For nearly 20 years, exploiting memory allocators has been an art-form amongst hackers; this course can help you become part of that tradition.
The GNU C Library (GLIBC) is a fundamental part of most Linux desktop and many embedded distributions, its memory allocator is used in everything from starting threads to dealing with I/O. Learn how to leverage this vast attack surface with different heap exploitation techniques, including the beautiful overflow-to-shell "House of Orange". This is a hands-on course, students will alternate between learning new techniques and developing their own exploits based on what they've learned.
Course Requirements
Laptop - powerful enough to run VMs
8GB RAM minimum
35GB free HDD space minimum
USB-A port or dongle to copy VM
Windows / Linux / macOS
One of the following virtualisation suites:
VirtualBox
VMWare Player/Workstation/Fusion
Target Audience
CTF team members who want to take on Linux heap challenges
Linux exploit developers who want to add another string to their bow
Anyone interested in "weird machines”
Instructor Bio
Max Kamper is a researcher and exploit developer. A former Royal Marines Commando, Max was a member of the Information Exploitation Group's electronic warfare squadron. Having traded radio signals for process signals, he now specializes in exploit development against Linux platforms. Max is also the author of the "ROP Emporium" website, a resource for learning practical x86 return-oriented programming.