0PricingLogin
Cyber Security Academy · Lesson

Return-Oriented Programming (ROP)

Chain ROP gadgets to bypass NX/DEP and build shellcode-free exploits.

Why ROP Exists

With NX/DEP, injected shellcode cannot execute. Return-Oriented Programming (ROP) bypasses this by chaining small existing code sequences (gadgets) that end with ret instructions. No new code is injected — only the stack and existing code are used.

What is a ROP Gadget?

A gadget is a short sequence of instructions ending in ret, found in the binary or loaded libraries. Examples: pop rdi; ret, pop rsi; ret, mov eax, 0; ret. Gadgets are the building blocks of ROP chains.

All lessons in this course

  1. Stack Buffer Overflows
  2. Return-Oriented Programming (ROP)
  3. Format String Vulnerabilities
  4. Heap Exploitation: Use-After-Free and Heap Spraying
← Back to Cyber Security Academy