# heap

:::toc

## basics

### the heap itself

### arenas

### chunks

- Free / Allocated / Top

### bins

- Fast / Unsorted / Small / Large

### freelists

### tcache



## techniques

### house of spirit

### house of lore

### house of force

### house of einherjar

### house of orange

### house of roman

### house of spirit

### house of botcake

### house of mind

### house of prime



## resources

### Phrack

- [Vudo malloc tricks](http://phrack.org/issues/57/8.html#article)
- [Once upon a free()](http://phrack.org/issues/57/9.html#article)
- [Malloc Des-Maleficarum](http://phrack.org/issues/66/10.html#article)
- [Linux Kernel Heap Tampering Detection](http://phrack.org/issues/66/15.html#article)
- [OSX heap exploitation techniques](http://phrack.org/issues/63/5.html#article)

### Azeria Labs

- Arm Heap Exploitation
  - [PART 1: UNDERSTANDING THE GLIBC HEAP IMPLEMENTATION](https://azeria-labs.com/heap-exploitation-part-1-understanding-the-glibc-heap-implementation/)
  - [PART 2: UNDERSTANDING THE GLIBC HEAP IMPLEMENTATION](https://azeria-labs.com/heap-exploitation-part-2-glibc-heap-free-bins/)
- [HEAP EXPLOIT DEVELOPMENT – CASE STUDY FROM AN IN-THE-WILD IOS 0-DAY](https://azeria-labs.com/heap-exploit-development-part-1/)
- [HEAP OVERFLOWS AND THE IOS KERNEL HEAP](https://azeria-labs.com/heap-overflows-and-the-ios-kernel-heap/)
- [GROOMING THE IOS KERNEL HEAP](https://azeria-labs.com/grooming-the-ios-kernel-heap/)

### shellphish

- [how2heap](https://github.com/shellphish/how2heap)
  - lot's of small examples