Jumping the Fence: Comparison and Improvements for Existing Jump Oriented Programming Tools

Presented at DerbyCon 7.0 Legacy (2017), Sept. 24, 2017, 1 p.m. (50 minutes)

Stuck on a difficult exploit payload where you simply cannot use the stack to hold your exploit payload? Jump Oriented Programming (“JOP”) may hold the key to your success, but the way forward may not be so simple. The main focus of this talk will describing existing ROP compiler support for Jump Oriented Programming techniques, and will feature proposals for improved support across several tools and architectures. John Dunlap is a security Engineer at Gotham Digital Science specializing in static analysis and code review. Gotham Digital science is a boutique penetration testing firm specializing in testing of unusual or otherwise bespoke software systems. John’s main research interests include concolic execution, reverse engineering and advanced exploitation techniques. @johndunlap2

Presenters:

• John Dunlap

Links:

• https://www.derbycon.com/sunday-schedule/#event-220
• https://infocon.org/cons/DerbyCon/DerbyCon 7 2017/Jumping the Fence Comparison and Improvements for Existing Jump Oriented Programming Tools John.mp4

Similar Presentations:

• DEF CON 31 (2023) / Advanced ROP Framework: Pushing ROP to Its Limits