Schedule Recon Montreal 2018

There are roughly two kinds of tools for return oriented programming (ROP): _syntactic_ tools that return the disassembly of gadgets and sometimes perform template based automatic chaining, and _symbolic_ tools that compute a symbolic representation of the output state for each gadget and allow more powerful manipulations.

The former are very fast but only allow regex queries, the latter allow symbolic queries but are much slower.

We propose an intermediate approach, faster than symbolic tools and allowing more expressive queries than syntactic tools: taint-based ROP (T-Brop).

T-Brop uses a coarse semantic of instructions. Instead of a precise symbolic I/Orelationship, it only relies on a dependency matrix reflecting how a taint would be propagated by a given gadget.

Info

Day: 2018-06-17
Start time: 11:30
Duration: 00:30
Room: Grand salon
Track: Exploitation

Links:

• iCalendar