Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Automatic Generation of ROP Chains

Hack In The Box Security Conference via YouTube

Overview

Explore the intricacies of Return-Oriented Programming (ROP) attacks and their automated generation in this 35-minute conference talk from the Hack In The Box Security Conference. Delve into the concept of Turing completeness and its application to ROP chains. Learn about EasyROP, a tool designed to automate the development of ROP attacks by identifying semantically equivalent gadgets for fundamental operations. Examine the analysis of Windows dynamic-link libraries in both 32-bit and 64-bit systems, with a focus on shell32.dll as a prime candidate for 32-bit attacks. Discover the challenges in building Turing-complete ROP chains for 64-bit systems. Gain practical insights through a real-world case study of CVE-2010-3333, demonstrating how to construct a ROP chain to bypass Data Execution Prevention (DEP) on Windows 7.

Syllabus

#HITB2018AMS CommSec D2 - Automatic Generation of ROP Chains - Ricardo. J. Rodríguez & Daniel Uroz

Taught by

Hack In The Box Security Conference

Reviews

Start your review of Automatic Generation of ROP Chains

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.