Watching the Watchers: Exploring and Testing Defenses of Anti-Cheat Systems
Anti-cheat is a gold mine of interesting, novel defenses—battle-hardened from years of attrition in a defender's worst nightmare. It's time we start digging.
This talk will present new work on video game anti-cheats; highlighting how they are among the most widely deployed and resilient software defenses in the industry. We will outline the key difficulties in analyzing anti-cheats and then dissect some key behaviors to explain how such systems protect game software in hostile environments.
We investigate past scenarios where anti-cheats have pioneered novel defense measures against cheating techniques, which later became relevant when deployed by serious threat actors. These cheating methods, used by groups such as Scattered Spider, Earth Longzhi, and Lazarus, in APT and ransomware attacks, are commonly handled by anti-cheat systems. If some victims had been playing Fortnite at the time of intrusion - it would have stopped real attacks.
We show how the strength of these defense methods can be tested, running grey box tests to 'prod the bear' and measure reactions. Using this data, we rank solutions based on technical strength.
We unveil a flourishing underground ecosystem generating millions in sales each year, where the driving factor of prices seems to be directly influenced by the strength of the anti-cheat. By scraping cheat marketplaces, we also show the real effect of strong defences on attacker downtime.
Come join our talk to learn about state-of-the-art defense & resilience techniques, as deployed in games such as Fortnite, CS2, Valorant, and more.
Speakers
Marius Muench
Assistant Professor, University of Birmingham, UK
Dr. Marius Muench is an assistant professor at the University of Birmingham. His research interests cover (in-)security of embedded systems, binary & microarchitectural exploitation, and defenses. He obtained his PhD from Sorbonne University in cooperation with EURECOM and worked as a postdoctoral researcher at the Vrije Universiteit Amsterdam. He developed and maintains avatar2, a framework for analyzing embedded systems firmware, and FirmWire, an emulation and fuzzing platform for cellular basebands. Throughout his career, Marius publicly shared his findings and presented at venues such as Black Hat, Reverse.io, REcon, and Hardwear.io.
Tom Chothia
Professor, University of Birmingham
Tom Chothia is a Professor of Cyber Security at the University of Birmingham, UK. His research involves the development of new mathematical analysis techniques and the application of these techniques to real world cyber security problems. His past work on the security of EMV, ApplePay, banking apps, pacemakers and video game cheats have all received widespread media coverage.
Sam Collins
PhD Researcher, University of Birmingham, UK
Sam Collins is a PhD research student studying at the University of Birmingham, UK with an interest in attacks and defences in the Man-At-The-End-Scenario found in anti-cheat systems. He also works in teaching reverse engineering and binary analysis via game hacking. As part of this, he developed an impossible to beat multiplayer video game for undergraduate students to hack as coursework. During his research, he has been banned from every competitive shooter title and will happily offer this as a service for anyone who plays too much Fortnite and would like to stop.
