ptmalloc fanzine
26 Jul 2016This post is intended to be the parent-page of the ptmalloc fanzine episodes, as well as a collection of resources related to glibc heap meta-data corruptions.
The zine
The zine deals with some peculiarities of ptmalloc meta-data attacks, mostly from an offensive perspective. Familiarity with the glibc malloc implementation and the different techniques for leveraging corruptions is assumed, see below for introductory resources.
- episode 01: munmap madness
- episode 02: fastbin fever
- episode 03: scraps of notes on ptmalloc metadata corruptions
- episode 04: once upon a realloc()
- episode 05: thread local caching in glibc malloc
External resources
- glibc wiki malloc internals: high-level overview of ptmalloc
- sploitfun: describes ptmalloc and the different attacks
- how2heap: nice practical examples of the currently relevant techniques, as well as a collection of other resources
- GB_MASTER’S /DEV/NULL: explores each technique in the Malloc Maleficarum