Skip Main Navigation
Page Content

Save This Event

Event Saved

Linux Heap Exploitation

InfoSect Canberra

Linux Heap Exploitation
Available Dates

Ticket Information

Ticket Type Sales End Price * Fee Quantity
5-days Linux Heap Exploitation   more info 1 hour before event starts $6,000.00 $0.00
* Prices include GST

Share Linux Heap Exploitation

Event Details

This 5 day course will give an in depth examination of a variety of current heap allocators in the context of exploit development, including glibc’s ptmalloc2, Chrome’s PartitionAlloc, JEMalloc, TCMalloc, embedded allocators such as avr-libc, newlib, or dietlibc, and those used in Linux Docker images such musl and uClibc. The lectures and labs will look at numerous ways to misuse each of these allocators in the latest versions of each.

To achieve these attacks we will have detailed examinations of the main heap structures including the thread caches, freelists, bins, malloc chunks, and arenas.

These attacks will be used to gain such primitives as:

  • Having malloc return an arbitrary pointer
  • Having allocated chunks overlap each other
  • Returning the same allocated memory
  • Having calloc return uninitialised memory
  • Leaking the libc base and other sensitive information

Attacks will be constructed for a variety of heap allocators, including:

  • Freelist poisoning
  • Overlapping chunks
  • Freeing attacker controlled pointers
  • Contemporary unlink attacks
  • Double frees

Course Objectives

To learn and demonstrate attacks on current heap allocators to gain exploitation primitives.

 

Training Outcomes

  • Demonstrate understanding of the heap data structures
  • Demonstrate debugging heap data structures
  • Demonstrate attacks against multiple heap allocators

Who Should Attend?

  • Developers
  • IT Professionals
  • Embedded Developers
  • OS Developers
  • Penetration Testers
  • Software Security Auditers/Analysts
  • Vulnerability Researchers
  • Software Exploitation Developers
  • Anyone else interested

About the Trainer

Dr Silvio Cesare is the Managing Director at InfoSect. He has worked in technical roles and been involved in computer security for over 20 years. This period includes time in Silicon Valley in the USA, France, and Australia. He has worked commercially in both defensive and offensive roles within engineering. He has reported hundreds of software bugs and vulnerabilities in Operating Systems kernels. He was previously the Director for Education and Training at UNSW Canberra Cyber, ensuring quality content and delivery. In his early career, he was the scanner architect and a C developer at Qualys. He is also the co-founder of BSides Canberra – Australia’s largest cyber security conference. He has a Ph.D. from Deakin University and has published within industry and academia, is a 4-time Black Hat speaker, gone through academic research commercialisation, and authored a book (Software Similarity and Classification, published by Springer).

 

What to Bring

All materials are provided by InfoSect

 

What will be Provided?

  • Laptops for class use
  • Coil bound lecture materials
  • Catering provided.
  • Access to VMs with laboratories
  • InfoSect Swag

 

Participant Skillset

Students taking Linux Heap Exploitation should have an intermediate C Development background. They should have hands on experience in:

  • C Coding Experience
  • Python Coding Experience
  • Linux
  • InfoSect’s Code Review course is a suitable prerequisite.

 

Class Syllabus **

Day 1

Heap Misuse
Control Flow Hijacking
Heap Data Structures
Debugging
TCache Poisoning
TCache Double Free
Fast Bin Double Free

Day 2

Overlapping Chunks
Calloc I
Calloc II
House of Force
Double Free Mitigation Bypass

Day 3 

TCache House of Spirit
Fast Bin Poisoning I
Fast Bin Poisoning II
Unsorted Bin Libc Base Leak

Day 4

             TCMalloc

Freelist Poisoning
Double Frees
Overlapping Chunks

             JEMalloc

                           Overlapping Chunks 

             PartitionAlloc

Freelist Poisoning
Double Frees
Overlapping Chunks

Day 5

             uClibc

                          Unlink

             newlib

Freelist Poisoning
House of Spirit

             dietlibc

Freelist Poisoning
House of Spirit

             musl

                           Freelist Poisoning

             avr-libc

Freelist Poisoning
House of Spirit
Overlapping Chunks

** subject to changes

Have questions about Linux Heap Exploitation? Contact InfoSect Canberra

Save This Event

Event Saved

When & Where


InfoSect
U2 / 9 Beaconsfield Street
Fyshwick, ACT 2609
Australia

Organiser

InfoSect Canberra

InfoSect is a training provider in Canberra, Australia. We offer specialist courses in Computer Security. Additionally, we offer space or the entire venue for hire including office and warehouse facilities.

  Contact the Organiser

Please log in or sign up

In order to purchase these tickets in installments, you'll need an Eventbrite account. Log in or sign up for a free account to continue.