YoVDO

ROPInjector - Using Return Oriented Programming for Polymorphism and Antivirus Evasion

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Software Development Courses Cybersecurity Courses Polymorphism Courses Return-oriented Programming Courses

Course Description

Overview

Explore advanced techniques for polymorphism and antivirus evasion using Return Oriented Programming (ROP) in this Black Hat conference talk. Dive into the innovative ROPInjector tool, which transforms shellcode into its ROP equivalent and injects it into non-packed 32-bit Portable Executable (PE) files. Learn about the limitations of current polymorphism methods and how ROP overcomes them by avoiding the need for writeable code sections. Discover the algorithms developed for x86 instruction set analysis and manipulation, and see a demonstration of the ROPInjector tool in action. Examine the evaluation results showing near-complete evasion of antivirus software on VirusTotal. Gain insights into topics such as Borel code, static analysis challenges, CellCode analysis and transformation, and the intermediate representation layer used in the process.

Syllabus

Introduction
ROPInjector
Objectives
Detection
Why use ROP
Borel code
Overview
Encryption
Static Analysis
Challenges
Steps
CellCode Analysis
CellCode Transformation
Intermediate Representation Layer
OnetoOne Mapping
Missing Gadget Example
Final Steps
Code Run
Evaluation
Results
Outcome
Questions
Conclusion


Taught by

Black Hat

Related Courses

Enter Sandbox
Black Hat via YouTube
Evaluation of the Executional Power in Windows Using Return Oriented Programming
IEEE via YouTube
Spectre Attacks Exploiting Speculative Execution
IEEE via YouTube
Return to the Zombie Gadgets - Undermining Destructive Code Reads via Code-Inference Attacks
IEEE via YouTube
ROP is Still Dangerous - Breaking Modern Defenses
USENIX via YouTube