Stuck on a difficult exploit payload where you simply cannot use the stack to hold your exploit payload? Jump Oriented Programming (“JOP”) may hold the key to your success, but the way forward may not be so simple. The main focus of this talk will describing existing ROP compiler support for Jump Oriented Programming techniques, and will feature proposals for improved support across several tools and architectures.
John Dunlap is a security Engineer at Gotham Digital Science specializing in static analysis and code review. Gotham Digital science is a boutique penetration testing firm specializing in testing of unusual or otherwise bespoke software systems. John’s main research interests include concolic execution, reverse engineering and advanced exploitation techniques. @johndunlap2