Conor

December 4, 2022

The quality of HeapLAB Part 1 persists into HeapLAB Part 2. Can't say enough good things about it. Very excited to dive into HeapLAB Part 3 soon.

Tsurumi

October 17, 2022

off-by-oneを始めとした、小さなバグをコード実行まで持っていく多様な方法が紹介されている。かなり知っているつもりだったが、得られるものは多かった。challengeはそれぞれひとひねりあり、おもしろかった。

Amit

September 28, 2022

The course includes Such detailed knowledge (that can't be found in the same depth level in any other place in the internet) about various types of heap exploitation techniques is given by an instructor who definetly knows the material at a very high level and explains it very well!!

June 4, 2022

Great course. From everyone I've talked to it seems like this series is the best way to get started doing libc heap exploitation.

May 31, 2022

This course was absolutely brilliant. The exercises and the material's depth allow students to really understand the content and be successful at not just completing the labs, but also to apply the knowledge for real-life and complex scenarios with modern mitigations.

Sebastian

May 26, 2022

Outstanding quality content. Often demanding and requiring the search for additional sources. Don't worry about the pain and the tears. They are normal. It means you are learning. I highly recommend and want more.

Pauline

November 16, 2021

I found this to be a very deep, challenging, and rewarding course. The instructor really knocks it out of the park with his explanations, and his problem sets do a great job of reinforcing the difficult material . The accompanying HeapLAB Bible and the malloc_testbed are great learning tools too.

Zachary

October 12, 2021

Awesome course! Prior to taking these courses (heaplab 1 and 2) I couldn't wrap my head around some of these techniques. Now they seem relatively easy thanks to the way Max explained things. I can't wait for HeapLab 3.

Sanjay

October 7, 2021

Fantastic & Max is extremely knowledgeable on a hard topic. Just amazing this course Yes needs some repeated watching but Great course

Asaf

August 21, 2021

Hands down the best online exploitation course out there. Instructor is super knowledgeable and the course is both accessible and very worthwhile and challanging even to more experienced exploit developers / CTF players.

Idan

July 29, 2021

Best of the best. You would need some deep focus and a lot of experimenting & self documenting to really understand what's going on under the hood. (although a lot of commented & visualized material is supplied)

Renato

March 2, 2021

Max does an incredible job on explaining every technique in detail so you can fully understand what and how are you exploiting different versions of the glibc. All binaries are focus on the explotation so you can focus on the exploit. I cant wait for part 3!

Ryunosuke

February 16, 2021

Max, you are really a good teacher!! I am soooooo impressed with your lecture even though I am not a security engineer, just a web developer!!!! Thank you for this great course. From Japan

Charts

Price

Rating

Enrollment distribution

Linux Heap Exploitation - Part 2 - Distribution chart