Great write up! As a programmer interested in auditing for vulnerabilities like this and others, what does the community suggest as a direction to start honing my skills with proper learning material?
What do you want to get good at? 'Memory corruption' is the term of art for these vulns. There are a lot of areas you can learn "enough" of.
Start with the Micro Corruption CTF. See which part you enjoy the most (finding, analyzing, exploiting). Each use similar but different skills.
You need to get good at assembly/machine code. You have to learn the patterns of what compiled code translates back to (structs, exception handlers, logic, etc). Machine code is the one constant. Notice how the author had mapped C structs in his hex editor? That is the sort of thing that gets you back to a conceptual hacking level instead of being down in the weeds. Get good at doing those things.
Besides what's been suggested already, there are many small open source programs that have never had an audit. You could follow the example of defuse.ca and just start doing it.
Start with the Micro Corruption CTF. See which part you enjoy the most (finding, analyzing, exploiting). Each use similar but different skills.
You need to get good at assembly/machine code. You have to learn the patterns of what compiled code translates back to (structs, exception handlers, logic, etc). Machine code is the one constant. Notice how the author had mapped C structs in his hex editor? That is the sort of thing that gets you back to a conceptual hacking level instead of being down in the weeds. Get good at doing those things.