YoVDO

ROPInjector - Using Return Oriented Programming for Polymorphism and Antivirus Evasion

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Software Development Courses Cybersecurity Courses Polymorphism Courses Return-oriented Programming Courses

Course Description

Overview

Explore advanced techniques for polymorphism and antivirus evasion using Return Oriented Programming (ROP) in this Black Hat conference talk. Dive into the innovative ROPInjector tool, which transforms shellcode into its ROP equivalent and injects it into non-packed 32-bit Portable Executable (PE) files. Learn about the limitations of current polymorphism methods and how ROP overcomes them by avoiding the need for writeable code sections. Discover the algorithms developed for x86 instruction set analysis and manipulation, and see a demonstration of the ROPInjector tool in action. Examine the evaluation results showing near-complete evasion of antivirus software on VirusTotal. Gain insights into topics such as Borel code, static analysis challenges, CellCode analysis and transformation, and the intermediate representation layer used in the process.

Syllabus

Introduction
ROPInjector
Objectives
Detection
Why use ROP
Borel code
Overview
Encryption
Static Analysis
Challenges
Steps
CellCode Analysis
CellCode Transformation
Intermediate Representation Layer
OnetoOne Mapping
Missing Gadget Example
Final Steps
Code Run
Evaluation
Results
Outcome
Questions
Conclusion


Taught by

Black Hat

Related Courses

1C:Enterprise Junior Developer Course
Moscow Institute of Physics and Technology via Coursera A Beginner’s Guide to Docker
Packt via FutureLearn A Beginner’s Guide to Scrum Project Management
Packt via FutureLearn Google Professional Cloud DevOps Engineer Certification Path Introduction (GCP DevOps Engineer Track Part 1)
A Cloud Guru Introduction to Amazon CodeGuru
A Cloud Guru