In 34C3 2017 - SimpleGC challenge, we leak libc base address using a Use After Free (UAF) vulnerability. Using the same Use After Free (UAF) vulnerability, we overwrite free@GOT with system address, and eventually spawn a shell. This is a good example of Heap Exploitation challenge to understand how to exploit x86_64 binaries with Canary, NX, and ASLR enabled in presence of tcache feature which is enabled in glibc-2.26.

Original writeup (https://github.com/sajjadium/PersianCatsCTF/tree/master/C3CTF/2017/simplegc).