Hey there! For sectalks I put together a little workshop on the Return-Oriented-Exploitation technique.
With modern exploit mitigation techniques such as NX, utilizing a buffer overflow vulnerability to gain code execution in shellcode is becoming more and more difficult. Return-orientated-programming (ROP) is an exploit technique used to bypass such mitigations to perform arbitrary code execution. Join us as we cover the ROP technique and variations in detail, and go through some exercises in this workshop.
Included are the CTF challenges and the source code associated with them. In there is the docker files for each, so just docker compose
run them and enjoy! Although some tinkering with a base linux image with socat is required - but i'll leave that as an exercise to the reader ;)
Enjoy!