The talk is about how to help security researcher to automatically traceback from an identified attack to the exact software bug that is the entrance point of the exploitation. Specifically, our open-source software unROP is to help researchers to analyze ROP exploitations and automatically unwrap the detected ROP chain.
Analyzing ROP based exploitations currently requires serious manual effort from security researchers for finding and unrolling the chain of hundreds and thousands of gadgets. The talk presents an approach to reduce this manual effort by identifying ROP components from memory dump and automatically tracing back to the software vulnerability. The unROP tool is based on the characteristics of ROP gadget that we collected from the popular gadget generation software. The unROP tool also scans memory for signs of other exploitation techniques, such as stack pivoting and heap spray attacks. The talk includes demonstrations of applying the software tool on recent ROP-based exploitations.