this post was submitted on 29 Jul 2025
2 points (100.0% liked)

blueteamsec

434 readers
8 users here now

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

founded 2 years ago
MODERATORS
digicat
2
Process Injection using Return-Oriented Programming (ieeexplore.ieee.org)
submitted 1 week ago by digicat to c/blueteamsec
1 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] henfredemars 2 points 1 week ago

On Windows, ROP is often used solely to bypass Data Execution Prevention, rather than realizing its full potential; indeed, the bulk of advanced, malicious functionality is typically invoked through shellcode.

That's because writing ROP chains sucks, especially if you have complex constraints on the chain such as bad bytes or restricted values in the payload. Not having to write as much of it in the weird machine's language is a good thing. It's well-known that any nontrivial binary will be turing-complete in its available gadgets. We can already implement anything in principle, which leaves me feeling slightly confused as to the main contribution of this paper. It's cute though!