YoVDO

ROPInjector - Using Return Oriented Programming for Polymorphism and Antivirus Evasion

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Software Development Courses Cybersecurity Courses Polymorphism Courses Return-oriented Programming Courses

Course Description

Overview

Explore advanced techniques for polymorphism and antivirus evasion using Return Oriented Programming (ROP) in this Black Hat conference talk. Dive into the innovative ROPInjector tool, which transforms shellcode into its ROP equivalent and injects it into non-packed 32-bit Portable Executable (PE) files. Learn about the limitations of current polymorphism methods and how ROP overcomes them by avoiding the need for writeable code sections. Discover the algorithms developed for x86 instruction set analysis and manipulation, and see a demonstration of the ROPInjector tool in action. Examine the evaluation results showing near-complete evasion of antivirus software on VirusTotal. Gain insights into topics such as Borel code, static analysis challenges, CellCode analysis and transformation, and the intermediate representation layer used in the process.

Syllabus

Introduction
ROPInjector
Objectives
Detection
Why use ROP
Borel code
Overview
Encryption
Static Analysis
Challenges
Steps
CellCode Analysis
CellCode Transformation
Intermediate Representation Layer
OnetoOne Mapping
Missing Gadget Example
Final Steps
Code Run
Evaluation
Results
Outcome
Questions
Conclusion


Taught by

Black Hat

Related Courses

Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security Chip
Black Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube