Process Injection Attacks w ROP
Bramwell Brizendine, Shiva Shashank Kusuma
DEF CON 32 Main Stage · Day 1 · Main Stage
This talk, "Process Injection Attacks w ROP," presented by Dr. Bramwell Brizendine and Shiva Shashank Kusuma at DEF CON 32, delves into advanced techniques for **process injection** on Windows systems using **Return-Oriented Programming (ROP)**. The speakers introduce a novel approach to **shell codeless ROP**, where the functionality traditionally provided by custom shellcode is entirely replicated through carefully constructed ROP chains, circumventing the need to introduce new executable code. This methodology offers a sophisticated bypass for **Data Execution Prevention (DEP)**, a fundamental security mechanism.
AI review
This talk presents a truly groundbreaking advancement in Return-Oriented Programming, demonstrating how to achieve complex process injection on Windows entirely without traditional shellcode. Dr. Brizendine and his team have developed a systematic methodology for chaining "vastly more" Windows and native APIs using ROP, even reconstructing high-level functions like EnumerateProcesses from low-level primitives. This is not just a DEP bypass; it's a blueprint for stealthier, more resilient advanced persistent threats, demanding a significant re-evaluation of defensive strategies.