1000047518.png

6IT Hare

On Soft.ware

Category
Category
Book: D&D of MOGs

card icon 2.svg

On.System Architecture

card icon 1.svg

On.Programming

c-plus (1).svg

On.Hardware

card icon 21.svg

On.Security

shield (1).svg

On.Development

card icon 17.svg

Other

card icon 15.svg

IT Hare School

card icon 16.svg

Much Ado About Hare

card icon 22.svg

Join our mailing list:

[email protected] sms.svg

On.Security

Developing secure software is a challenge. Writing really secure software is a real challenge.
Here are the articles which touch different security aspects of software, from “what cipher suites are not to be used with TLS”, to certain more or less novel things under ‘Security Research’ subcategory

Bot Fighting 201: Declarative Data+Code Obfuscation with Build-Time Polymorphism in C++

December 26, 2017 by “No Bugs” Bunny

Obfuscation: What You See Is NOT What You Get

Quote:

Technically, what we’re looking for here, is any kind of bijection; we’ll use this bijection to convert our data from one representation into another one (and as it is a bijection, we can revert it later).

Another Quote:

As we’re not writing our obf<> classes manually (instead, we have a code generator doing it for us on each build), the sky is the limit to the obfuscations we can generate."<> classes manually (instead, we have a code generator doing it for us on each build), the sky is the limit to the obfuscations we can generate.

Filed under: On.SecurityFraud PreventionBook: D&D of MOGs1st beta of Vol. VII-IX

Tagged With: C/C++Clientmultiplayerbot fightingcrazy stuff
Read more

Bot Fighting 103. Code Integrity Checks, Code Scrambling

December 12, 2017 by “No Bugs” Bunny

You're under arrest for asking the right question at the wrong time

Quote:

Bingo! We’ve got an executable, which automagically performs TONS of integrity checks, which checks are spread all over the executable, and are extremely non-obvious too.

Another Quote:

This approach of 'not revealing code until attack costs are high' is certainly not limited to payments.

Filed under: On.SecurityFraud PreventionBook: D&D of MOGs1st beta of Vol. VII-IX

Tagged With: C/C++Clientmultiplayerbot fighting
Read more

Bot Fighting 102: System-Specific Kinda-Protection. Anti-Debugger, Anti-DLL-Injection, VM Detection.

December 5, 2017 by “No Bugs” Bunny

Wizard of OS

Quote:

it is fundamentally impossible to prevent (or detect) debugging, at least as long we’re staying on one single box.

Another Quote:

DON’T spend more than 10% of your overall anti-bot-fighting time budget on system-specific protections.

Filed under: On.SecurityFraud PreventionBook: D&D of MOGs1st beta of Vol. VII-IX

Tagged With: ClientmultiplayerC/C++bot fighting
Read more

Bot Fighting 101: Don’t Feed the Hacker

November 28, 2017 by “No Bugs” Bunny

Don't Feed the Hacker

Quote:

Some of the system calls are not absolutely necessary, and using them will significantly simplify life of the attacker

Another Quote:

Scrambling will help to protect your protocol even if the attacker manages to F.L.I.R.T. with your TLS library

Filed under: On.SecurityFraud PreventionBook: D&D of MOGs1st beta of Vol. VII-IX

Tagged With: ClientC/C++multiplayerbot fighting
Read more
prev12345...9next

Six Impossible Things Before Breakfast Ltd. © 2026. All rights reserved.