HSC - Presentations - Return Oriented Programming

Network Security Consulting Agency Since 1989 - Specialized in Unix, Windows, TCP/IP and Internet

You are here: Home > Resources > Lectures > Return Oriented Programming

Go to: HSC Trainings

Services

			Skills & Expertise
			Consulting
			ISO 27001 services
			Vulnerabilities monitoring
			Audit & Assessment
			Penetration tests
			Vunerability assessment (TSAR)
			Forensics
			ARJEL
			Training courses
			E-learning

Conferences

			Agenda
			Past events
			Tutorials

Resources

			Thematic index
			Tips
			Lectures
			Courses
			Articles
			Tools (download)
			Vulnerability watch

Company

			Hervé Schauer
			Job opportunities
			Credentials
			History
			Partnerships
			Associations

Press and
communication

			HSC Newsletter
			Press review
			Press releases
			Publications

Contacts

			How to reach us
			Specific inquiries
			Directions to our office
			Hotels near our office


		Return Oriented Programming

Access to the content

Beginning of the presentation

PDF version [3 MB]

Description

ROP is a buffer overflow exploitation technique working when protections such as NX (DEP) or in some cases ASLR are enabled. This is for example the case in iPhone, recent Windows or some Linux distributions. This method does not send any executable data, but use part of the executable memory of the targeted program in order to build code useful to the attacker. This presentation introduces the fundamentals of this technique and tools used to build ROP payloads.

Context & Dates

Talk presented during the 2010 GS-Days, on 30 November 2010.

Author

Jean-Baptiste Aviat (Jean-Baptiste.Aviat@hsc.fr)

Type

[

]

Abstract &
Table of content

Flyleaf
Stack Overflow simple
Return into libc
ASLR
ROP
Recherche de gadgets

Related documents

	Stack Overflow
	Introduction to exploiting buffer overflows [3 September 2001 - ] Hacking web servers [14 March 2001 - ] Introduction to buffer overflows [6 October 2000 - ]

Copyright