Like Magicians, Hackers Do Not Reveal Their Tricks (But We Will)

According to NIST’s National Vulnerability Database, six vulnerability categories have grown from 68% to over 84% of reported vulnerabilities in the past four years.

These categories have in common the tools hackers rely upon to probe, discover, and exploit these increasingly mainstream vulnerabilities. Specifically, hackers begin with application debuggers and reverse engineering tools to pick apart and modify applications. These “programmatic hacks” have led to many of today’s most devastating application and data exploits.

Sources: NIST National Vulnerability Database, Common Vulnerabilities and Exposures (CVE)

Stop hackers in their tracks

Anti-debugger controls can, when combined with code obfuscation (reverse engineering prevention), tamper defense, and other runtime checks, materially reduce application and data risk by impeding (if not outright preventing) the research typically required to identify and exploit application vulnerabilities.

Anti-debugger controls: a near-universal application risk management requirement

In each programmatic CVE category listed above, a hacker likely began their attack by using some flavor of debugger to explore and manipulate a running instance of an application to bypass security, execute unauthorized code, elevate privileges, etc.

Effective anti-debugger controls mitigate these risks while minimizing potential development, quality, compliance, and/or performance side effects.

• Debugger detection: Debuggers come in a variety of flavors and packaging. An effective control will detect both managed and native debuggers.
• Debugger defense: Once an unauthorized debugger has been detected, the developer must be readily available with various pre-packaged real-time measures and application and runtime-specific tactics. These include throwing random exceptions, exiting the program, “bricking” the application permanently, generating custom log entries, etc.
• Debugger notifications: In addition to real-time defense and mitigation, it is valuable to emit an alert or notification that can initiate an operational response, including isolating the device or even the local network running the compromised application.
• Implementation: Real-time counter measures and runtime reporting represent a new category of application behavior that must be specified, documented, and tested. Minimizing the amount and complexity of this incremental effort will often determine how consistently and effectively these controls are applied.
• Quality and support: These controls’ mission-critical nature mandates the highest levels of quality, transparency, and support to ensure that they do not create more risk than they mitigate.

Dotfuscator for .NET and DashO for Java and Android

PreEmptive Solutions Dotfuscator for .NET and DashO for Java and Android have been developed and continuously improved over the past 15 years to meet these requirements on desktop, mobile, server, and cloud platforms.

For organizations developing applications worth protecting, visit Harden Your .NET Applications with Dotfuscator’s Anti-Debug Protections and PreEmptive Solutions’ Application “Bricking” Gives App Security a Nuclear Option.