Memory management is a task known to demand high discipline and carefulness from software developers. Neglecting these requirements causes not only unstable but also vulnerable code. Exploitation of a memory corruption vulnerability can crash the application or in the worst case enable the attacker to execute arbitrary code. Depending on the context of the vulnerable application, this possibly implies further exploitation steps such as privilege escalation, installation of a backdoor or leakage of confidential data.

Most modern programming languages thus decide to take over the task of memory management and have development environments containing garbage collectors. Still, there are several reasons why manual memory management is used directly or indirectly. High-level languages like Java or C# provide a binary interface to interact with low-level code. This feature is often utilized to implement performance-critical sections in an efficient programming language or make use of existing libraries written in other languages. Interpreters or virtual machines of these languages themselves are usually written in a low-level language to yield adequate performance. Another reason for manual memory management is the increasing distribution of embedded systems and Internet of Things devices. They foster efficient implementations to lower power consumption and hardware requirements.

Making use of manual memory management always carries the potential for memory corruptions. In order to create secure software applications, developers need to know about possible attack vectors and mitigation strategies. At the same time, fully understanding memory corruption vulnerabilities requires in-depth knowledge about memory management and process execution. While many tutorials are available online, most of them are incomplete, outdated or not intended for beginners. This tutorial aims at providing its readers a theoretical understanding of memory corruption fundamentals, exploitation techniques and protection mechanisms. Paired with a collection of practical examples, it represents a solid information source about this topic.

To fully understand this tutorial, a basic knowledge of the C programming language and assembly is required. Additionally, the reader is expected to be confident in using a Linux operating system and its command line.