DEF CON , Next-Generation Technologies & Secure Development , Video

Navigating Security Threats With Return-Oriented Programming

Assistant Professor Bramwell Brizendine on Process Injection, Advanced Mitigation
Bramwell Brizendine, assistant professor, University of Alabama, Huntsville

Return-oriented programming poses a big threat to system defenses by exploiting existing executable code in memory, allowing attackers to bypass common mitigations, said Bramwell Brizendine, an assistant professor at the University of Alabama in Huntsville.

In these attacks, Brizendine said, attackers identify vulnerable binaries for injection and string together instructions, or "gadgets," found in process memory to gain control over a system. ROP-based process injection remains difficult to detect and mitigate due to the manipulation of system memory by attackers, and Brizendine said ROP attacks often remain hidden if proper EDR systems aren't in place (see: Windows 10 Security Feature Broken, CERT/CC Warns).

"You have to pinpoint specifically which process you're going to attack, so that requires you to be able to somehow identify that," Brizendine said. "Traditionally, you would need to have some type of string comparison when you're doing that with return-oriented programming, which can be difficult because you're limited to only a certain small set of gadgets that the attack surface can support."

In this video interview with Information Security Media Group at DEF CON 2024, Brizendine discussed:

  • How return-oriented programming often bypasses common security mitigations;
  • The role of novel string comparison techniques in enhancing ROP-based attacks;
  • The role of tools such as ROP Rocket in advancing automated ROP chain generation.

Brizendine has taught numerous courses in reverse engineering, advanced software exploitation, malware analysis and offensive security. He is the author of several cybersecurity tools, including JOP ROCKET, SHAREM, ShellWasp and ROP ROCKET, which are open source and freely available.


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing paymentsecurity.io, you agree to our use of cookies.