Black Hat USA 2025 | Watching the Watchers: Exploring and Testing Defenses of Anti-Cheat Systems

Anti-cheat is a gold mine of interesting, novel defenses—battle-hardened from years of attrition in a defender's worst nightmare. It's time we start digging. This talk will present new work on video game anti-cheats; highlighting how they are among the most widely deployed and resilient software defenses in the industry. We will outline the key difficulties in analyzing anti-cheats and then dissect some key behaviors to explain how such systems protect game software in hostile environments. We investigate past scenarios where anti-cheats have pioneered novel defense measures against cheating techniques, which later became relevant when deployed by serious threat actors. These cheating methods, used by groups such as Scattered Spider, Earth Longzhi, and Lazarus, in APT and ransomware attacks, are commonly handled by anti-cheat systems. If some victims had been playing Fortnite at the time of intrusion - it would have stopped real attacks. We show how the strength of these defense methods can be tested, running grey box tests to 'prod the bear' and measure reactions. Using this data, we rank solutions based on technical strength. We unveil a flourishing underground ecosystem generating millions in sales each year, where the driving factor of prices seems to be directly influenced by the strength of the anti-cheat. By scraping cheat marketplaces, we also show the real effect of strong defences on attacker downtime. Come join our talk to learn about state-of-the-art defense & resilience techniques, as deployed in games such as Fortnite, CS2, Valorant, and more. By: Marius Muench | Assistant Professor, University of Birmingham, UK Sam Collins | PhD Researcher, University of Birmingham, UK Tom Chothia | Professor, University of Birmingham Presentation Materials Available at: https://ift.tt/nmZ28Dd

source https://www.youtube.com/watch?v=lAW2mAl96KI