Heres an analogy that helped me wrap my head around the concept of tcache.. So a construction worker rents a bunch of tools from a tool rental company. These tools come from the warehouse, which is down the street from the storefront. When the construction worker finishes with the tools, he brings them back to the store. Realizing that the tools are popular, the store worker puts the tools on a shelf in the store, instead of sending them back to the warehouse. That way they are easier to get for the next customer. The tools represent the blocks of memory, the tool rental company's warehouse represents the main memory, and the storefront represents the Tcache. When the tools (memory blocks) are returned (freed), instead of being sent back to the warehouse (main memory), they are kept at the storefront (Tcache) for faster access in future. So just like how it's more convenient and faster for the next construction worker (program or thread) to get the tools (memory blocks) from the storefront (Tcache) than from the warehouse (main memory), it's also more efficient for a program or thread to get memory blocks from the Tcache than from the main memory.

When you stop Matt to ask for Ghidra keybindings and explanations, that is super useful. Definitely doing the right thing there 🙂

More binary exploitation pls. Can you link Matt’s KZfaq pls 🙏🏻

15:20 Matt says: "it's very basic program" me: 🤯🤯

3 days ago, I tried to solve that exact challenge on Pico and I also never heared of tcache before. When didn't get any further on the binary and didn't know how to proceed, I thought "pretty sure John Hammond did that already, let's see if he has a video online about that". But I didn't find one and searched for other write-ups to help me solving and understanding tcache. And now you uploaded the vid that I would have needed a few days ago. :-D

I have been learning all the details of this challenge for the last 5 days, what a coincidence seeing this here!

Thanks a lot dude! You really helped me out there

Love your work John. Keep it up.

I can't stop coming back to this video, matt is so skilled and knowledgeable.

Wow I just worked through the binary exploitation deep dive matt, yesterday.. Looking forward to learning more....

I would love to see a demo of kit engine. Even for more experienced pwners browser stuff is quite daunting. Even going forward it would be nice if he could showcase more advanced techniques like kernel exploitation, browser, race conditions, etc. Great video!

Amazing content! Thanks very much!

More of this please ❤️

Hey the guy is talking about some deep stuff :) This is a whole different level of knowledge (which is worth learning which is worth the time to learn) :)

About patchelf, it overwrites a "cleaned" version by changing meta information stored in elf binary, so better keep original one just in case that broken??? path was the trick. And about Matt saying didn't run by applying patchelf, I bet env var messed up (I obviously didn't see the situation so don't quote me on this one 😆) again great video thank to both of you.

Can you please provide the link to the video you're referring to when you said at 17:55 about how you set up the pawninit command.

Aaand I'm lost very quickly. Lol. Need to backtrack my learning and start from the beginning

I'm really new to this field, may I know what pwninit does????

Go Tigers!!

👍

This is a 'Basic' challenge.

Can we crowdfund a new microphone for Matt?

can anyone help me with the part at 10:12? I did not understand why he changed it to char[3]

You are not bug hunter and you have hackerone t-shirt 😂

Linux what

Zoom

I searched M. Alpha and got a friggin Sigma grindset "life coach". Does Matt have any social media?