Nytro Posted November 26, 2014 Report Share Posted November 26, 2014 Deep Dive into ROP Payload AnalysisAuthor: Sudeep SinghPurposeThe purpose of this paper is to introduce the reader to techniques, which can beused to analyze ROP Payloads, which are used in exploits in the wild. At the sametime, we take an in depth look at one of the ROP mitigation techniques such as stackpivot detection which is used in security softwares at present.By taking an example of 2 exploits found in the wild (CVE-2010-2883 and CVE-2014-0569), a comparison between the ROP payloads is done in terms of their complexityand their capability of bypassing the stack pivot detection.A detailed analysis of the ROP payloads helps us understand this exploitationtechnique better and develop more efficient detection mechanisms.This paper is targeted towards Exploit Analysts and also those who are interested inReturn Oriented Programming.Download: http://www.exploit-db.com/wp-content/themes/exploit/docs/35355.pdf Quote Link to comment Share on other sites More sharing options...