In 2022, cfreal gave a talk at BlackAlps 2022 on Generic Remote Exploit Techniques For The PHP Allocator, And 0days. I was there as well, told him that it was ridiculous that PHP's heap was such a soft target, and that I might do something about it eventually, if only to make PHP exploitation less dull. Two years later, I opened a meta-issue on PHP's bug tracker, and (slowly) started to get to work. I was immediately joined by Arnaud Le Blanc on this endeavour, who actually did most of the work ...