ROPInjector - Using Return Oriented Programming for Polymorphism and Antivirus Evasion
Offered By: Black Hat via YouTube
Course Description
Overview
Explore advanced techniques for polymorphism and antivirus evasion using Return Oriented Programming (ROP) in this Black Hat conference talk. Dive into the innovative ROPInjector tool, which transforms shellcode into its ROP equivalent and injects it into non-packed 32-bit Portable Executable (PE) files. Learn about the limitations of current polymorphism methods and how ROP overcomes them by avoiding the need for writeable code sections. Discover the algorithms developed for x86 instruction set analysis and manipulation, and see a demonstration of the ROPInjector tool in action. Examine the evaluation results showing near-complete evasion of antivirus software on VirusTotal. Gain insights into topics such as Borel code, static analysis challenges, CellCode analysis and transformation, and the intermediate representation layer used in the process.
Syllabus
Introduction
ROPInjector
Objectives
Detection
Why use ROP
Borel code
Overview
Encryption
Static Analysis
Challenges
Steps
CellCode Analysis
CellCode Transformation
Intermediate Representation Layer
OnetoOne Mapping
Missing Gadget Example
Final Steps
Code Run
Evaluation
Results
Outcome
Questions
Conclusion
Taught by
Black Hat
Related Courses
Enter SandboxBlack Hat via YouTube Evaluation of the Executional Power in Windows Using Return Oriented Programming
IEEE via YouTube Spectre Attacks Exploiting Speculative Execution
IEEE via YouTube Return to the Zombie Gadgets - Undermining Destructive Code Reads via Code-Inference Attacks
IEEE via YouTube ROP is Still Dangerous - Breaking Modern Defenses
USENIX via YouTube