Hacking Video Tutorial: Exploiting the Heap

April 8, 2016 | Views: 5046

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

When it comes to buffer overflow, most people talk about an overrun in the stack segment. But what about the heap? You rarely find documentation how a heap overflow is triggered and how you can exploit it.

Buffer Overflow is the consequence of a vulnerability in computer software. It’s used by attackers to overwrite memory bounds, to crash the code and even to inject malicious code – the so called “payload.”

In this video tutorial, I’ll explain the data structure of the heap and the stack segment. I’ll also exploit my own demo code and explain what happens in the memory…

Every program’s memory allocation is compiled of meta data and the memory returned, also known as a “chunk.” All the meta data and memory returned are saved on the heap, a dynamic data structure (right after the previous memory allocation; assuming none have been released).

If you also want to know more about buffer overflow in the stack segment, make sure you watch my video tutorial about buffer overflow in the stack segment, where, I reverse engineer my demo code with Immunity Debugger to explain how the memory is processed in the stack.

code-707069_1920

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
2 Comments
  1. Just it will be a favor if you guide me about how i can have a good start to learn computer security .

  2. If you want to know how to begin, there are several points to start, depending on your knowledge level.

    If you want to know how buffer overflow works in general, I’d recommend my buffer overflow video tutorial (treating the stack segment):
    https://miriamxyra.com/2016/04/07/hacking-video-tutorial-exploiting-the-heap/

    If you ask more specific questions, I can help you better 🙂

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel