Shellcode is often used as a means to achieve arbitrary execution. In Windows, this involves the use of WinAPI functions or Windows sycalls. Historically, an end goal of much of exploitation has been to bypass Data Execution Prevention (DEP) and to prepare the process memory of a binary to such a state that shellcode could be executed. Jump-Oriented Programming (JOP) is a seldom studied form of advanced code-reuse attacks, very different from return-oriented programming (ROP). JOP identifies snippets of code ending in an indirect jump or indirect call (gadgets), and these are chained together to construct exploits. In this paper, we propose and implement shellcodeless JOP attacks. This provides an alternative means of achieving identical functionality to what is done in shellcode, but without the need to bypass DEP. In this paper, we present the design and implementation of shellcodeless JOP, providing a new technique that red teams can use in exploits. In ideal circumstances, our shellcodeless JOP technique can allow for complex shellcode-like functionality to be achieved with ease or with only a relatively small amount of space required for the payload.
Join the newsletter to receive the latest updates in your inbox.
While syscalls and Windows have exploded in popularity, permitting offensive security tools to weaponize direct Windows syscalls to avoid EDR, they have virtually never been utilized in the context of shellcode, except for Egghunters, a specialized shellcode that uses only one syscall.
Read More
Abstract Cyber-attacks statistics and trends are worsening over time, and despite global efforts, there has been significant increase in cyber
Read More
Abstract This whitepaper discusses recent trends in the cybersecurity sector related to ransomware – both what it is, and how to
Read More