“A concept is a brick. It can be used to build a courthouse of reason. Or it can be thrown through the window.”
― Gilles Deleuze
Ever since Smashing the Stack For Fun And Profit was published by Aleph One almost a quarter century ago the security world has completely changed the way it defends exploitation. Canary stack, DEP, ASLR, CFI and various other mitigation techniques were developed to address various exploit techniques. Yet, ROP remains a prominent practice employed by many exploits even today.
ROP is the most common exploitation method for attackers to mutate memory bugs on target process into malicious executable code. “Next Gen” endpoint security products try to address ROP and other exploitation methods. Windows embraces many mitigation techniques as well. However, these mitigation features such as CFG can in fact be leveraged and increase ROP’s attack surface and allow it to even bypass exploit protections!
If you are intrigued by ROP, want to learn about methods in Windows that protect against ROP and how to bypass them - this talk is for you! On top of that a novel method of bypassing ROP mitigation of most products will also be revealed.