https://frederik353.github.io/writeups/tags/smallbin-attack/ Recent content in Smallbin-Attack on Frederik353 Hugo -- gohugo.io en © 2026 Frederik Tokle Negård Sat, 25 Apr 2026 00:00:00 +0000 https://frederik353.github.io/writeups/ctfs/umd-26/velvet-table/ Sat, 25 Apr 2026 00:00:00 +0000 https://frederik353.github.io/writeups/ctfs/umd-26/velvet-table/ Glibc 2.32+ heap note manager wrapped in heavy XOR obfuscation. An inverted size check in the cashout handler turns the dev’s careful tcache bookkeeping into a free UAF, with a slightly longer smallbin attack waiting behind it as the intended path.