Heap Exploitation

Overview

Heap exploitation targets dynamically allocated memory managed by the allocator (glibc malloc on Linux). Unlike stack attacks that corrupt return addresses, heap attacks corrupt allocator metadata or application data on the heap to achieve arbitrary write primitives, code execution, or information leaks.

Topics in This Section

• Heap Overflow & Use-After-Free — glibc heap internals, tcache poisoning, double-free, UAF

General Approach

1. Understand the target allocator (glibc ptmalloc2, jemalloc, Windows heap)
2. Identify the heap vulnerability class (overflow, UAF, double-free)
3. Shape the heap — allocate and free chunks to place them predictably
4. Corrupt allocator metadata or application pointers
5. Convert the corruption into an arbitrary write or code execution primitive