Hello everyone! You may be thinking: What gives with the heap exploitation b33f? This short introduction should hopefully answer all your questions and it is an excuse to tell people to go RTFM. As you may know by now, I'm quite addicted to exploit development. There is a definite sense of enjoyment (and relief) when you manage to manipulate process execution flow to the point where it starts running your own code.
When I started out learning about the black magic that is exploit development there were a few people/groups that were an invaluable resource. Not only because they were ninjas but because they were kind enough to share their experience with the rest of us poor fools. Without people like corelanc0d3r, mr_me and many others we would all still be mucking around none the wisher!
That is why, when I saw the following tweet by mr_me, I knew I had to do something to preserve his arcane tutorials on Windows heap exploitation.
I'm letting my old http://t.co/gvVS4gCKCG domain expire so if you are interested in heap overflows I would suggest you pull the content now.
— mr_me (@ae0n_) June 25, 2015
I dropped mr_me an email and he said it was cool with him if I replicated his posts on FuzzySec. All the "Heap Overflows For Humans" tutorials have been preserved in their original state. The only modifications I made were to be able to integrate them with the FuzzySec theme. Side-effects may include, but are not limited to: A slight melting of the face, involuntary twitching and turning into a character from a David Lynch production. Enjoy, at your peril!