Exploring the Heap

[jaiverma]

Abstract

An examination of the glibc heap memory manager.

About

A behind the scenes look at how dynamic memory management works on Linux and what happens when you call malloc or free in a program.

An examination of common programmer mistakes in memory management which could lead to security vulnerabilities and methods on exploiting them. This includes a look at vulnerabilities like Use-After-Free and Heap Overflow and how to achieve arbitrary code execution.

Pre-requisites

• Usage of malloc and free

• Basic understanding of C programming

• A laptop running Ubuntu 16.04 or below with gdb installed. (Ubuntu 17 won't work because the memory allocation algorithm has changed in the latest release)

Expected duration

1 hour

Level

Intermediate

Resources

• Malloc source
• Understanding glibc malloc

Speaker Bio

Independent infosec researcher and freelancer. CTF player with ByteBandits team.

- Can be done after the talk/workshop -

Include link to slides here

Include link to video here

[mfrw]

The url to the resources is broken.

[jaiverma]

Fixed the resources links.