how2heap is an educational resource and technical testbed for learning heap-based vulnerabilities and memory allocator internals. It provides a collection of source code examples and binaries that serve as a laboratory for studying memory corruption techniques specifically targeting the glibc malloc implementation.
The project focuses on the development of exploit primitives, such as tcache poisoning and double frees, to redirect program execution. It includes a suite of implementations for bypassing memory protections and manipulating heap metadata to achieve arbitrary memory writes.
The framework covers a wide range of memory corruption capabilities, including chunk manipulation, metadata corruption, and thread-local cache attacks. It also provides tools for reversing pointer obfuscation and analyzing heap hardening mechanisms.
The project includes a containerized environment for provisioning lab workspaces, allowing binaries to be compiled against specific system library versions to simulate different allocator behaviors.
