all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Defeating Windows DEP With A Custom ROP Chain

Add to bookmarks
June 12, 2023, 9 a.m. | Alex Zaviyalov

NCC Group Research Blog research.nccgroup.com

Overview This article explains how to write a custom ROP (Return Oriented Programming) chain to bypass Data Execution Prevention (DEP) on a Windows 10 system. DEP makes certain parts of memory (e.g., the stack) used by an application non-executable. This means that overwriting EIP with a “JMP ESP” (or similar) instruction and then freely executing […]

application article bypass data esp memory non parts prevention programming research return rop rop chain stack system vulnerability windows windows 10

Visit resource

More from research.nccgroup.com / NCC Group Research Blog

Sifting through the spines: identifying (potential) Cactus ransomware victims 1 week, 5 days ago | research.nccgroup.com
access blog cactus cactus ransomware +17
Public Report – Confidential Mode for Hyperdisk – DEK Protection Analysis 3 weeks, 3 days ago | research.nccgroup.com
analysis architecture confidential data +19
Non-Deterministic Nature of Prompt Injection 3 weeks, 3 days ago | research.nccgroup.com
attack easy explained exploiting +10
Technical Advisory – Ollama DNS Rebinding Attack (CVE-2024-28224) 4 weeks ago | research.nccgroup.com
access advisory api attack +24
Public Report – Google Privacy Sandbox Aggregation Service and Coordinator 1 month, 1 week ago | research.nccgroup.com
aggregation companies google google privacy sandbox +16
Android Malware Vultur Expands Its Wingspan 1 month, 1 week ago | research.nccgroup.com
android android banking malware android malware authors +18
LTair: The LTE Air Interface Tool 1 month, 3 weeks ago | research.nccgroup.com
air attacks blog blog post +14
The Development of a Telco Attack Testing Tool 1 month, 3 weeks ago | research.nccgroup.com
attack blog challenges development +13
Public Report – AWS Nitro System API & Security Claims Italian 2 months ago | research.nccgroup.com
amazon amazon web services api apis +21

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Offensive Security Engineering Technical Lead, Device Security

@ Google | Amsterdam, Netherlands
View on infosec-jobs.com

Senior Security Engineering Program Manager

@ Microsoft | Redmond, Washington, United States
View on infosec-jobs.com

Information System Security Analyst

@ Resource Management Concepts, Inc. | Dahlgren, Virginia, United States
View on infosec-jobs.com

Critical Facility Security Officer - Evening Shift

@ Allied Universal | Charlotte, NC, United States
View on infosec-jobs.com

Information System Security Officer, Junior

@ Resource Management Concepts, Inc. | Patuxent River, Maryland, United States
View on infosec-jobs.com

Security Engineer

@ JPMorgan Chase & Co. | Plano, TX, United States
View on infosec-jobs.com
View more jobs