SKILL: Heap Exploitation — Expert Attack Playbook

AI LOAD INSTRUCTION: Expert glibc heap exploitation techniques. Covers ptmalloc2 internals, bin structures, tcache mechanics, libc/heap leak methods, and attack selection by glibc version. Distilled from ctf-wiki heap sections, how2heap, and real-world exploitation. Base models often confuse glibc version constraints and miss safe-linking (PROTECT_PTR) introduced in 2.32.

0. RELATED ROUTING

• stack-overflow-and-rop — when the overflow is on the stack rather than the heap
• format-string-exploitation — leak heap/libc addresses via format string
• arbitrary-write-to-rce — convert heap arbitrary write into code execution
• binary-protection-bypass — bypass ASLR/RELRO to use heap write effectively

Advanced References

• HOUSE_OF_TECHNIQUES.md — House of Force/Spirit/Orange/Einherjar/Roman/Pig/Banana/Cat/Apple and tcache attacks
• IO_FILE_EXPLOITATION.md — _IO_FILE vtable hijack, FSOP, stdout/stdin abuse, exit flow exploitation

1. PTMALLOC2 STRUCTURE QUICK REFERENCE