Advanced Software Protection - Attacks and Defense
for Security Researchers and Developers
In-Person 4 Days Training ★ February 2024
FEB 20-23 // DETAILED SCHEDULE READY
In an increasingly interconnected digital world, the need for robust software protection mechanisms is paramount. Advanced Software Protection - Attacks and Defense is a comprehensive 4-day course that delves into the intricate realm of software security. Designed to empower students with advanced knowledge and techniques, this course offers a holistic approach to safeguarding software assets.
Over four intensive days, attendees will embark on a journey through the software protection landscape. Beginning with a deep dive into obfuscation, cryptography, and analysis fundamentals, participants will then explore advanced topics such as Mixed Boolean-Arithmetic (MBA), virtualization-based protection, and the synergy between cryptography and obfuscation. The course also covers the intriguing world of white-box cryptography and emerging trends in software security.
Led by an expert instructor, this course caters to a diverse audience of professionals, including developers and security engineers responsible for safeguarding valuable software assets, red team members seeking to enhance their implant-building and protection skills, reverse engineers faced with the formidable challenge of analyzing heavily protected targets, and enthusiastic security researchers eager to expand their horizons in this intellectually stimulating field. Regardless of your background or goals, this course equips you with the tools and knowledge necessary to defend against evolving threats and secure software components, preserving commercial value and intellectual property. Join us for a transformative learning experience and contribute to advancing software security in a dynamic digital landscape.
Key Learning Objectives
- Develop the skills needed to protect software components and preserve commercial value and intellectual property.
- Understand the fundamentals of software protection, including obfuscation, cryptography, and analysis techniques.
- Explore advanced obfuscation methods, including Mixed Boolean-Arithmetic (MBA) and virtualization-based protection.
- Strengthen cryptographic implementations through obfuscation and delve into white-box cryptography design, development, and attacks.
- Enhance capabilities for reverse engineering highly protected targets and bypassing detection engines.
- Equip professionals to safeguard software assets effectively, from developers to security researchers.
- Developers and security engineers that need to protect sensitive software components against abuse to preserve commercial value and intellectual property.
- Red team members who want to build, protect, and diversify their implants to bypass detection engines and thwart defense analysis efforts.
- Reverse engineers dealing with highly protected (obfuscated) targets in malware analysis or application security assessments.
- Enthusiastic security researchers that enjoy an intellectually stimulating challenge, exploring a vast field beyond their comfort zone.
Introduction, context, and motivation
- Software protection landscape
- Secure design and architecture
- Code obfuscation and code deobfuscation
- Data flow based obfuscation
- Control flow based obfuscation
- Cryptography and cryptanalysis
- Myths and realities of practical cryptography
- SMT-based analysis
- Symbolic execution
- Program synthesis
- Matrices and vectors
- Invertible mappings
Mixed Boolean-Arithmetic (MBA)
- Introduction and motivation
- Polynomial MBA expressions
- Linear MBA expressions
Obfuscation with MBA
- Rewriting rules
- Insertion of identities
- Opaque constants
Virtualization (VM) based software protection
- Anatomy of an in-process VM
- Implementation specifics
- Hardening techniques
Analysis of virtualization obfuscators
- Identifying the VM bytecode and architecture
- Recovering handler semantics
- Reconstructing control flow
Hardening cryptography with obfuscation
- Mixing operators in obfuscation vs. cryptography
- Conceal recognizable algorithms and computations
- Conceal known constants
- Introduction and motivation
- Design and development
- Analysis and attacks
Misc. and future
- Perfect vs. provably secure obfuscation
- Homomorphic encryption
- Post-quantum cryptography
- Understanding of basic programming concepts
- Familiarity with x86/ARM assembly, C and Python
- Knowledge of reverse engineering fundamentals
- A working computer capable of running virtual machines
- 40 GB free hard disk space
- Virtualization software
Arnau Gàmez i Montolio
Hacker, security researcher and mathematician with a strong bias towards software security and reverse engineering. Specialized in software protection research and development (obfuscation, cryptography, mixed boolean-arithmetic algebra, inverse mappings, etc.) from a dual attack-and-defense perspective, both in academia and industry. Experienced malware analyst in the antivirus sector and security engineer in the gaming industry. Founder of Fura Labs, a boutique security firm focused on software protection research and education. Speaker and trainer at several international security conferences.