TLDR I was unable to find some good writeups/blogposts on Windows user mode heap exploitation which inspired me to write an introductory but practical post on Windows heap internals and exploitati| mrT4ntr4's Blog
This post is part of a series, check out the others in the series here:| k3170
In this post and the others in this series, I will unpack some of the internals to glibc's dynamic heap data structures and associated beasts. This post specifically will start you off with no background insight on the heap (perhaps a little on ELF internals and debugging), and detail some experiments you can perform to learn how the heap works.| k3170
There are usually a number of tests which you would like to run for each build to make sure what your code does make sense. Typically, such tests would be focusing on business function of your code.| Alexey Ragozin
House-of-loop| Blog
By judging the program’s interface, we know that it was a heap challenge.| Blog
Dealing with glibc 2.32’s new safety measure, safelinking| Daniele Pusceddu
Exploiting an ‘off by one’ in a small string optimization struct| Daniele Pusceddu
Exploiting a tcache double free in glibc 2.27| Daniele Pusceddu
Exploiting uninitialized struct members| Daniele Pusceddu
