Climb the heap! Exploiting heap allocation problems

Some vulnerabilities originate from errors in the management of memory allocated on a heap. Exploitation of such weak spots is more complicated compared to ‘regular’ stack overflow; so, many hackers security researchers have no idea how to approach them. Even the Cracking the Perimeter (OSCE) course doesn’t go beyond a trivial rewrite of SEH. In this article, I will explain the heap mechanics and show how to exploit its vulnerabilities.
Read full article →