Skip to content

Commit 53492b4

Browse files
Kyle-KyleKyle-Kyle
committed
update README
1 parent 8499f2a commit 53492b4

File tree

1 file changed

+21
-25
lines changed

1 file changed

+21
-25
lines changed

README.md

Lines changed: 21 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -126,37 +126,33 @@ Another excellent gdb plugin that provides the ability to examine the glibc heap
126126

127127
Examine the glibc heap in IDA Pro: https://github.com/danigargu/heap-viewer
128128

129-
## Forkever
130-
131-
Debugger that lets you set "checkpoints" as well as view and edit the heap using a hexeditor: https://github.com/haxkor/forkever
132-
133129
## heaptrace
134130

135131
Helps you visualize heap operations by replacing addresses with symbols: https://github.com/Arinerron/heaptrace
136132

137133
# Other resources
138134

139-
Some good heap exploitation resources, roughly in order of their publication, are:
140-
141-
- glibc in-depth tutorial (https://heap-exploitation.dhavalkapil.com/) - book and exploit samples
142-
- ptmalloc fanzine, a set of resources and examples related to meta-data attacks on ptmalloc (http://tukan.farm/2016/07/26/ptmalloc-fanzine/)
143-
- A malloc diagram, from libheap (https://raw.githubusercontent.com/cloudburst/libheap/master/heap.png)
144-
- Glibc Adventures: The Forgotten Chunk (https://go.contextis.com/rs/140-OCV-459/images/Glibc_Adventures-The_Forgotten_Chunks.pdf) - advanced heap exploitation
145-
- Pseudomonarchia jemallocum (http://www.phrack.org/issues/68/10.html)
146-
- The House Of Lore: Reloaded (http://phrack.org/issues/67/8.html)
147-
- Malloc Des-Maleficarum (http://phrack.org/issues/66/10.html) - some malloc exploitation techniques
148-
- Yet another free() exploitation technique (http://phrack.org/issues/66/6.html)
149-
- Understanding the heap by breaking it (https://www.blackhat.com/presentations/bh-usa-07/Ferguson/Whitepaper/bh-usa-07-ferguson-WP.pdf) - explains heap implementation and a couple exploits
150-
- The use of set_head to defeat the wilderness (http://phrack.org/issues/64/9.html)
151-
- The Malloc Maleficarum (http://seclists.org/bugtraq/2005/Oct/118)
152-
- OS X heap exploitation techniques (http://phrack.org/issues/63/5.html)
153-
- Exploiting The Wilderness (http://seclists.org/vuln-dev/2004/Feb/25)
154-
- Advanced Doug lea's malloc exploits (http://phrack.org/issues/61/6.html)
155-
- GDB Enhanced Features (GEF) Heap Exploration Tools (https://hugsy.github.io/gef/commands/heap/)
156-
- pwndbg Heap Commands (https://browserpwndbg.readthedocs.io/en/docs/commands/heap/heap/)
157-
- Painless intro to the Linux userland heap (https://sensepost.com/blog/2017/painless-intro-to-the-linux-userland-heap/)
158-
- Heap exploitation techniques that work on glibc-2.31 (https://github.com/StarCross-Tech/heap_exploit_2.31)
159-
- Overview of GLIBC heap exploitation techniques (https://0x434b.dev/overview-of-glibc-heap-exploitation-techniques/)
135+
Some good heap exploitation resources, roughly in reverse order of their publication, are:
136+
137+
## Useful heap exploitation tutorials
138+
- Overview of GLIBC heap exploitation techniques (https://0x434b.dev/overview-of-glibc-heap-exploitation-techniques/) <!-- 2022 -->
139+
- glibc in-depth tutorial (https://heap-exploitation.dhavalkapil.com/) - book and exploit samples <!-- 2022 -->
140+
- Heap exploitation techniques that work on glibc-2.31 (https://github.com/StarCross-Tech/heap_exploit_2.31) <!-- 2020 -->
141+
- Painless intro to the Linux userland heap (https://sensepost.com/blog/2017/painless-intro-to-the-linux-userland-heap/) <!-- 2017 -->
142+
- ptmalloc fanzine, a set of resources and examples related to meta-data attacks on ptmalloc (http://tukan.farm/2016/07/26/ptmalloc-fanzine/) <!-- 2016 -->
143+
- Glibc Adventures: The Forgotten Chunk (https://github.com/bash-c/slides/blob/master/pwn_heap/Glibc%20Adventures:%20The%20forgotten%20chunks.pdf) - advanced heap exploitation <!-- 2015 -->
144+
145+
## Historical heap exploitation (The History)
146+
- Pseudomonarchia jemallocum (http://www.phrack.org/issues/68/10.html) <!-- 2012 -->
147+
- The House Of Lore: Reloaded (http://phrack.org/issues/67/8.html) <!-- 2010 -->
148+
- Malloc Des-Maleficarum (http://phrack.org/issues/66/10.html) - some malloc exploitation techniques <!-- 2009 -->
149+
- Yet another free() exploitation technique (http://phrack.org/issues/66/6.html) <!-- 2009 -->
150+
- The use of set_head to defeat the wilderness (http://phrack.org/issues/64/9.html) <!-- 2007 -->
151+
- Understanding the heap by breaking it (https://www.blackhat.com/presentations/bh-usa-07/Ferguson/Whitepaper/bh-usa-07-ferguson-WP.pdf) - explains heap implementation and a couple exploits <!-- 2007 -->
152+
- OS X heap exploitation techniques (http://phrack.org/issues/63/5.html) <!-- 2005 -->
153+
- The Malloc Maleficarum (http://seclists.org/bugtraq/2005/Oct/118) <!-- 2005 -->
154+
- Exploiting The Wilderness (http://seclists.org/vuln-dev/2004/Feb/25) <!-- 2004 -->
155+
- Advanced Doug lea's malloc exploits (http://phrack.org/issues/61/6.html) <!-- 2003 -->
160156

161157
# Hardening
162158
There are a couple of "hardening" measures embedded in glibc, like `export MALLOC_CHECK_=1` (enables some checks), `export MALLOC_PERTURB_=1` (data is overwritten), `export MALLOC_MMAP_THRESHOLD_=1` (always use mmap()), ...

0 commit comments

Comments
 (0)