ROP is DEAD! Kernel Driver Binary Exploitation
Рет қаралды 20,418
Күн бұрынj-h.io/vpro || The Intel vPro® platform helps mitigate low-level exploitation! See how the Intel vPro® platform helps you build your business and can improve your security posture: j-h.io/vpro @intelbusiness #ad #IntelInfluencer #IntelvPro
This video is sponsored by Intel.
00:00 Return Oriented Programming
02:01 What is a stack based buffer overflow?
03:15 Starting the showcase
07:26 Modern Operating System Issues
09:48 Windows 11 Showcase
11:37 Intel vPro Changes the game!
14:19 Is ROP Dead?
15:04 Final Thoughts
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ j-h.io/patreon ↔ j-h.io/paypal ↔ j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🖥️ Zero-Point Security ➡ Certified Red Team Operator j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# j-h.io/c2dev
🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering j-h.io/zero2auto
⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training j-h.io/escalate
👨🏻💻7aSecurity ➡ Hacking Courses & Pentesting j-h.io/7asecurity
📗Humble Bundle ➡ j-h.io/humblebundle
🐶Snyk ➡ j-h.io/snyk
🤹♀️SkillShare ➡ j-h.io/skillshare
🌎Follow me! ➡ j-h.io/discord ↔ j-h.io/twitter ↔ j-h.io/linkedin ↔ j-h.io/instagram ↔ j-h.io/tiktok
📧Contact me! (I may be very slow to respond or completely unable to)
🤝Sponsorship Inquiries ➡ j-h.io/sponsorship
🚩 CTF Hosting Requests ➡ j-h.io/ctf
🎤 Speaking Requests ➡ j-h.io/speaking
💥 Malware Submission ➡ j-h.io/malware
❓ Everything Else ➡ j-h.io/etc
@RealCyberCrime Жыл бұрын
RIP ROP. That kinda has a nice ring to it
@killerskincanoe Жыл бұрын
I said this out loud the second I read the title
@ConnorFieldOSRS Жыл бұрын
This one feels so much more natural than the 1st vPro video. Keep up the amazing work John!
@charlesmarseille123 Жыл бұрын
yes, great job indeed! Although, personnally, I think you started to "shout" a bit more than before, compared to your ctf and koth videos. You and your content are interesting, no need for extra emphasis :) Thanks a lot for all you do!
@charlesmarseille123 Жыл бұрын
thinking back about this, I guess you must do what you must considering the sponsor, and you must put bread on that table. Keep it up, gold content.
@somename8159 Жыл бұрын
Nice video!!! I would love to see more videos about binary explotation (or other more advanced topics) in the future.
@lav-m4a138 Жыл бұрын
The most convincing promotion the world ever seen! Cool vid, John!
@James-ln2dd Жыл бұрын
John, great video. Your communication skills were on point and the video was well organized, interesting, and informative. Props to Intel. This really is a game changer. I’m sure a lot of red teamers will be sad, but in the end, it’s all about defense. This is great. Thanks again for the video!
@dark_sunset Жыл бұрын
im brand new to programming although ive wanted to learn for many years, and i barely understand any of this but it's fun to watch anyway. thanks john!
@pippolab2275 Жыл бұрын
Just a quick note that Apple has that mitigation (PAC) since 4/5 years at least, but they're still pwning it (also if it's one of the most difficult target)
@atomicatalyst Жыл бұрын
How does this stand in terms of overhead? Are program execution times considerably slower?
@Foiliagegaming Жыл бұрын
I am to far behind for this video. Still find it interesting though. Looking forward to learning more to get to this point.
@Foiliagegaming Жыл бұрын
It would be interesting to see if AMD or any other ARM CPUs are able to have something similar. Is there a way to look into the part that is actually blocking the ROP?
@TheGoodChap 6 ай бұрын
I remeber like 7 years ago i finally found out that the million buffer overflow explanations all over the internet dont explain DEP so i found out about ROP and sucessfully wrote a ROP exploit for a program i actually used regularly. Was very proud of that
@mb00001 Жыл бұрын
I have been wondering lately whether or not we will always be able to come up with automatic mitigations, and tbh unless we can get true ai that actually understands what is happening to the system and whether or not said actions are legit then i honestly think hackers will eventually win essentially it boils down to the fact that are so many more ways to misuse a system
@DarkFaken Жыл бұрын
Love your work John ❤️
@BillyHudson1 Жыл бұрын
Wow. That is quite something. Nice job from Intel.
@AbacateSexy 10 ай бұрын
John, could you provide the final script for the windows 7 BOF exploit? Cheers, great video
@Tylerkennyy Жыл бұрын
you got a big ol' brain John. Great stuff.
@_AN203 Жыл бұрын
0:57 Aka change the exec flow...
@danielsonuk7171 Жыл бұрын
I don't comment. but John you do so well. I will comment here & now/ well done
@hackvlix Жыл бұрын
Ok, and next a video that explains how CET actually works? 🤗
@luketurner314 Жыл бұрын
12:08 If CET prevents modifications to the stack by comparing it to the shadow stack, how would it tell the difference if the program itself is trying to make those modifications? would CET prevent the program itself from modifying its own stack? or would it identify that the instruction came from the program's own set of instructions/code space? if so, how would it tell that the program initiated the instruction and not ROP (ROP using the program's own instructions to modify its own stack)? or if the program was coerced in some other way? My point is, how can Intel infer what the programmer intended without telepathy?! Parse the code maybe, but that assumes the programmer is competent. Maybe they are, maybe they're not. It's not guaranteed. It also assumes the programmer is not malicious. I suspect the answers to these questions is the magic sauce that makes it work and they don't want threat actors to know. As was stated in the video, "security is a cat and mouse game" (0:59).
@nordgaren2358 Жыл бұрын
Most programs don't modify the return pointer, which is what I imagine the shadow stack would be comparing. I have seen some programs use a modified return pointer, but I don't think it uses the dame return pointer that's on the stack. Would be interesting though. I know elden ring and dark souls 3 use this kind of obfuscation. I'm sure they still run fine on this, though?
@nordgaren2358 Жыл бұрын
I would also take into consideration that the shadow stack knows what's already on the stack, and can detect that a buffer was overflown after a call is executed, since stuff on the stack would be changed, when it shouldn't have (I.E. a call to memcpy to copy over some data to a buffer, and after that return, the stack for the current frame, has changed.
@farzadmf Жыл бұрын
I think it would be nice in general to also talk about Apple M chips, which people say that's the best thing that's happened to humankind! I'm super curious to know if, security wise, it lives up to the hype
@RealILOVEPIE Жыл бұрын
lol no, it doesn't.
@antoineleduc7611 Жыл бұрын
@@RealILOVEPIE Can you elaborate ?
@user-kn8tp7jo3c Ай бұрын
hey john is it still worth the time learning ROP today? I really wanted to learn it but if it is not relevant anymore i will not learn it. how widespread are these intel systems?
@yurilsaps Жыл бұрын
Really loved, but is hard to understand
@erin1569 Жыл бұрын
Seeing intel sponsoring the videos is weird and stinks When it comes down to corporations, I think I'll pick the old poison I'm familiar with over the one trying a new trick to look nice
@_CryptoCat Жыл бұрын
let's goooo 💜
@MADhatter_AIM Жыл бұрын
Does that mean that servers running the AMD "Threadripper" or "Epyc"-architecture, are still vulnerable for ROP instructions ?
@sablanex Жыл бұрын
Probably unless they have something similar
@skullandpwnz6053 Жыл бұрын
This Intel video makes me want to buy intel , I watched 100s of Linus videos spewing intel ads and never wanted to but it. You got me sold.
@xscorp382 Жыл бұрын
Every new feature brings in new flaws. Soon, You will hear researchers finding out ways to push modified return address in the shadow stack. Not sure tho
@squid13579 Жыл бұрын
Vpro currently conquering.. rop 🥀⚰️
@troopsleader4066 Жыл бұрын
plzz make a video on reverse shell using pdf
@follower 6 ай бұрын
ROP will never be dead.
@gregoryjones9829 Жыл бұрын
Bebopping around
@suchtberater Жыл бұрын
bro youtube vanced just died ffs
@rationalbushcraft Жыл бұрын
I have mixed feelings about this. Yes it is great for security. Makes pen testing harder.
@infidon9229 Жыл бұрын
bruh...
@aidancollins1591 Жыл бұрын
Lol, that's like a weapons maker having mixed feelings about wars ending.
@maze2512 Жыл бұрын
Not applicable for pen testing. This more for exploit dev. Plus there are CET bypass using COOP on c++. Overall your goal as a ethical hacker (offesive/red team) is to work your self out of a job.
@aidancollins1591 Жыл бұрын
@@maze2512 Precisely, and unless we achieve the singularity in AI (I'm skeptical that it is possible) or the nuclear apocalypse happens, our job will not be gone. It will get more complicated and specialized, but hackers will always exist.
@pseudounknow5559 Жыл бұрын
RIP ROP but nevetheless I nerver understood it it's too hard xD
@KeithMakank3 Жыл бұрын
We all know its pronounced IO"Cottle" not IOCTL
@hackvlix Жыл бұрын
Boo! No!
@_neovek Жыл бұрын
Your videos are becoming too much advanced... Please post more of the easier tips and techniques
@Nunya58294 11 ай бұрын
Damn it... And I just started learning how to ROP....
@yatra2heart Жыл бұрын
Is there any coupon available for tryhackme annual subscription