Explore the intricacies of Return-Oriented Programming (ROP) attacks and their automated generation in this 35-minute conference talk from the Hack In The Box Security Conference. Delve into the concept of Turing completeness and its application to ROP chains. Learn about EasyROP, a tool designed to automate the development of ROP attacks by identifying semantically equivalent gadgets for fundamental operations. Examine the analysis of Windows dynamic-link libraries in both 32-bit and 64-bit systems, with a focus on shell32.dll as a prime candidate for 32-bit attacks. Discover the challenges in building Turing-complete ROP chains for 64-bit systems. Gain practical insights through a real-world case study of CVE-2010-3333, demonstrating how to construct a ROP chain to bypass Data Execution Prevention (DEP) on Windows 7.
Overview
Syllabus
#HITB2018AMS CommSec D2 - Automatic Generation of ROP Chains - Ricardo. J. RodrÃguez & Daniel Uroz
Taught by
Hack In The Box Security Conference
Related Courses
-
Advanced ROP Framework - Pushing Return-Oriented Programming to Its Limits
-
Bypassing DEP With Jump-Oriented Programming
-
The Beast is in Your Memory
-
Software Security Era - Past, Present, and Future
-
Pre-built JOP Chains with the JOP ROCKET - Bypassing DEP without ROP
-
Exploiting a Limited UAF on Ubuntu 22.04 to Achieve LPE
