Advanced Software Protection - Attacks and Defense

For Security Researchers and Developers

Instructor

Arnau Gàmez i Montolio

Availability

Public offerings

Looking for public offerings? Get notified.


Private training

  • Location: In-person / Remote
    Length: 4 days (flexible)
  • Schedule it

Abstract

In an increasingly interconnected digital world, the need for robust software protection mechanisms is paramount. Advanced Software Protection - Attacks and Defense is a comprehensive 4-day course that delves into the intricate realm of software security. Designed to empower students with advanced knowledge and techniques, this course offers a holistic approach to safeguarding software assets.

Over four intensive days, attendees will embark on a journey through the software protection landscape. Beginning with a deep dive into obfuscation, cryptography, and analysis fundamentals, participants will then explore advanced topics such as Mixed Boolean-Arithmetic (MBA), virtualization-based protection, and the synergy between cryptography and obfuscation. The course also covers the intriguing world of white-box cryptography and emerging trends in software security.

Led by an expert instructor, this course caters to a diverse audience of professionals, including developers and security engineers responsible for safeguarding valuable software assets, red team members seeking to enhance their implant-building and protection skills, reverse engineers faced with the formidable challenge of analyzing heavily protected targets, and enthusiastic security researchers eager to expand their horizons in this intellectually stimulating field. Regardless of your background or goals, this course equips you with the tools and knowledge necessary to defend against evolving threats and secure software components, preserving commercial value and intellectual property. Join us for a transformative learning experience and contribute to advancing software security in a dynamic digital landscape.

Key learning objectives

  • Develop the skills needed to protect software components and preserve commercial value and intellectual property
  • Understand the fundamentals of software protection, including obfuscation, cryptography, and analysis techniques
  • Explore advanced obfuscation methods, including Mixed Boolean-Arithmetic (MBA) and virtualization-based protection
  • Strengthen cryptographic implementations through obfuscation and delve into white-box cryptography design, development, and attacks
  • Enhance capabilities for reverse engineering highly protected targets and bypassing detection engines
  • Equip professionals to safeguard software assets effectively, from developers to security researchers

Contents

  • Module 1
  • Introduction, context, and motivation
    • Software protection landscape
    • Secure design and architecture

    Obfuscation 101
    • Code obfuscation and code deobfuscation
    • Data flow based obfuscation
    • Control flow based obfuscation

    Cryptography 101
    • Cryptography and cryptanalysis
    • Myths and realities of practical cryptography

    Analysis 101
    • SMT-based analysis
    • Symbolic execution
    • Program synthesis

  • Module 2
  • Math refresher
    • Matrices and vectors
    • Polynomials
    • Linearity
    • Invertible mappings

    Mixed Boolean-Arithmetic (MBA)
    • Introduction and motivation
    • Polynomial MBA expressions
    • Linear MBA expressions

    Obfuscation with MBA
    • Rewriting rules
    • Insertion of identities
    • Opaque constants

  • Module 3
  • Virtualization (VM) based software protection
    • Anatomy of an in-process VM
    • Implementation specifics
    • Hardening techniques

    Analysis of virtualization obfuscators
    • Identifying the VM bytecode and architecture
    • Recovering handler semantics
    • Reconstructing control flow
    • Automation

  • Module 4
  • Hardening cryptography with obfuscation
    • Mixing operators in obfuscation vs. cryptography
    • Conceal recognizable algorithms and computations
    • Conceal known constants

    White-box cryptography
    • Introduction and motivation
    • Design and development
    • Analysis and attacks

    Misc. and future
    • Perfect vs. provably secure obfuscation
    • Homomorphic encryption
    • Post-quantum cryptography

Who should attend

  • Developers and security engineers that need to protect sensitive software components against abuse to preserve commercial value and intellectual property
  • Red team members who want to build, protect, and diversify their implants to bypass detection engines and thwart defense analysis efforts
  • Reverse engineers dealing with highly protected (obfuscated) targets in malware analysis or application security assessments
  • Enthusiastic security researchers that enjoy an intellectually stimulating challenge, exploring a vast field beyond their comfort zone

Prerequisites

  • Understanding of basic programming concepts
  • Familiarity with x86/ARM assembly, C and Python
  • Knowledge of reverse engineering fundamentals

System requirements

  • A working computer capable of running virtual machines
  • 40 GB free hard disk space

Provided to students

  • Access to a VM with all tools, examples and exercises
  • Access to a private chat with instructor and other students

Testimonials

  • "Overall a superb experience and I highly recommend you attend one of his trainings!"

  • "The trainer not only fits his domain but also is a superb teacher with slides, materials and exercises of outstanding quality."

  • "Arnau is a very friendly and knowledgeable person and does an excellent job at articulating difficult topics in a much simpler way."

  • "The instructor is one of the few experts in this area of research. Thus, his insights are invaluable."

  • "I really enjoyed the training. Arnau was wonderful and very helpful."