Practical Return-Oriented Programming

At a number of conferences this spring, I am presenting “Practical Return-Oriented Programming.” The talk is about taking the academic and applying it in the real world to developing exploits for Windows that bypass Permanent DEP using my BISC (Borrowed Instructions Synthetic Computer) library. In the talk, I demonstrate exploitation of the Internet Explorer “Operation Aurora” vulnerability on Windows 7. These techniques are not at all new, only my implementation is, and it owes much to previous research by Sebastian Krahmer’s “Borrowed Code Chunks” technique , Hovav Shacham’s Return-Oriented Programming, and Pablo Sole’s DEPLIB.

RSA Brief Session Webcast, Video, Podcast, and Slides (Login with Delegate access required)
SOURCE Boston 2010 Slides (more complete and technical than the RSA talk)
ITWeb Security Summit 2010 (Upcoming)

Like this:

Be the first to like this post.

This entry was posted on April 26, 2010 at 1:38 pm and is filed under Conferences, Exploits, Vulnerabilities . You can follow any responses to this entry through the RSS 2.0 feed You can leave a response, or trackback from your own site.

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Not published)

Name (required)

Website

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

…And You Will Know me by the Trail of Bits