Anti-cheat is a gold mine of interesting, novel defences-battle-hardened from years of attrition in a defender's worst nightmare. It's time we start digging [BlackHat 2025]

Anti-cheat is a gold mine of interesting, novel defences-battle-hardened from years of attrition in a defender’s worst nightmare. It’s time we start digging.

This talk highlights how they are among the most widely deployed and resilient software defenses in the industry. We will outline the key difficulties in analyzing anti-cheats and then dissect some key behaviors to explain how such systems protect game software in hostile environments.

We investigate past scenarios where anti-cheats have pioneered novel defense measures against cheating techniques, which later became relevant when deployed by serious threat actors. These cheating methods, used by groups such as Scattered Spider, Earth Longzhi, and Lazarus, in APT and ransomware attacks, are commonly handled by anti-cheat systems. If some victims had been playing Fortnite at the time of intrusion - it would have stopped real attacks.

We show how the strength of these defense methods can be tested, running grey box tests to ‘prod the bear’ and measure reactions. Using this data, we rank solutions based on technical strength.

We unveil a flourishing underground ecosystem generating millions in sales each year, where the driving factor of prices seems to be directly influenced by the strength of the anti-cheat. By scraping cheat marketplaces, we also show the real effect of strong defences on attacker downtime.