Like magicians, hackers do not reveal their tricks – but we will
Published on May 8, 2017 by Sebastian Holst
According to NIST’s National Vulnerability Database, six vulnerability categories have grown from 68% to over 84% of the total number of reported vulnerabilities in just the past four years.
What these categories have in common are the tools hackers rely upon to probe, discover, and exploit these increasingly mainstream vulnerabilities. Specifically, hackers begin with application debuggers and reverse engineering tools to pick apart and modify applications. These “programmatic hacks” have led to many of today’s most devastating application and data exploits.
Stop a Hacker in Their Tracks
Anti-debugger controls can, when combined with code obfuscation (reverse engineering prevention), tamper defense, and other runtime checks, materially reduce application and data risk by impeding (if not outright preventing) the research typically required to identify and exploit application vulnerabilities.
Anti-debugger controls: a near-universal application risk management requirement
In each of the programmatic CVE categories listed above, a hacker likely began their attack by using some flavor of debugger to explore and manipulate a running instance of an application to bypass security, execute unauthorized code, elevate privileges, etc.
Effective anti-debugger controls mitigate these risks while minimizing potential development, quality, compliance, and/or performance side effects.
- Debugger detection: Debuggers come in a variety of flavors and packaging. An effective control will detect both managed and native debuggers.
- Debugger defense: Once an unauthorized debugger has been detected, a variety of pre-packaged real-time measures as well as application and runtime-specific tactics must be readily available for the developer to choose from. These can include throwing random exceptions, exiting the program, “bricking” the application permanently, generating custom log entries, etc.
- Debugger notifications: In addition to real-time defense and mitigation, it is valuable to emit an alert or notification that can initiate an operational response including isolating the device or even the local network running the compromised application.
- Implementation: Real-time counter measures and runtime reporting represent a new category of application behavior that must be specified, documented, and tested. Minimizing the amount and complexity of this incremental effort will often be the determining factor as to how consistently and effectively these controls are applied.
- Quality and support: The mission-critical nature of these controls mandate the highest levels of quality, transparency, and support to ensure that the controls do not create more risk than they mitigate.
Dotfuscator for .NET and DashO for Java and Android
PreEmptive Solutions Dotfuscator for .NET and DashO for Java and Android have been developed and continuously improved over the past 15 years to meet these requirements – on desktop, mobile, server, and cloud.
|Platforms (selected)||Real-time defense||Alerts & reporting||Injection (no coding required)||Continuous deployment|
|Dotfuscator||.NET, UWP, Xamarin, etc.||Yes||Yes||Yes||Yes – Visual Studio, VSTS|
For organizations developing applications worth protecting, visit Harden your .NET Applications with Dotfuscator’s Anti-Debug Protections and PreEmptive Solutions’ Application “Bricking” Gives App Security a Nuclear Option