Deadwood 2020 (Virtual Con)
Back To Schedule
Friday, September 25 • 10:00am - 10:50am
Jump-Oriented Programming Exploits with the JOP ROCKET

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

When exploited are developed from scratch, in a modern Windows system you often must use code-reuse attacks, Return-oriented Programming (ROP), as a means to overcome certain mitigations, such as Data Execution Prevention (DEP), to make it possible to execute shellcode; ROP is in a sense, a necessary evil to move forward. ROP is well established and requires the use of specialized tools, such as Mona, in order to discover ROP gadgets. However, another code-reuse attack paradigm is possible: Jump-Oriented Programming (JOP). While JOP is similar to ROP, but it is also very different in many significant ways. While ROP is well known and frequently used, most exploit developers have never heard of JOP, or have only passing familiarity. In some academic literature, there were claims that JOP had NEVER been done in the wild. That was false, it has been, but there were just a handful of times where it was known to have done so. What made JOP totally infeasible, to a large extent, was the fact that there was no dedicated tool to help facilitate JOP, unlike with ROP.  Moreover, the information on how to actually do JOP was extremely limited, with some academic journal articles providing scant, highly imited discussion. There was absolutely no practical information on how to actually do JOP in a Windows environment. All of these made it very challenging to do JOP.

All this changed in 2019, when Dr. Brizendine created and released the JOP ROCKET, providing a tool that makes JOP feasible, and providing guidance on how to use JOP in a Windows environment.

Make no mistake about it--JOP is an elite alternative to ROP, and it is not for the faint of heart. If you are looking to push and challenge yourself, then you owe it to yourself to learn about JOP. In this talk, we will first introduce code-reuse attacks, providing some background on both ROP as well as JOP. Then we will focus discussion on the new JOP ROCKET, an exploitation tool created right here in South Dakota. From there, we will get into the nitty-gritty of JOP exploit development in a Windows environment, walking people through the steps, explaining the various complex nuances and gotcha's (and there are many). This talk will also include a working JOP demo, which will provide a walk-through on how to do JOP with a sample exploit. We will even provide a special JOP exploit challenge for attendees that wish to try it on their own!

This talk is very empowering, as attendees will challenge themselves and learn about a new type of code-reuse attack that they have likely never encountered. Key takeaways are that they will be excited to go challenge themselves by trying to do JOP in an exploit, and they will be empowered because they have knowledge to start mastering one of the esoteric, dark arts of software exploitation. It truly is liberating to see with JOP and low-level exploitation, how we are limited only by our imagination, to rise up and do things we may have never dreamed possible.

avatar for Dr. Bramwell Brizendine

Dr. Bramwell Brizendine

Dr. Bramwell Brizendine is an Assistant Professor of Computer & Cyber Sciences at Dakota State University. He is the Director of the Vulnerability and Offensive for Offensive and Novel Attacks (VERONA) Lab at DSU. Dr. Brizendine is a subject matter expert in software exploitation... Read More →
avatar for Austin Babcock

Austin Babcock

Austin Babcock is pursuing his Master's of Computer Science at Dakota State University. He specializes in software exploitation, enjoys hunting for vulnerabilities, and has begun to find some success with bug bounties. He has become skilled at utilizing JOP in exploits. Austin has... Read More →
avatar for Dr. Josh Stroschein

Dr. Josh Stroschein

Dr. Josh Stroschein is a subject matter expert in malware analysis, reverse engineering and software exploitation. He is the Director of Training for OISF, where he leads all training activity for the foundation and is also responsible for academic outreach and developing research... Read More →

Friday September 25, 2020 10:00am - 10:50am MDT
Track 2