A behind the scenes look at how dynamic memory management works on Linux and what happens when you call malloc or free in a program.
An examination of common programmer mistakes in memory management which could lead to security vulnerabilities and methods on exploiting them. This includes a look at vulnerabilities like Use-After-Free and Heap Overflow and how to achieve arbitrary code execution.
Pre-requisites
Usage of malloc and free
Basic understanding of C programming
A laptop running Ubuntu 16.04 or below with gdb installed. (Ubuntu 17 won't work because the memory allocation algorithm has changed in the latest release)
Abstract
An examination of the glibc heap memory manager.
About
A behind the scenes look at how dynamic memory management works on Linux and what happens when you call
malloc
orfree
in a program.An examination of common programmer mistakes in memory management which could lead to security vulnerabilities and methods on exploiting them. This includes a look at vulnerabilities like Use-After-Free and Heap Overflow and how to achieve arbitrary code execution.
Pre-requisites
Usage of
malloc
andfree
Basic understanding of C programming
A laptop running Ubuntu 16.04 or below with
gdb
installed. (Ubuntu 17 won't work because the memory allocation algorithm has changed in the latest release)Expected duration
1 hour
Level
Intermediate
Resources
Speaker Bio
Independent infosec researcher and freelancer. CTF player with ByteBandits team.
- Can be done after the talk/workshop -
Include link to slides here
Include link to video here