Arena & Metadata Hijacking
These advanced techniques target the global malloc_state structures, allowing an attacker to completely hijack the allocator’s behavior for a thread or the entire process.
| Technique | Description |
| House of Mind | Abusing non-main arenas for arbitrary writes. |
| House of Gods | Hijacking the thread_arena via binmap corruption. |