Return-oriented programming is one of the most advanced attack techniques available today. This talk presents algorithms which allow an attacker to search for and compose gadgets regardless of the underlying architecture using the REIL meta language. We show a return-oriented compiler for the ARM architecture as a proof-of-concept implementation of the algorithms developed and discuess applications to the iPhoneOS platform. This compiler accepts inputs in an assembly-like language, simplifying the otherwise tedious gadget selection process by hand. Thus enabling the researcher to focus on the other parts of successful exploitation by minimizing the shellcode development time.
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.