GLibC Malloc for Exploiters: Leak It, Write It, Become a Wizard - Yannay Livneh

Insomni'hack 2018
Title: GLibC Malloc for Exploiters: Leak It, Write It, Become a Wizard
Speaker: Yannay Livneh

The GNU C library – GLibC – is the most used library in any GNU/Linux distribution. It is loaded to almost every process and implements the standard C library API. As an attacker, the GLibC is an invaluable target for abuse and gaining exploitation primitives. In this talk we will focus on the Malloc subsystem – the memory allocator implementation in GLibC – from attackers perspective. We will start with the internals and implementation and continue to attacks. We will see how memory corruptions can lead to information disclosure, effectively bypassing ASLR, and how to write arbitrary memory. Eventually, we will learn how to combine these write primitives with various hooks in the GLibC itself to gain code execution.

This talk is a comprehensive guide to practical heap exploitation from source code to debugger and set-up. We will share hands-on knowledge that was gained in hours and hours of exploit development and CTFing. We will walk through new and surprisingly old, almost forgotten, attacks and see how they can be used in practice. We will also explore some of the near future possibilities and complications, the implications of the changes that were introduced in 2.26 (Aug 2017) and 2.27 (Feb 2018) versions.