Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Wednesday, July 28 • 10:00am - 11:00am
Payload Already Inside: Data Re-Use for ROP Exploits

Sign up or log in to save this to your schedule and see who's attending!

Return-oriented programming (ROP) is one of the buzzing advanced exploitation techniques these days to bypass NX. There are several practical works using ROP techniques for exploitations on Windows, iPhoneOS to bypass DEP and code signing but no any practical ROP work for modern Linux distributions so far. Main issues for ROP exploitations on Linux x86 include ASCII-Armor address protection which maps libc address starting with NULL byte and Address Space Layout Randomization (ASLR).

 

In this presentation we will show how we can extend an old return-into-libc technique to a stage-0 loader that can bypass ASCII-Armor protection and make ROP on Linux x86 become a reality. In addition, by reusing not only codes but also data from the binary itself, we can build any chained ret2libc calls or ROP calls to bypass ASLR protection. A new ROP tool to build and search for ROP instructions will be released in the presentation.


Wednesday July 28, 2010 10:00am - 11:00am
Day 1 - Programmatic

Attendees (17)