BROP attacks shown by Bittau et al. have defeated address space layout randomization (ASLR) and stack canaries on 64-bit systems.
Security researchers then conceived a new attack which they named return-oriented programming to defeat NX (non-executable) memory.
With a large enough target binary, a Turing-complete collection of gadgets can be constructed, which is more than enough to get a shellcode executed.
One assumption which ROP makes is that the attacker possesses the target binaries and hence knows the addresses of the gadgets beforehand.
The objective in this phase is to initiate a write system call, sending a dump of the binary to the attacker.
Once the writing is found in the PLT, the attacker can dump the contents of the target binary to find more gadgets.
The attacker can use conventional ROP gadget search techniques to gather enough and create a shellcode.
It is also another attack that's based on information disclosure, which is able to also defeat address space layout randomization.
Both BROP and JIT-ROP will attempt to locate gadgets on the binary in order to initiate a ROP attack, where the goal is to exploit some type of data leak.