Jump to content

Udemy - Linux Heap Exploitation (HeapLAB) - Part 1 & 2


Recommended Posts

[b]Udemy - Linux Heap Exploitation (HeapLAB) - Part 1 & 2[/b]
Size: 690.93 MB + 843.52 MB Type: eLearning Year: 2022 Version: 2022



This is a continuation of the HeapLAB Part 1 course, a.k.a Linux Heap Exploitation - Part 1.

If you haven't taken the above course, I highly recommend you do so before embarking on this one.

HeapLAB Part 2 is the same hands-on, practical heap exploitation, just with more new techniques for you to learn!

We're covering some more Houses, including the rather complex House of Rabbit and the oldschool House of Spirit. If you didn't break a sweat during Part 1's One-Byte challenge, in which we exploited a single byte overflow, I've built a single null-byte overflow challenge for you to test your skills against. We'll also be learning about the tcache, the Tcache Dup technique, some more obscure malloc internals such as the glibc tunables, and plenty more besides. Check out the primary learning objectives for further details.

If you already have an exploit development environment set up from Part 1, you'll be able to start right away. Hack the planet!

You can stop reading now, this part is only here because Udemy seem to think their time is best spent enforcing arbitrary limits on the length of course descriptions and telling us we can't have text in our course images rather than improving their appalling instructor experience.

Who this course is for:
Exploit developers
Capture The Flag (CTF) players
Those wishing to improve upon the skills they learned in Part 1
Anyone interested in weird machines


For nearly 20 years, exploiting memory allocators has been something of an art form. Become part of that legacy with HeapLAB.

The GNU C Library (GLIBC) is a fundamental part of most Linux desktop and many embedded distributions; its memory allocator is used in everything from starting threads to dealing with I/O. Learn how to leverage this vast attack surface via different heap exploitation techniques, from the original "Unsafe Unlink" to the beautiful overflow-to-shell "House of Orange".

In this hands-on course, students will alternate between learning new techniques and developing their own exploits based on what they've learned. We'll make use of the pwntools and pwndbg frameworks to drop shells from vulnerable practice binaries, and you'll take on challenges that test what you've learned.

Who this course is for:

Exploit developers
Capture The Flag (CTF) players
Those wishing to learn more about exploit dev than just stack buffer overflows
Anyone interested in weird machines




Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...