Description: Return-Oriented-Programming (ROP) is the fundamental technique to bypass the widely-used DEP-based exploitation mitigation. Unfortunately, available tools that can help to find ROP gadgets mainly rely on syntactic searching. This method proves to be in inefficient, time-consuming and makes the process of developing ROP-based shellcode pretty frustrated for exploitation writers.
This research attempts to solve the problem by introducing a tool named OptiROP that lets exploitation writers search for ROP gadgets with semantic queries. OptiROP supports input binary of all executable formats (PE/ELF/Mach-O) on x86 & x86_64 architectures. Combining sophisticated techniques such as code normalization, code optimization, code slicing, SMT solver, parallel processing and some heuristic searching methods, OptiROP is able to discover desired gadgets very quickly, with much less efforts. Our tool also provides the detail semantic meaning of each gadget found, so users can easily decide how to chain their gadgets for the final shellcode.
In case where no suitable gadget is found, OptiROP tries to pick and chain available gadgets to create a sequence of gadgets satisfying the input requirements. This significantly eases the hard job of shellcode writers, so they can focus their time on other tedious parts of the exploitation process.
Our talk will entertain the audience with some live demo, so they can see how OptiROP generates gadgets in reality.
For More Information please visit : - http://www.blackhat.com/us-13/briefings.html
Tags: securitytube , hacking , hackers , information security , convention , computer security , blackhat-usa-2013 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.