Return-Oriented Programming (ROP)
GPTKB entity
Statements (49)
| Predicate | Object |
|---|---|
| gptkbp:instance_of |
gptkb:vulnerability
|
| gptkbp:allows |
code execution
|
| gptkbp:can_be_used_in |
web application attacks
|
| gptkbp:can_lead_to |
arbitrary code execution
|
| https://www.w3.org/2000/01/rdf-schema#label |
Return-Oriented Programming (ROP)
|
| gptkbp:introduced_in |
gptkb:2007
|
| gptkbp:involves |
chaining together short sequences of instructions
|
| gptkbp:is_a_technique_that_relies_on |
the presence of useful gadgets
|
| gptkbp:is_considered_as |
advanced exploitation technique
|
| gptkbp:is_effective_against |
non-executable stack protections
|
| gptkbp:is_implemented_in |
various programming languages
|
| gptkbp:is_often_accompanied_by |
other exploitation techniques
|
| gptkbp:is_often_discussed_in |
gptkb:academic_research
|
| gptkbp:is_often_used_in |
malware development
shellcode |
| gptkbp:is_related_to |
Return-to-libc attacks
stack smashing |
| gptkbp:is_used_to |
execute malicious payloads
|
| gptkbp:is_used_to_bypass |
security mechanisms
|
| gptkbp:is_vulnerable_to |
buffer overflow vulnerabilities
|
| gptkbp:prevention |
address space layout randomization (ASLR)
|
| gptkbp:requires |
gptkb:Widgets
|
| gptkbp:technique |
be used in penetration testing
be used to bypass user-mode protections be used to create complex exploits be used to escalate privileges be used to execute arbitrary commands be used to execute code in kernel mode be used to exploit Io T devices be used to exploit client-side applications be used to exploit embedded systems be used to exploit mobile applications be used to exploit network protocols be used to exploit operating systems. be used to exploit vulnerabilities in software be used to exploit web servers be used to manipulate program execution flow be used to perform remote code execution bypassing security controls compromise system integrity evade detection by security software exploit software vulnerabilities uses existing code in memory |
| gptkbp:type_of |
control flow hijacking
|
| gptkbp:used_in |
computer security
|
| gptkbp:variant |
code reuse attack
|
| gptkbp:was_a_response_to |
data execution prevention (DEP)
|
| gptkbp:bfsParent |
gptkb:Intel_Control-Flow_Enforcement_Technology
|
| gptkbp:bfsLayer |
6
|