How to Patch Processes Using ROP | Binary Exploitation Tutorial
6.7 هزار بار بازدید -
7 سال پیش
-
Checkout my website for a
Checkout my website for a written version of this tutorial - http://billyellis.net
Hey guys! Today in this video we take a look at one of the more advanced uses of Return Oriented Programming, an exploitation technique used by attackers to gain arbitrary code execution by reusing existing code. This video covers the basics of writing patches using ROP.
You may have seen my video explaining how to patch iOS applications using Hopper disassembler and produce a new patched executable, but what if you want to patch something like the iOS kernel? Or another crucial part of an embedded system? The likelihood is that you will not be able to statically patch it and load it onto the device as it's digital signature will be invalidated and it will be rejected. To get around this, we can use runtime patching with ROP!
This involves applying patches to an application while it is running. Of course, this is much more difficult to do than static patching, but it's a whole lot more interesting and a useful skill to have when becoming a security researcher.
Download ROPLevel3 to try this out yourself - https://github.com/Billy-Ellis/Exploi...
If you have any questions about this video, leave a comment or tweet me @bellis1000
Don't forget to leave a LIKE as this video did take alot of time and effort to put together.
Thanks for watching!
Hey guys! Today in this video we take a look at one of the more advanced uses of Return Oriented Programming, an exploitation technique used by attackers to gain arbitrary code execution by reusing existing code. This video covers the basics of writing patches using ROP.
You may have seen my video explaining how to patch iOS applications using Hopper disassembler and produce a new patched executable, but what if you want to patch something like the iOS kernel? Or another crucial part of an embedded system? The likelihood is that you will not be able to statically patch it and load it onto the device as it's digital signature will be invalidated and it will be rejected. To get around this, we can use runtime patching with ROP!
This involves applying patches to an application while it is running. Of course, this is much more difficult to do than static patching, but it's a whole lot more interesting and a useful skill to have when becoming a security researcher.
Download ROPLevel3 to try this out yourself - https://github.com/Billy-Ellis/Exploi...
If you have any questions about this video, leave a comment or tweet me @bellis1000
Don't forget to leave a LIKE as this video did take alot of time and effort to put together.
Thanks for watching!
7 سال پیش
در تاریخ 1396/02/23 منتشر شده
است.
6,746
بـار بازدید شده