\m/ ROP and ROLL \m/

Presented at Kiwicon 6: The Con of the Beast (2012), Nov. 17, 2012, 2:30 p.m. (30 minutes)

What's the point in sending your latest 0day exploit module down the wires when the shellcode decoder stub can be generically discovered. Generic ROP chains extenuate this issue as they end up becoming lengths of static DWORDS that can be easily detected through network monitors or AV signatures. ROP and ROLL is a proof of concept demonstration of ROP chain mutation or modification in an attempt to remove likelihood of easy detection and the loss of your latest java bug.

Presenters:

• antic0de
  Apparently antic0de was once technical. After his most recent conference talk where he was placed in the 'management stream' and fouled his voicebox with terms such as 'thought leader','policy use' and 'compliance', antic0de is now wanting to clear his name before it's too late.

Links:

• https://2012.kiwicon.org/the-con/talks/#e51

Similar Presentations:

• ShmooCon X (2014) / unROP: A Tool for In-Memory ROP Exploitation Detection and Traceback
• CarolinaCon 13 (2017) / A ROP Primer
• DEF CON 27 (2019) / Exploiting Windows Exploit Mitigation for ROP Exploits