Explore advanced return-oriented programming (ROP) techniques for process injection in this DEF CON 32 conference talk. Discover practical solutions for managing complex WinAPI chains, including handling parameters and return values. Learn about a groundbreaking universal solution for string comparison via ROP that enables reliable process targeting and injection. Examine multiple patterns for implementing WinAPIs through ROP, including both PUSHAD instruction-centered approaches and "sniper" techniques when PUSHAD patterns are unavailable. Gain insights into a reusable methodology for process injection via ROP, complete with templates for WinAPI implementation that can be applied across various scenarios. Master the intricacies of overcoming technical challenges in ROP-based process injection through detailed demonstrations and practical examples.
Overview
Syllabus
DEF CON 32 - Process Injection Attacks w ROP - Bramwell Brizendine, Shiva Shashank Kusuma
Taught by
DEFCONConference