ptmalloc fanzine

26 Jul 2016

This post is intended to be the parent-page of the ptmalloc fanzine episodes, as well as a collection of resources related to glibc heap meta-data corruptions.

The zine

The zine deals with some peculiarities of ptmalloc meta-data attacks, mostly from an offensive perspective. Familiarity with the glibc malloc implementation and the different techniques for leveraging corruptions is assumed, see below for introductory resources.

episode 01: munmap madness
episode 02: fastbin fever
episode 03: scraps of notes on ptmalloc metadata corruptions
episode 04: once upon a realloc()
episode 05: thread local caching in glibc malloc

External resources

glibc wiki malloc internals: high-level overview of ptmalloc
sploitfun: describes ptmalloc and the different attacks
how2heap: nice practical examples of the currently relevant techniques, as well as a collection of other resources
GB_MASTER’S /DEV/NULL: explores each technique in the Malloc Maleficarum

Online tukan sanctuary

ptmalloc fanzine

The zine

External resources

Related Posts

34C3 CTF nope writeup - diluted shellcodes 06 Jan 2018

thread local caching in glibc malloc 08 Jul 2017

once upon a realloc() 03 Nov 2016