Defcon CTF Quals 2014 write-up

Hint: flag is not a frag: once you've got it, you can get one more...

Exploitation 1 ("baby-first heap").

Summary: heap overflow, arbitrary memory write access in free() function of dlmalloc algorithm (dereferencing struct fields of chunks in double-linked list), rewriting printf@plt to avoid crashing on the next free() iteration.