This workshop’s goal is to give trainees an understanding of the exploitation technique known as Return Oriented Programming, or ROP, through both explanations and gradually complex exercises. The labs will be performed on Linux and binaries will be 32 bits. After a brief recap on buffer overflows the workshop goes on to explain protection built-into the compiler and the OS (canaries, NX, …). Introduction to ROP is done by starting with ret2libc exploitation which is a specialization of the ROP technique. ROP concepts such as gadgets, ROP chains, primitives are detailed. Tools such as ropgadget and rp++ are presented and a detailed ROP chain is then studied. The workshop then continues with a live example before entering the lab part. Example of lab manual (this one was given in a university) can be found in annex but subject to change in order to match timeframe.