UGAIN - UGent Academie voor Ingenieurs

`
  1. Home
  2. Opleidingen
  3. Software Hacking and Protection

Software Hacking and Protection

Micro-credential

September 2025 – December 2025

Since the start of the ICT-revolution, companies, organizations, private citizens, governments, and society at large have come to depend more and more on software. Today, software benefits many aspects of our private and public lives. At the same time, it is a key enabler of many business models.

Software can also be abused and weaponized in various ways, however, to disrupt private lives, business models, and society at large. There hence exists a strong need to defend (systems running) software against a range of attacks.

Doing so requires defensive software protection knowledge and skills, but also offensive training. After all, poachers make the best gamekeepers. Moreover, at the technical level, the required skills largely overlap: many technically neutral methods and tools can be used offensively as well as defensively, the difference solely depending on whether the targeted software is malware or goodware.



This course targets people that want to learn how to hack software, i.e., reverse engineer it or tamper with it. In addition, it targets people that want to learn how to defend their software against such hacking, e.g., because they want to protect their business model that depends on software running on their clients' devices without unauthorized modifications and without the confidentiality of parts of the software being violated.

Participants are expected to:

  • Have fluent programming skills in C
  • Basic knowledge of computer architecture, in particular the software-hardware interface including basic x86 and x86-64 assembler knowledge.
  • Basic knowledge of operating systems.
The language of instruction is English, which requires a sufficient command of the English language.


Micro-credentials are small courses of academic level that focus on specific competencies. They often consist of one or several subjects which are also taught in an university bachelor's or master's degree.

If you pass the micro-credential, you will receive a certificate as proof that you have completed the acquired competencies. So you also acquire real official credits who are recognized in your further career, also internationally. They can also lead to exemptions for other courses, also at other institutions and organizations.

You will receive a certificate of the micro-credential + credit certificate when you pass the corresponding exam (6 ECTS points).

Examination method:

  • written examination with open and closed questions on theory and practice (exercises), with closed-book
  • During semester: graded lab sessions (written reports and possibly or oral evaluation); participation 'flipping the classroom' activities
  • The final score is the average score for the two parts (50% periodic exam and 50% permanent evaluation ).
  • Lack of participation in permanent evaluation for no valid reason results in a zero for that part.
  • Unauthorized forms of collaboration for the practicals are handled as fraud, in line with the exam regulations.
  • In the case of group assignments, the students in a group get the same score by default. Only when there is a clear difference in contribution, the students will be given different scores.
  • The student must pass (>=10/20) both parts to pass the whole course. If they fail for one part while still scoring >=10/20 on average, the final score becomes 9/20.


Lecturer

Prof. Bjorn De Sutter, Department of Electronics and Information Systems, Ghent University


Contents

In this course, we focus on the technical knowledge and skills, so-called hacking skills, required to attack and protect software assets. These assets are the most valuable and sensitive parts of programs that need to remain confidential in the face of reverse engineering and of which the integrity needs to be maintained in the face of software tampering attempts.

We study and practice a wide range of software analysis and tampering techniques, including side channel and faultinjection techniques that rely on physical implementation features, as well as protections such as obfuscations that aim to mitigate unauthorized uses of those techniques to protect assets and their security requirements.

We study and practice the complex tasks of deploying good combinations of protections and of evaluating the achieved levels of protection, including the design and execution of empirical experiments in the domain of reverse engineering and software protection.

Furthermore, we study and practice how to use a range of software analyses and forensic techniques to analyze and detect malware, as well the techniques that malware authors deploy in an attempt to evade detection.

The attacks and mitigations in the scope of this course are commonly called man-at-the-end techniques, as they are deployed by parties that have (almost) complete control over the end devices on which they attack and analyze the software, such that they don’t need to rely on exploitable vulnerabilities for their attacks and analyses.

  • Context: man-at-the-end attack model, software assets, security requirements, security economics
  • Static reverse engineering tools and techniques: interactive disassemblers, decompilers, pattern matching, etc.
  • Dynamic reverse engineering tools and techniques: debuggers, hooking, emulation, tracing, statistical analysis, symbolic and concolic execution, taint analysis, delta analyses, fuzzing, etc.
  • Software tampering techniques, static and dynamic
  • Software obfuscation techniques (layout, design, code, data)
  • Preventive software protection techniques: anti-debugging, anti-tampering, anti-emulation
  • Software protection evaluation and validation methodologies, incl. the design, execution, and analysis of empirical experiments with human subjects
  • Software asset risk management approaches, decision support for software protection, impact on software development life cycle
  • Physical attacks based on side channels and fault injection
  • Malware analysis, detection, and classification techniques
  • Domain-specific attacks and defense on assets embedded in software: cryptographic assets, machine learning models, and possibly others
  • Hardware support for code and data confidentiality and integrit

Final competences

  1. Understanding the man-at-the-end attack model, including its relevant constructs, models, and methods.
  2. Knowing how to devise appropriate man-at-the-end attack strategies based on knowledge about the targeted assets.
  3. Knowledge of, a deeper understanding of, and experience with the tools and techniques commonly deployed in man-at-the-end software attacks.
  4. Capacity to execute a range of man-at-the-end attack steps on software (reverse engineering, software tampering) as part of such strategies.
  5. Extended knowledge of the techniques used for software protection against man-at-the-end attacks, understanding their limitations and the need to combine and layer multiple techniques to obtain useful protection.
  6. Basic experience in using software protection tools for deploying those techniques.
  7. Understanding strategies for and the complexities of deploying, evaluating, and validating software protections, including applicable risk management approaches.
  8. Knowing how to design, execute, and analyze empirical experiments involving human subjects for expanding the knowledge in software protection and man-at-the-end attack models.
  9. Knowing the different types of malware and their core features.
  10. Understanding the most used malware detection, classification, and analysis methods, and how malware tries to evade those.
  11. Being able to deploy forensic malware analysis techniques and tools.
  12. Communicating and presenting domain-specific knowledge in a correct and clear manner, with the appropriate language skills, incl. the use of correct terminology.

Practical info


Fee

384,80 euro

Click here for more information about the billing process and the payment request.

SME portfolio

Ghent University accepts payments via the SME portfolio (www.kmo-portfolio.be; use authorization code DV.O103193).

Opleidingsverlof (VOV)

This training is recognized in the context of VOV. For each credit point you are entitled to 4 hours of VOV.

This course (6 ECTS points) covers in total 24 hours of VOV (participation at the assigments and the exam is mandatory).

The registration certificate for VOV can be found at your personal page in OASIS (student administration platform).



Enrol here (from August): studiekiezer.ugent.be/2025/micro-credential-software-hacking-and-protection-en

A manual for Oasis can be found here.



This is a "flipped classroom" course: classical lectures are combined with practicals and online knowledge clips, demo clips, quizzes, articles, handouts and assignments.

  • There are some classical lectures, mostly Q&A lectures.
  • The weekly practicals are mainly done on students’ own laptops (which must be capable of running an x64 virtual machine).
  • The work for the practicals is limited to the practical sessions themselves.
  • Most practicals are completed individually, in a limited number of cases, they will be done in pairs.
  • To prepare for the weekly contact sessions, students must complete individual preparatory tasks (reading documents, watching clips, participating in quizzes, etc.).
Classes start on September 22, 2025 and always take place on Mondays from 13h30 till 17h30 at Campus Sterre.
The last session will be given on December 8, 2025.

Participants take the classes together with students of the Master of Science in Computer Science, the Master of Science in Computer Science Engineering and the Master of Science in Information Engineering Technology.

The training is supported by the Ufora learning platform, which contains, among other things, the course material.

Laptop

A personal laptop is required (which must be capable of running an x64 virtual machine).

Organisation

Universiteit Gent
UGent Academie voor Ingenieurs
Technologiepark 60
9052 Zwijnaarde
Tel.: +32 9 264 55 82
ugain@UGent.be