Return-Oriented Programming: Exploits Without Code Injection
8 likes1,523 views
The document discusses return-oriented programming, which allows arbitrary computation without code injection by chaining together small "gadgets" found in program code or libraries. It presents the thesis that any sufficiently large program codebase contains enough gadgets to enable Turing-complete computation by controlling the program stack. The technique works by diverting the control flow to return addresses on the stack rather than injecting code. It poses a threat to security systems like W^X that aim to prevent code injection.
1 of 53
Downloaded 144 times
Ad
Recommended
Dive into ROP - a quick introduction to Return Oriented Programming
Dive into ROP - a quick introduction to Return Oriented ProgrammingSaumil Shah The document introduces Return Oriented Programming (ROP) and its core concepts. It discusses how Data Execution Prevention (DEP) prevents execution of injected shellcode by marking the stack and heap as non-executable. ROP overcomes this by chaining together small snippets of existing code (called "gadgets") in libraries and binaries to achieve arbitrary code execution. This is done by creating fake stack frames and controlling the instruction pointer (EIP) to return to addresses of gadgets. An example demonstrates overflowing a function and making it return to another function by placing a fake stack frame.
Return oriented programming
Return oriented programminghybr1s The document discusses return-oriented programming (ROP), an advanced exploitation technique used to leverage buffer overflow vulnerabilities by chaining short instruction sequences known as 'gadgets' to perform arbitrary computations. It provides a historical background of ROP, examples of its uses in computer worms, and various countermeasures to mitigate such vulnerabilities. Additionally, it includes a demonstration of a ROP compiler, ropgadget, which helps identify available gadgets within a binary.
Operating Systems - A Primer
Operating Systems - A PrimerSaumil Shah The document provides an introduction to operating systems and key concepts such as processes, virtual memory, and multitasking. It discusses how the CPU uses registers to perform computations and access memory. It explains that an operating system allows multiple programs to run simultaneously through time-slicing and context-switching between processes. Each process has its own virtual address space and sees its own "virtual machine" presented by the operating system.
Return oriented programming (ROP)
Return oriented programming (ROP)Pipat Methavanitpong This document discusses Return Oriented Programming (ROP), which is a technique for exploiting software vulnerabilities to execute malicious code without injecting new code. It can be done by manipulating return addresses on the program stack to divert execution flow to existing code snippets ("gadgets") that perform the desired task when executed in sequence. The document covers the anatomy of the x86 stack, common ROP attack approaches like stack smashing and return-to-libc, how gadgets work by chaining neutral instructions, and various defenses such as stack canaries, non-executable memory, address space layout randomization, and position-independent executables.
Why scala is not my ideal language and what I can do with this
Why scala is not my ideal language and what I can do with thisRuslan Shevchenko - The document discusses some of the author's criticisms of Scala, including its use of implicit parameters to configure runtime behavior, and lack of good support for asynchronous programming.
- The author proposes some workarounds, like annotating imports to avoid implicit conflicts, and patching the compiler to add more information to Future exceptions. However, the ideal solution would be language changes or improvements to asynchronous abstractions like Async.
- Overall, the author argues that Scala is not ideal for some use cases like asynchronous programming, but provides some workarounds people can use in the meantime. The best solutions require changes to the language and standard library.
08 - Return Oriented Programming, the chosen one
08 - Return Oriented Programming, the chosen oneAlexandre Moneger Return oriented programming (ROP) allows an attacker to bypass address space layout randomization (ASLR) and data execution prevention (DEP). It works by identifying small "gadgets" in a program's code that end with a return instruction. These gadgets can be stitched together to perform operations or redirect execution flow. First, gadgets are found in the program using tools like ROPeMe or objdump. Useful gadgets include those that load registers from memory or call functions indirectly. The gadgets can then be chained to build ROP payloads that copy shellcode into memory and pivot the stack to execute it.
R ext world/ useR! Kiev
R ext world/ useR! KievRuslan Shevchenko This document discusses various techniques for integrating R with other programming languages and ecosystems. It begins by asking what to do after building a model in R, such as rewriting the code, integrating R with other languages, or implementing business logic directly in R. The document then covers options for integrating R at the command line, library level, and for calling R from other languages like C++. It also discusses using R for web applications via techniques like rApache, shiny, and openCPU. In the end it argues that R can be effectively used as part of an application infrastructure along with software engineering languages.
JVM JIT-compiler overview @ JavaOne Moscow 2013
JVM JIT-compiler overview @ JavaOne Moscow 2013Vladimir Ivanov The document discusses just-in-time (JIT) compilers in the Java Virtual Machine (JVM). It describes how JIT compilers work by compiling bytecode to native machine code during execution based on profiling information. This allows for optimizations like inlining, devirtualization, loop unrolling and eliding unnecessary synchronization that improve performance. The JIT compiler uses feedback from profiling to enable more aggressive optimizations like these.
Glow user review
Glow user review冠旭 陳 This document introduces the compilation flow and IR design of Glow, an open-source framework for optimizing and compiling machine learning models to multiple backends and devices. It discusses the three levels of IR in Glow: High Level IR (HIR), Low Level IR (LIR), and backends. Pros include supporting training and inference compilation, quantization, and many HIR and LIR optimizations. Cons include lacking Python support and real ASIC backends. The document suggests areas for further work on Glow, such as adding more advanced optimizations, offloading subgraphs, improving JIT performance, and debugging optimized models.
Java Jit. Compilation and optimization by Andrey Kovalenko
Java Jit. Compilation and optimization by Andrey KovalenkoValeriia Maliarenko This document discusses Java Just-In-Time (JIT) compilation. It describes JIT as compiling Java bytecode to native machine code during program execution rather than prior to execution. It outlines the main types of JIT compilers in HotSpot (client, server, tiered) and the key optimizations they perform like inlining, escape analysis, on-stack replacement, and tiered compilation. The document provides details on JIT tuning flags and how to get more profiling information from the JIT compiler logs. It emphasizes that letting the JIT do its work through warmup and avoiding microbenchmarks is important to achieving full performance.
Exploitation Crash Course
Exploitation Crash CourseUTD Computer Security Group This document provides an introduction to software exploitation on Linux 32-bit systems. It covers common exploitation techniques like buffer overflows, format strings, and ret2libc attacks. It discusses the Linux memory layout and stack structure. It explains buffer overflows on the stack and heap, and how to leverage them to alter control flow and execute arbitrary code. It also covers the format string vulnerability and how to leak information or write to arbitrary memory locations. Tools mentioned include GDB, exploit-exercises, and Python. Overall it serves as a crash course on the basic techniques and concepts for Linux exploitation.
GTC16 - S6410 - Comparing OpenACC 2.5 and OpenMP 4.5
GTC16 - S6410 - Comparing OpenACC 2.5 and OpenMP 4.5Jeff Larkin The document presents a comparative analysis of OpenMP and OpenACC, focusing on their histories, philosophical and technical differences, and challenges related to portability. OpenMP emphasizes user-directed parallelization, while OpenACC allows compiler-driven optimization with more direct user guidance for parallelization. Although both frameworks serve similar purposes, they have distinct approaches and trade-offs without a definitive 'winner' in their capabilities.
The OMR GC talk - Ruby Kaigi 2015
The OMR GC talk - Ruby Kaigi 2015craig lehmann The document discusses the IBM OMR (Open Managed Runtime) toolkit, focusing on its features for improving garbage collection in Ruby, including multithreading and efficient memory allocation techniques. It highlights improvements achieved through a parallel global garbage collector and new memory allocation strategies, emphasizing compatibility with existing Ruby applications. Future work includes enhancements for real-time garbage collection and continued collaboration with the community.
JVM JIT compilation overview by Vladimir Ivanov
JVM JIT compilation overview by Vladimir IvanovZeroTurnaround The document provides an overview of JVM JIT-compilers, including:
- JIT-compilers in the HotSpot JVM dynamically compile bytecode to native machine code during program execution for improved performance compared to interpretation alone.
- JIT-compilers use profiling information gathered during execution to perform aggressive optimizations like inlining and devirtualization.
- The monitoring and debugging of JIT-compilers in the HotSpot JVM can be done using options like -XX:+PrintCompilation, -XX:+PrintInlining, and -XX:+PrintAssembly.
"JIT compiler overview" @ JEEConf 2013, Kiev, Ukraine
"JIT compiler overview" @ JEEConf 2013, Kiev, UkraineVladimir Ivanov This document provides an overview of JVM JIT compilers, specifically focusing on the HotSpot JVM compiler. It discusses the differences between static and dynamic compilation, how just-in-time compilation works in the JVM, profiling and optimizations performed by JIT compilers like inlining and devirtualization, and how to monitor the JIT compiler through options like -XX:+PrintCompilation and -XX:+PrintInlining.
Ruby3x3: How are we going to measure 3x
Ruby3x3: How are we going to measure 3xMatthew Gaudet The document discusses performance benchmarking for Ruby, focusing on methodologies, definitions, and pitfalls in benchmark design. It emphasizes the importance of understanding various metrics like warmup time, run-to-run variance, and the impact of garbage collection on benchmarks. Additionally, it suggests developing a standard performance harness for Ruby gems to facilitate performance tracking and analysis within the ecosystem.
VLSI Experiments I
VLSI Experiments IGouthaman V The document discusses place, route and back annotation in FPGA design. It explains that place and route involves placing logic elements and interconnecting them on the FPGA grid. Back annotation translates the physical design information after place and route back to the logical design, allowing timing simulation. Manual placement and routing as well as directed routing are also covered.
effective_r27
effective_r27Hiroshi Ono The document summarizes key points from a presentation titled "Effective Python Programming - OSCON 2005". It discusses Python fundamentals like namespaces, duck typing and exceptions. It also covers structured programming techniques in Python like iterators, generators, for/else loops and try/finally blocks. The presentation emphasizes writing effective code that makes use of Python features and follows best practices.
Java & low latency applications
Java & low latency applicationsRuslan Shevchenko This document discusses programming techniques for low-latency Java applications. It begins by explaining what low-latency means and when it is needed. It then covers various techniques including: using concurrent flows and minimizing context switches; exchanging data between threads via queues instead of shared memory; preallocating objects to avoid allocations; and directly accessing serialized data instead of object instances. The document also discusses memory issues like garbage collection pauses and cache line contention. It covers alternatives for accessing native code like JNA, JNI, and shared memory. Critical JNI is presented as a faster option than regular JNI.
不深不淺,帶你認識 LLVM (Found LLVM in your life)
不深不淺,帶你認識 LLVM (Found LLVM in your life)Douglas Chen The document introduces LLVM, a compiler infrastructure that facilitates programming and development through various tools. It discusses the differences between LLVM and GCC, the importance of self-hosting, and outlines various projects utilizing LLVM. Additionally, it covers fundamental concepts of compilers, optimizations, and technologies like Just-In-Time compilation and WebAssembly.
Compilation and Execution
Compilation and ExecutionChong-Kuan Chen The document discusses the process from compiling source code to executing a program. It covers preprocessing, compilation, assembly, linking, and the ELF file format. Preprocessing handles macros and conditionals. Compilation translates to assembly code. Assembly generates machine code. Linking combines object files and resolves symbols statically or dynamically using libraries. The ELF file format organizes machine code and data into sections in the executable.
Railsconf
RailsconfEzra Zygmuntowicz This document discusses Nanite, a messaging platform that uses Chef for configuration management, Redis for data storage, and RabbitMQ for messaging. It provides an overview of these technologies and how they enable automation, scalability, and flexibility for cloud infrastructure. Instructions are given to install Nanite on OSX systems by running a provided script.
Processor Verification Using Open Source Tools and the GCC Regression Test Suite
Processor Verification Using Open Source Tools and the GCC Regression Test SuiteDVClub The document summarizes a case study using open source tools to verify the OpenRISC 1200 processor implementation against its reference architectural simulation using the GCC regression test suite. Key aspects included:
1) Using the 53,000+ test GCC regression test suite to verify the SystemC design model against the reference Or1ksim architectural simulator.
2) Initial results found errors in both the RTL implementation and Or1ksim reference model, helping to improve both.
3) Connecting the GNU Debugger to drive the SystemC model via a remote serial protocol server, allowing the GCC regression tests to be used for verification.
VLSI Lab manual PDF
VLSI Lab manual PDFUR11EC098 The document describes the design and simulation of half adders, full adders, multiplexers, and demultiplexers using VHDL. It includes block diagrams, truth tables, and VHDL code for implementing these circuits using dataflow, behavioral, and structural modeling in Xilinx ISE. Code examples and output waveforms are provided for half adders, full adders, 4-to-1 multiplexers, and 1-to-4 demultiplexers. The aim is to learn how to design and simulate basic digital circuits using different VHDL modeling approaches.
Vlsi lab manual exp:2
Vlsi lab manual exp:2komala vani The document describes designing and simulating sequential circuits using Verilog HDL. It discusses creating a counter, PRBS generator, and accumulator. The procedure involves using Xilinx ISE software to write the Verilog code for each circuit and its test bench. The code is synthesized, simulated, and the waveforms are observed to verify the circuit behavior.
FOSDEM2016 - Ruby and OMR
FOSDEM2016 - Ruby and OMRCharlie Gracie Experiments were conducted utilizing OMR technologies in Ruby MRI. OMR is an open source toolkit that implements language-agnostic parts of a managed runtime. It allows incremental development of new runtimes and consumption of advanced functionality. A preview of Ruby integrated with OMR included garbage collection, just-in-time compilation, and diagnostic tooling improvements. Further work was suggested to improve performance and remove limitations of the Ruby interpreter.
From V8 to Modern Compilers
From V8 to Modern CompilersMin-Yih Hsu This document summarizes a talk about modern compiler techniques using Google's V8 JavaScript engine as an example. It discusses how early JavaScript interpreters led to slow execution speeds due to CPU pipeline stalling and lack of optimizations. Just-in-time (JIT) compilation was introduced to compile code on the fly and apply more optimizations. V8 uses a unified graph-based intermediate representation (IR) that allows optimizations and instruction selection by reducing the graph. The document contrasts traditional compiler courses with skills needed for real-world compiler projects, like those used at V8, which involve extensive optimizations, instruction selection, and dealing with dynamic types.
Unit testing of spark applications
Unit testing of spark applicationsKnoldus Inc. The document provides an overview of unit testing for Spark applications, detailing what Spark is and the importance of unit testing in software development. It discusses different methods for unit testing with Spark, comparing a more manual method with one using the 'spark-testing-base' library that streamlines the process. Key benefits of unit testing, such as early bug detection and easing integration, are also highlighted.
The Stack and Buffer Overflows
The Stack and Buffer OverflowsUTD Computer Security Group The document discusses the stack and buffer overflows. It provides an overview of registers, the stack, calling conventions, and buffer overflows. It explains how buffer overflows can corrupt local variables or overwrite the return pointer. The document shows how to craft payloads to exploit buffer overflows by overwriting values on the stack, such as changing a variable or calling a function directly.
Advance ROP Attacks
Advance ROP Attacksn|u - The Open Security Community This document discusses return-oriented programming (ROP) attacks and variants. It begins with an introduction to ROP attacks, explaining that they circumvent data execution prevention by chaining small snippets of executable code (called gadgets) that end in return instructions. It then covers different ROP attack techniques like using arithmetic, comparison, and loop gadgets to achieve Turing completeness. The document discusses challenges like handling null bytes and describes variants like jump-oriented programming (JOP) that uses indirect jumps. It also covers creating alphanumeric ROP shellcode by selecting printable addresses. In the end, it provides tips for effectively searching gadgets.
More Related Content
What's hot (20)
Glow user review
Glow user review冠旭 陳 This document introduces the compilation flow and IR design of Glow, an open-source framework for optimizing and compiling machine learning models to multiple backends and devices. It discusses the three levels of IR in Glow: High Level IR (HIR), Low Level IR (LIR), and backends. Pros include supporting training and inference compilation, quantization, and many HIR and LIR optimizations. Cons include lacking Python support and real ASIC backends. The document suggests areas for further work on Glow, such as adding more advanced optimizations, offloading subgraphs, improving JIT performance, and debugging optimized models.
Java Jit. Compilation and optimization by Andrey Kovalenko
Java Jit. Compilation and optimization by Andrey KovalenkoValeriia Maliarenko This document discusses Java Just-In-Time (JIT) compilation. It describes JIT as compiling Java bytecode to native machine code during program execution rather than prior to execution. It outlines the main types of JIT compilers in HotSpot (client, server, tiered) and the key optimizations they perform like inlining, escape analysis, on-stack replacement, and tiered compilation. The document provides details on JIT tuning flags and how to get more profiling information from the JIT compiler logs. It emphasizes that letting the JIT do its work through warmup and avoiding microbenchmarks is important to achieving full performance.
Exploitation Crash Course
Exploitation Crash CourseUTD Computer Security Group This document provides an introduction to software exploitation on Linux 32-bit systems. It covers common exploitation techniques like buffer overflows, format strings, and ret2libc attacks. It discusses the Linux memory layout and stack structure. It explains buffer overflows on the stack and heap, and how to leverage them to alter control flow and execute arbitrary code. It also covers the format string vulnerability and how to leak information or write to arbitrary memory locations. Tools mentioned include GDB, exploit-exercises, and Python. Overall it serves as a crash course on the basic techniques and concepts for Linux exploitation.
GTC16 - S6410 - Comparing OpenACC 2.5 and OpenMP 4.5
GTC16 - S6410 - Comparing OpenACC 2.5 and OpenMP 4.5Jeff Larkin The document presents a comparative analysis of OpenMP and OpenACC, focusing on their histories, philosophical and technical differences, and challenges related to portability. OpenMP emphasizes user-directed parallelization, while OpenACC allows compiler-driven optimization with more direct user guidance for parallelization. Although both frameworks serve similar purposes, they have distinct approaches and trade-offs without a definitive 'winner' in their capabilities.
The OMR GC talk - Ruby Kaigi 2015
The OMR GC talk - Ruby Kaigi 2015craig lehmann The document discusses the IBM OMR (Open Managed Runtime) toolkit, focusing on its features for improving garbage collection in Ruby, including multithreading and efficient memory allocation techniques. It highlights improvements achieved through a parallel global garbage collector and new memory allocation strategies, emphasizing compatibility with existing Ruby applications. Future work includes enhancements for real-time garbage collection and continued collaboration with the community.
JVM JIT compilation overview by Vladimir Ivanov
JVM JIT compilation overview by Vladimir IvanovZeroTurnaround The document provides an overview of JVM JIT-compilers, including:
- JIT-compilers in the HotSpot JVM dynamically compile bytecode to native machine code during program execution for improved performance compared to interpretation alone.
- JIT-compilers use profiling information gathered during execution to perform aggressive optimizations like inlining and devirtualization.
- The monitoring and debugging of JIT-compilers in the HotSpot JVM can be done using options like -XX:+PrintCompilation, -XX:+PrintInlining, and -XX:+PrintAssembly.
"JIT compiler overview" @ JEEConf 2013, Kiev, Ukraine
"JIT compiler overview" @ JEEConf 2013, Kiev, UkraineVladimir Ivanov This document provides an overview of JVM JIT compilers, specifically focusing on the HotSpot JVM compiler. It discusses the differences between static and dynamic compilation, how just-in-time compilation works in the JVM, profiling and optimizations performed by JIT compilers like inlining and devirtualization, and how to monitor the JIT compiler through options like -XX:+PrintCompilation and -XX:+PrintInlining.
Ruby3x3: How are we going to measure 3x
Ruby3x3: How are we going to measure 3xMatthew Gaudet The document discusses performance benchmarking for Ruby, focusing on methodologies, definitions, and pitfalls in benchmark design. It emphasizes the importance of understanding various metrics like warmup time, run-to-run variance, and the impact of garbage collection on benchmarks. Additionally, it suggests developing a standard performance harness for Ruby gems to facilitate performance tracking and analysis within the ecosystem.
VLSI Experiments I
VLSI Experiments IGouthaman V The document discusses place, route and back annotation in FPGA design. It explains that place and route involves placing logic elements and interconnecting them on the FPGA grid. Back annotation translates the physical design information after place and route back to the logical design, allowing timing simulation. Manual placement and routing as well as directed routing are also covered.
effective_r27
effective_r27Hiroshi Ono The document summarizes key points from a presentation titled "Effective Python Programming - OSCON 2005". It discusses Python fundamentals like namespaces, duck typing and exceptions. It also covers structured programming techniques in Python like iterators, generators, for/else loops and try/finally blocks. The presentation emphasizes writing effective code that makes use of Python features and follows best practices.
Java & low latency applications
Java & low latency applicationsRuslan Shevchenko This document discusses programming techniques for low-latency Java applications. It begins by explaining what low-latency means and when it is needed. It then covers various techniques including: using concurrent flows and minimizing context switches; exchanging data between threads via queues instead of shared memory; preallocating objects to avoid allocations; and directly accessing serialized data instead of object instances. The document also discusses memory issues like garbage collection pauses and cache line contention. It covers alternatives for accessing native code like JNA, JNI, and shared memory. Critical JNI is presented as a faster option than regular JNI.
不深不淺,帶你認識 LLVM (Found LLVM in your life)
不深不淺,帶你認識 LLVM (Found LLVM in your life)Douglas Chen The document introduces LLVM, a compiler infrastructure that facilitates programming and development through various tools. It discusses the differences between LLVM and GCC, the importance of self-hosting, and outlines various projects utilizing LLVM. Additionally, it covers fundamental concepts of compilers, optimizations, and technologies like Just-In-Time compilation and WebAssembly.
Compilation and Execution
Compilation and ExecutionChong-Kuan Chen The document discusses the process from compiling source code to executing a program. It covers preprocessing, compilation, assembly, linking, and the ELF file format. Preprocessing handles macros and conditionals. Compilation translates to assembly code. Assembly generates machine code. Linking combines object files and resolves symbols statically or dynamically using libraries. The ELF file format organizes machine code and data into sections in the executable.
Railsconf
RailsconfEzra Zygmuntowicz This document discusses Nanite, a messaging platform that uses Chef for configuration management, Redis for data storage, and RabbitMQ for messaging. It provides an overview of these technologies and how they enable automation, scalability, and flexibility for cloud infrastructure. Instructions are given to install Nanite on OSX systems by running a provided script.
Processor Verification Using Open Source Tools and the GCC Regression Test Suite
Processor Verification Using Open Source Tools and the GCC Regression Test SuiteDVClub The document summarizes a case study using open source tools to verify the OpenRISC 1200 processor implementation against its reference architectural simulation using the GCC regression test suite. Key aspects included:
1) Using the 53,000+ test GCC regression test suite to verify the SystemC design model against the reference Or1ksim architectural simulator.
2) Initial results found errors in both the RTL implementation and Or1ksim reference model, helping to improve both.
3) Connecting the GNU Debugger to drive the SystemC model via a remote serial protocol server, allowing the GCC regression tests to be used for verification.
VLSI Lab manual PDF
VLSI Lab manual PDFUR11EC098 The document describes the design and simulation of half adders, full adders, multiplexers, and demultiplexers using VHDL. It includes block diagrams, truth tables, and VHDL code for implementing these circuits using dataflow, behavioral, and structural modeling in Xilinx ISE. Code examples and output waveforms are provided for half adders, full adders, 4-to-1 multiplexers, and 1-to-4 demultiplexers. The aim is to learn how to design and simulate basic digital circuits using different VHDL modeling approaches.
Vlsi lab manual exp:2
Vlsi lab manual exp:2komala vani The document describes designing and simulating sequential circuits using Verilog HDL. It discusses creating a counter, PRBS generator, and accumulator. The procedure involves using Xilinx ISE software to write the Verilog code for each circuit and its test bench. The code is synthesized, simulated, and the waveforms are observed to verify the circuit behavior.
FOSDEM2016 - Ruby and OMR
FOSDEM2016 - Ruby and OMRCharlie Gracie Experiments were conducted utilizing OMR technologies in Ruby MRI. OMR is an open source toolkit that implements language-agnostic parts of a managed runtime. It allows incremental development of new runtimes and consumption of advanced functionality. A preview of Ruby integrated with OMR included garbage collection, just-in-time compilation, and diagnostic tooling improvements. Further work was suggested to improve performance and remove limitations of the Ruby interpreter.
From V8 to Modern Compilers
From V8 to Modern CompilersMin-Yih Hsu This document summarizes a talk about modern compiler techniques using Google's V8 JavaScript engine as an example. It discusses how early JavaScript interpreters led to slow execution speeds due to CPU pipeline stalling and lack of optimizations. Just-in-time (JIT) compilation was introduced to compile code on the fly and apply more optimizations. V8 uses a unified graph-based intermediate representation (IR) that allows optimizations and instruction selection by reducing the graph. The document contrasts traditional compiler courses with skills needed for real-world compiler projects, like those used at V8, which involve extensive optimizations, instruction selection, and dealing with dynamic types.
Unit testing of spark applications
Unit testing of spark applicationsKnoldus Inc. The document provides an overview of unit testing for Spark applications, detailing what Spark is and the importance of unit testing in software development. It discusses different methods for unit testing with Spark, comparing a more manual method with one using the 'spark-testing-base' library that streamlines the process. Key benefits of unit testing, such as early bug detection and easing integration, are also highlighted.
Similar to Return-Oriented Programming: Exploits Without Code Injection (20)
The Stack and Buffer Overflows
The Stack and Buffer OverflowsUTD Computer Security Group The document discusses the stack and buffer overflows. It provides an overview of registers, the stack, calling conventions, and buffer overflows. It explains how buffer overflows can corrupt local variables or overwrite the return pointer. The document shows how to craft payloads to exploit buffer overflows by overwriting values on the stack, such as changing a variable or calling a function directly.
Advance ROP Attacks
Advance ROP Attacksn|u - The Open Security Community This document discusses return-oriented programming (ROP) attacks and variants. It begins with an introduction to ROP attacks, explaining that they circumvent data execution prevention by chaining small snippets of executable code (called gadgets) that end in return instructions. It then covers different ROP attack techniques like using arithmetic, comparison, and loop gadgets to achieve Turing completeness. The document discusses challenges like handling null bytes and describes variants like jump-oriented programming (JOP) that uses indirect jumps. It also covers creating alphanumeric ROP shellcode by selecting printable addresses. In the end, it provides tips for effectively searching gadgets.
Smash the Stack: Writing a Buffer Overflow Exploit (Win32)
Smash the Stack: Writing a Buffer Overflow Exploit (Win32)Elvin Gentiles This document provides an overview of buffer overflow exploits on Windows 32-bit systems. It discusses the lab environment that will be used, basic assembly concepts like registers and instructions, the Windows 32 memory layout, how the stack works, and the general steps for exploit development. These include causing a crash, identifying the offset, determining bad characters, locating space for shellcode, generating shellcode, and redirecting execution to the shellcode. The document concludes by listing some hands-on exercises that will be covered, and recommending additional learning materials on exploit writing.
The walking 0xDEAD
The walking 0xDEADCarlos Garcia Prado The document covers topics related to binary inspection and manipulation, specifically focusing on malware analysis and reverse engineering in x86 architecture. It discusses key concepts such as assembly language, CPU registers, common instructions, and the structure of processes and memory. The presentation highlights the evolution from static to dynamic analysis and emphasizes the use of Python for binary manipulation and analysis.
null Pune meet - Application Security: Code injection
null Pune meet - Application Security: Code injectionn|u - The Open Security Community Code injection occurs when invalid data is injected as code instead of data and executed as part of a program. Common code injection techniques include buffer overflows, SQL injection, and cross-site scripting (XSS). Buffer overflows occur when input length exceeds the buffer size, overwriting the stack and potentially changing the return address. SQL injection happens when unsanitized user input is inserted into SQL queries, allowing manipulation of the database. XSS injects client-side script code by inputting it into a web application. To prevent code injection, developers must never trust unsanitized user input.
Intro to reverse engineering owasp
Intro to reverse engineering owaspTsvetelin Choranov The document outlines an introduction to reverse engineering with a schedule for a workshop including topics like C programming, control flow, assembly instructions, and debugging tools. It covers key concepts such as data types, CPU registers, assembly operations (e.g., mov, add, jmp), and calling conventions, while also providing various examples and pseudocode to illustrate these concepts. Additionally, it discusses tools for disassembly and debugging, along with commands and techniques for effective reverse engineering.
Assem -lect-6
Assem -lect-6Dolly Angel This document discusses procedures in assembly language. It covers defining procedures, documenting procedures, using the CALL and RET instructions to call and return from procedures, and examples of procedures including a SumOf procedure and nested procedure calls. Local variables within procedures are also mentioned.
Micro control idsecconf2010
Micro control idsecconf2010idsecconf This document discusses security issues with microcontrollers (uCs). uCs are commonly used in devices like cars, medical implants, and infrastructure systems. The Atmel AVR8 uC architecture is examined in depth. Issues discussed include weak randomness for crypto, race conditions due to lack of concurrency controls, buffer overflows enabled by the Harvard architecture separating code and data, and attacks involving NULL pointers, uninitialized memory, and dereferencing memory beyond physical limits. Exploiting these issues could allow taking control of uC firmware to potentially manipulate connected devices and systems.
Automating Return Oriented Programming Attacks
Automating Return Oriented Programming AttacksETH Zurich The document discusses automating return oriented programming (ROP) attacks. It begins with background on ROP and related work that has limitations. The contribution is a method to automate ROP attacks on standalone binaries by analyzing the binaries to find usable gadgets despite limited registers and instructions. The conclusion reiterates the focus on standalone binaries to expand automated ROP attacks.
CNIT 127 Ch Ch 1: Before you Begin
CNIT 127 Ch Ch 1: Before you BeginSam Bowne The document discusses basic concepts related to exploit development such as vulnerabilities, exploits, fuzzers, memory management, assembly language, and stack-based overflows. It provides definitions and explanations of these key terms, how programs are laid out in memory, basic assembly instructions, register usage, and how to recognize common C language constructs when viewing assembly code.
CNIT 127 Ch 1: Before you Begin
CNIT 127 Ch 1: Before you BeginSam Bowne The document provides an introduction to exploit development, covering basic concepts like vulnerabilities, exploits, and memory management, specifically within the context of Intel 32-bit architecture. It details the structure and types of program address spaces, assembly language instructions, and the functioning of registers and memory addressing. The content is oriented towards understanding key elements like buffer overflows, function calls, and conditional statements to develop effective exploits.
Software to the slaughter
Software to the slaughterQuinn Wilton The document discusses the anatomy and exploitation of computer memory stacks in relation to security vulnerabilities, particularly through buffer overflow attacks. It explains how attackers can manipulate the stack to execute arbitrary code, known as shellcode, and outlines various defensive techniques like stack canaries, address space layout randomization, and data execution prevention. The author encourages participation in competitive hacking events to gain practical experience in exploit development.
Hacker Thursdays: An introduction to binary exploitation
Hacker Thursdays: An introduction to binary exploitationOWASP Hacker Thursday The document presents an introduction to binary exploitation by Gábor Pék, who discusses his background in virtualization and malware security. It covers fundamental concepts including compilers, native binaries, program memory layout, and types of bugs, along with examples of function calls and memory management. The document also addresses memory corruption errors, common vulnerabilities, and various protections and exploitation techniques.
10 Instruction Sets Characteristics
10 Instruction Sets CharacteristicsJeanie Delos Arcos The document discusses instruction sets and their characteristics. It covers topics like instruction formats, types of instructions, addressing modes, operand types, and byte ordering. Instruction sets have operation codes, operands, and addressing that reference locations in memory or registers. Design decisions for instruction sets include the operation repertoire, number of registers, and addressing modes.
Return Oriented Programming
Return Oriented ProgrammingUTD Computer Security Group The document presents an introduction to Return Oriented Programming (ROP) techniques, specifically ret2libc and return chaining, explaining how to manipulate function addresses in binaries to execute arbitrary code. It discusses utilizing existing program instructions, gadgets, and various tools to bypass security mechanisms like DEP/NX, enabling the execution of payloads without direct code injection. Additional resources and references are provided for further exploration of ROP exploits.
Writing exploits
Writing exploitsSecurity Session This document discusses various techniques for writing exploits, including basic buffer overflows, return-oriented programming (ROP), and tools like Metasploit and Immunity Debugger. It provides a brief history of exploits and covers defenses like stack canaries, data execution prevention (DEP), address space layout randomization (ASLR), and format string attacks. The goal is to motivate and introduce common methods for exploiting software vulnerabilities.
Nethemba - Writing exploits
Nethemba - Writing exploitsOWASP (Open Web Application Security Project) The document provides an overview of various exploitation techniques including code injection, buffer overflow attacks, stack cookies, DEP, ASLR, and return-oriented programming. It highlights historical references, tools like Metasploit, and mitigation strategies against exploits. Overall, it serves as a guide for understanding vulnerabilities in software through technical examples and protective measures.
Go Go Gadget! - An Intro to Return Oriented Programming (ROP)
Go Go Gadget! - An Intro to Return Oriented Programming (ROP)Miguel Arroyo ROP (return-oriented programming) is a technique that allows executing malicious code on systems with non-executable stacks by chaining short instruction sequences ("gadgets") already present in memory. The document provides an overview of ROP, including its origins as a generalization of ret2libc attacks. It describes how ROP chains gadgets by controlling the instruction pointer to execute desired sequences ending in return instructions. Finally, it walks through a simple ROP exploit on x86 as a demonstration.
Buffer OverFlow
Buffer OverFlowRambabu Duddukuri Buffer overruns occur when a program allows writing more data to a buffer than it was allocated to hold. This can lead to code injection attacks by overwriting memory addresses like return addresses on the stack. Common types of buffer overruns include stack overruns, heap overruns, array indexing errors, and format string bugs. Developers can prevent buffer overruns by carefully handling untrusted user input, using bounds-checked functions, and compiling with protections like GS flags.
Introduction to Linux Exploit Development
Introduction to Linux Exploit Developmentjohndegruyter The document provides an introduction to Linux exploit development. It discusses the speaker's background and certifications. It then covers compiling a simple "Hello World" program in C and examining the resulting executable file format and memory layout. The presentation examines the stack and how functions, arguments, and return addresses are managed using stack frames and instructions like PUSH, POP, CALL, and RET. It demonstrates the prologue and epilogue sections of a function that save and restore registers and stack pointers.
Ad
Recently uploaded (20)
MuleSoft for AgentForce : Topic Center and API Catalog
MuleSoft for AgentForce : Topic Center and API Catalogshyamraj55 This presentation dives into how MuleSoft empowers AgentForce with organized API discovery and streamlined integration using Topic Center and the API Catalog. Learn how these tools help structure APIs around business needs, improve reusability, and simplify collaboration across teams. Ideal for developers, architects, and business stakeholders looking to build a connected and scalable API ecosystem within AgentForce.
Viral>Wondershare Filmora 14.5.18.12900 Crack Free Download
Viral>Wondershare Filmora 14.5.18.12900 Crack Free DownloadPuppy jhon ➡ 🌍📱👉COPY & PASTE LINK👉👉👉 ➤ ➤➤ https://drfiles.net/
Wondershare Filmora Crack is a user-friendly video editing software designed for both beginners and experienced users.
Raman Bhaumik - Passionate Tech Enthusiast
Raman Bhaumik - Passionate Tech EnthusiastRaman Bhaumik A Junior Software Developer with a flair for innovation, Raman Bhaumik excels in delivering scalable web solutions. With three years of experience and a solid foundation in Java, Python, JavaScript, and SQL, she has streamlined task tracking by 20% and improved application stability.
AI vs Human Writing: Can You Tell the Difference?
AI vs Human Writing: Can You Tell the Difference?Shashi Sathyanarayana, Ph.D This slide illustrates a side-by-side comparison between human-written, AI-written, and ambiguous content. It highlights subtle cues that help readers assess authenticity, raising essential questions about the future of communication, trust, and thought leadership in the age of generative AI.
Smarter Aviation Data Management: Lessons from Swedavia Airports and Sweco
Smarter Aviation Data Management: Lessons from Swedavia Airports and SwecoSafe Software Managing airport and airspace data is no small task, especially when you’re expected to deliver it in AIXM format without spending a fortune on specialized tools. But what if there was a smarter, more affordable way?
Join us for a behind-the-scenes look at how Sweco partnered with Swedavia, the Swedish airport operator, to solve this challenge using FME and Esri.
Learn how they built automated workflows to manage periodic updates, merge airspace data, and support data extracts – all while meeting strict government reporting requirements to the Civil Aviation Administration of Sweden.
Even better? Swedavia built custom services and applications that use the FME Flow REST API to trigger jobs and retrieve results – streamlining tasks like securing the quality of new surveyor data, creating permdelta and baseline representations in the AIS schema, and generating AIXM extracts from their AIS data.
To conclude, FME expert Dean Hintz will walk through a GeoBorders reading workflow and highlight recent enhancements to FME’s AIXM (Aeronautical Information Exchange Model) processing and interpretation capabilities.
Discover how airports like Swedavia are harnessing the power of FME to simplify aviation data management, and how you can too.
FIDO Seminar: Targeting Trust: The Future of Identity in the Workforce.pptx
FIDO Seminar: Targeting Trust: The Future of Identity in the Workforce.pptxFIDO Alliance FIDO Seminar: Targeting Trust: The Future of Identity in the Workforce
FIDO Seminar: Authentication for a Billion Consumers - Amazon.pptx
FIDO Seminar: Authentication for a Billion Consumers - Amazon.pptxFIDO Alliance FIDO Seminar: Authentication for a Billion Consumers - Amazon
OpenPOWER Foundation & Open-Source Core Innovations
OpenPOWER Foundation & Open-Source Core InnovationsIBM penPOWER offers a fully open, royalty-free CPU architecture for custom chip design.
It enables both lightweight FPGA cores (like Microwatt) and high-performance processors (like POWER10).
Developers have full access to source code, specs, and tools for end-to-end chip creation.
It supports AI, HPC, cloud, and embedded workloads with proven performance.
Backed by a global community, it fosters innovation, education, and collaboration.
Security Tips for Enterprise Azure Solutions
Security Tips for Enterprise Azure SolutionsMichele Leroux Bustamante Delivering solutions to Azure may involve a variety of architecture patterns involving your applications, APIs data and associated Azure resources that comprise the solution. This session will use reference architectures to illustrate the security considerations to protect your Azure resources and data, how to achieve Zero Trust, and why it matters. Topics covered will include specific security recommendations for types Azure resources and related network security practices. The goal is to give you a breadth of understanding as to typical security requirements to meet compliance and security controls in an enterprise solution.
Improving Data Integrity: Synchronization between EAM and ArcGIS Utility Netw...
Improving Data Integrity: Synchronization between EAM and ArcGIS Utility Netw...Safe Software Utilities and water companies play a key role in the creation of clean drinking water. The creation and maintenance of clean drinking water is becoming a critical problem due to pollution and pressure on the environment. A lot of data is necessary to create clean drinking water. For fieldworkers, two types of data are key: Asset data in an asset management system (EAM for example) and Geographic data in a GIS (ArcGIS Utility Network ). Keeping this type of data up to date and in sync is a challenge for many organizations, leading to duplicating data and creating a bulk of extra attributes and data to keep everything in sync. Using FME, it is possible to synchronize Enterprise Asset Management (EAM) data with the ArcGIS Utility Network in real time. Changes (creation, modification, deletion) in ArcGIS Pro are relayed to EAM via FME, and vice versa. This ensures continuous synchronization of both systems without daily bulk updates, minimizes risks, and seamlessly integrates with ArcGIS Utility Network services. This presentation focuses on the use of FME at a Dutch water company, to create a sync between the asset management and GIS.
Enabling BIM / GIS integrations with Other Systems with FME
Enabling BIM / GIS integrations with Other Systems with FMESafe Software Jacobs has successfully utilized FME to tackle the complexities of integrating diverse data sources in a confidential $1 billion campus improvement project. The project aimed to create a comprehensive digital twin by merging Building Information Modeling (BIM) data, Construction Operations Building Information Exchange (COBie) data, and various other data sources into a unified Geographic Information System (GIS) platform. The challenge lay in the disparate nature of these data sources, which were siloed and incompatible with each other, hindering efficient data management and decision-making processes.
To address this, Jacobs leveraged FME to automate the extraction, transformation, and loading (ETL) of data between ArcGIS Indoors and IBM Maximo. This process ensured accurate transfer of maintainable asset and work order data, creating a comprehensive 2D and 3D representation of the campus for Facility Management. FME's server capabilities enabled real-time updates and synchronization between ArcGIS Indoors and Maximo, facilitating automatic updates of asset information and work orders. Additionally, Survey123 forms allowed field personnel to capture and submit data directly from their mobile devices, triggering FME workflows via webhooks for real-time data updates. This seamless integration has significantly enhanced data management, improved decision-making processes, and ensured data consistency across the project lifecycle.
FIDO Seminar: Perspectives on Passkeys & Consumer Adoption.pptx
FIDO Seminar: Perspectives on Passkeys & Consumer Adoption.pptxFIDO Alliance FIDO Seminar: Perspectives on Passkeys & Consumer Adoption
June Patch Tuesday
June Patch TuesdayIvanti Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
FIDO Seminar: Evolving Landscape of Post-Quantum Cryptography.pptx
FIDO Seminar: Evolving Landscape of Post-Quantum Cryptography.pptxFIDO Alliance FIDO Seminar: Evolving Landscape of Post-Quantum Cryptography
From Manual to Auto Searching- FME in the Driver's Seat
From Manual to Auto Searching- FME in the Driver's SeatSafe Software Finding a specific car online can be a time-consuming task, especially when checking multiple dealer websites. A few years ago, I faced this exact problem while searching for a particular vehicle in New Zealand. The local classified platform, Trade Me (similar to eBay), wasn’t yielding any results, so I expanded my search to second-hand dealer sites—only to realise that periodically checking each one was going to be tedious. That’s when I noticed something interesting: many of these websites used the same platform to manage their inventories. Recognising this, I reverse-engineered the platform’s structure and built an FME workspace that automated the search process for me. By integrating API calls and setting up periodic checks, I received real-time email alerts when matching cars were listed. In this presentation, I’ll walk through how I used FME to save hours of manual searching by creating a custom car-finding automation system. While FME can’t buy a car for you—yet—it can certainly help you find the one you’re after!
Securing Account Lifecycles in the Age of Deepfakes.pptx
Securing Account Lifecycles in the Age of Deepfakes.pptxFIDO Alliance Securing Account Lifecycles in the Age of Deepfakes
The Future of Data, AI, and AR: Innovation Inspired by You.pdf
The Future of Data, AI, and AR: Innovation Inspired by You.pdfSafe Software The future of FME is inspired by you. We can't wait to show you what's ahead for FME and Safe Software.
"Database isolation: how we deal with hundreds of direct connections to the d...
"Database isolation: how we deal with hundreds of direct connections to the d...Fwdays What can go wrong if you allow each service to access the database directly? In a startup, this seems like a quick and easy solution, but as the system scales, problems appear that no one could have guessed.
In my talk, I'll share Solidgate's experience in transforming its architecture: from the chaos of direct connections to a service-based data access model. I will talk about the transition stages, bottlenecks, and how isolation affected infrastructure support. I will honestly show what worked and what didn't. In short, we will analyze the controversy of this talk.
“Key Requirements to Successfully Implement Generative AI in Edge Devices—Opt...
“Key Requirements to Successfully Implement Generative AI in Edge Devices—Opt...Edge AI and Vision Alliance For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2025/06/key-requirements-to-successfully-implement-generative-ai-in-edge-devices-optimized-mapping-to-the-enhanced-npx6-neural-processing-unit-ip-a-presentation-from-synopsys/
Gordon Cooper, Principal Product Manager at Synopsys, presents the “Key Requirements to Successfully Implement Generative AI in Edge Devices—Optimized Mapping to the Enhanced NPX6 Neural Processing Unit IP” tutorial at the May 2025 Embedded Vision Summit.
In this talk, Cooper discusses emerging trends in generative AI for edge devices and the key role of transformer-based neural networks. He reviews the distinct attributes of transformers, their advantages over conventional convolutional neural networks and how they enable generative AI.
Cooper then covers key requirements that must be met for neural processing units (NPU) to support transformers and generative AI in edge device applications. He uses transformer-based generative AI examples to illustrate the efficient mapping of these workloads onto the enhanced Synopsys ARC NPX NPU IP family.
“Key Requirements to Successfully Implement Generative AI in Edge Devices—Opt...
“Key Requirements to Successfully Implement Generative AI in Edge Devices—Opt...Edge AI and Vision Alliance
Ad