Modern Android uses Scudo as its hardened userspace heap allocator to increase the difficulty of memory corruption exploitation. But what does that mean in practice for exploit developers?

This talk provides a beginner-friendly introduction to the Android userspace heap and explains how Scudo works, what security properties it enforces, and how its hardening mechanisms change traditional heap exploitation techniques. We will walk through the fundamentals of heap exploitation, explore key Scudo internals, and build an understanding of how real-world vulnerabilities can still be developed into working exploits despite modern defenses.

Designed for newcomers to mobile exploitation, this session focuses on clear explanations, visual intuition, and practical reasoning rather than deep allocator theory, making the modern heap hardening approachable and understandable.