Book Description

'Imagine trying to play defense in football without ever studying offense. You would not know when a run was coming, how to defend pass patterns, nor when to blitz. In computer systems, as in football, a defender must be able to think like an attacker. I say it in my class every semester, you don't want to be the last person to attack your own system--you should be the first.

Explore a preview version of Exploiting Online Games: Cheating Massively Distributed Systems right now. O’Reilly members get unlimited access to live online training experiences, plus books, videos, and digital content from 200+ publishers. Exploiting Online Games: Cheating Massively Distributed Systems by Greg Hoglund; Gary McGraw. Paperback - Secondhand Book - Very Good Condition. And this groundbreaking book is the only comprehensive source of information on how to exploit computer games. Every White Hat should read it.

'The world is quickly going online. While I caution against online voting, it is clear that online gaming is taking the Internet by storm. In our new age where virtual items carry real dollar value, and fortunes are won and lost over items that do not really exist, the new threats to the intrepid gamer are all too real. To protect against these hazards, you must understand them, and this groundbreaking book is the only comprehensive source of information on how to exploit computer games. Every White Hat should read it. It's their only hope of staying only one step behind the bad guys.'

--Aviel D. Rubin, Ph.D.
Professor, Computer Science
Technical Director, Information Security Institute
Johns Hopkins University

'Everyone's talking about virtual worlds. But no one's talking about virtual-world security. Greg Hoglund and Gary McGraw are the perfect pair to show just how vulnerable these online games can be.'

--Cade Metz
Senior Editor

PC Magazine

'If we're going to improve our security practices, frank discussions like the ones in this book are the only way forward. Or as the authors of this book might say, when you're facing off against Heinous Demons of Insecurity, you need experienced companions, not to mention a Vorpal Sword of Security Knowledge.'

--Edward W. Felten, Ph.D.
Professor of Computer Science and Public Affairs
Director, Center for Information Technology Policy
Princeton University

'Historically, games have been used by warfighters to develop new capabilities and to hone existing skills--especially in the Air Force. The authors turn this simple concept on itself, making games themselves the subject and target of the 'hacking game,' and along the way creating a masterly publication that is as meaningful to the gamer as it is to the serious security system professional.

Exploiting online games cheating massively distributed systems pdf free

'Massively distributed systems will define the software field of play for at least the next quarter century. Understanding how they work is important, but understanding how they can be manipulated is essential for the security professional. This book provides the cornerstone for that knowledge.'

--Daniel McGarvey
Chief, Information Protection Directorate
United States Air Force

'Like a lot of kids, Gary and I came to computing (and later to computer security) through games. At first, we were fascinated with playing games on our Apple ][s, but then became bored with the few games we could afford. We tried copying each other's games, but ran up against copy-protection schemes. So we set out to understand those schemes and how they could be defeated. Pretty quickly, we realized that it was a lot more fun to disassemble and work around the protections in a game than it was to play it.

'With the thriving economies of today's online games, people not only have the classic hacker's motivation to understand and bypass the security of games, but also the criminal motivation of cold, hard cash. That's a combination that's hard to stop. The first step, taken by this book, is revealing the techniques that are being used today.'

--Greg Morrisett, Ph.D.
Allen B. Cutting Professor of Computer Science
School of Engineering and Applied Sciences
Harvard University

'If you're playing online games today and you don't understand security, you're at a real disadvantage. If you're designing the massive distributed systems of tomorrow and you don't learn from games, you're just plain sunk.'

--Brian Chess, Ph.D.
Founder/Chief Scientist, Fortify Software
Coauthor of
Secure Programming with Static Analysis

'This book offers up a fascinating tour of the battle for software security on a whole new front: attacking an online game. Newcomers will find it incredibly eye opening and even veterans of the field will enjoy some of the same old programming mistakes given brilliant new light in a way that only massively-multiplayer-supermega-blow-em-up games can deliver. w00t!'

--Pravir Chandra
Principal Consultant, Cigital
Coauthor of
Network Security with OpenSSL

If you are a gamer, a game developer, a software security professional, or an interested bystander, this book exposes the inner workings of online-game security for all to see.

From the authors of the best-selling Exploiting Software, Exploiting Online Games takes a frank look at controversial security issues surrounding MMORPGs, such as World of Warcraft and Second Life®. This no-holds-barred book comes fully loaded with code examples, debuggers, bots, and hacks.

This book covers

  • Why online games are a harbinger of software security issues to come

  • How millions of gamers have created billion-dollar virtual economies

  • How game companies invade personal privacy

  • Why some gamers cheat

  • Techniques for breaking online game security

  • How to build a bot to play a game for you

  • Methods for total conversion and advanced mods

Written by the world's foremost software security experts, this book takes a close look at security problems associated with advanced, massively distributed software. With hundreds of thousands of interacting users, today's online games are a bellwether of modern software. The kinds of attack and defense techniques described in Exploiting Online Games are tomorrow's security techniques on display today.

Exploiting Online Games Cheating Massively Distributed Systems Pdf Files

Spouse(s)Penny C. Leavy[1]

Michael Gregory Hoglund is a recognized author, researcher, and serial entrepreneur in the cyber security industry. He is the founder of several companies, including Cenzic, HBGary and Outlier Security. Hoglund contributed a great deal of early research to the field of rootkits, software exploitation, buffer overflows, and online game hacking. His later work focused on computer forensics, physical memory forensics, malware detection, and attribution of hackers. He holds a patent on fault injection methods for software testing, and fuzzy hashing for computer forensics. Due to an email leak in 2011, Hoglund is well known to have worked for the U.S. Government and Intelligence Community in the development of rootkits and exploit material.[2][3] It was also shown that he and his team at HBGary had performed a great deal of research on Chinese Government hackers commonly known as APT (Advanced persistent threat). For a time, his company HBGary was the target of a great deal of media coverage and controversy following the 2011 email leak (see below, Controversy and email leak). HBGary was later acquired by a large defense contractor.[4]


Hoglund has founded several security startup companies which were still in operation today:

  • Cenzic, Inc. (formerly known as ClickToSecure, Inc.[5]) Focused on web application security for the Fortune-500.[6]
  • Bugscan, Inc. Developed an appliance that would scan software for security vulnerabilities without sourcecode. Acquired in 2004 by LogicLibrary, Inc.[7]
  • HBGary, Inc. Provides a comprehensive suite of software products to detect, analyze, and diagnose Advanced Persistent Threats (APT) and targeted malware. Acquired in 2012 by Mantech International (MANT).[8] HBGary had no outside investors and was owned by the founders and early employees.
  • Outlier Security, Inc. Provides cloud-based, agentless endpoint detection and response (EDR) systems for enterprises. Acquired in 2017 by Symantec (SYMC).


  • Granted: Fuzzy Hash Algorithm[9]
  • Granted: Fault injection methods and apparatus[10] along with Penny C. Leavy, Jonathan Walter Gary, and Riley Dennis Eller.
  • Applied: Inoculator and antibody for computer security[11] along with Shawn Michael Bracken.
  • Applied: Digital DNA sequence.[12]
  • Applied: Universal method and apparatus for disparate systems to communicate[13] along with Yobie Benjamin, Abhideep Singh, and Jonathan Gary.

Research and authorship[edit]

Exploiting online games cheating massively distributed systems pdf free

As an author, Hoglund wrote Exploiting Software: How to Break Code, Rootkits: Subverting the Windows Kernel and Exploiting Online Games: Cheating Massively Distributed Systems, and was a contributing author on Hack Proofing Your Network: Internet Tradecraft. He was a reviewer for the Handbook of SCADA/Control Systems Security. He has presented regularly at security conferences such as Black Hat Briefings, DEF CON, DFRWS, FS-ISAC, and RSA Conference, among others. Hoglund drew the attention of the media when he exposed the functionality of Blizzard Entertainment's Warden software, used to prevent hacking in the popular game World of Warcraft.


  • Exploiting Online Games: Cheating Massively Distributed Systems, Addison-Wesley, 2007, ISBN0-13-227191-5.
  • Rootkits: Subverting the Windows Kernel, Addison-Wesley, 2005, ISBN0-321-29431-9.
  • Exploiting Software: How to Break Code, Addison-Wesley, 2004, ISBN0-201-78695-8.


  • A *REAL* NT Rootkit, patching the NT Kernel, Phrack magazine, 1999[14]

Conference presentations[edit]

  • Advanced Buffer Overflow Techniques, BlackHat 2000 USA/Asia[15]
  • Kernel Mode Rootkits, BlackHat 2001 USA/Europe/Asia[16]
  • Application Testing Through Fault Injection Techniques, BlackHat Windows Security 2002 USA/Asia[17]
  • Exploiting Parsing Vulnerabilities, BlackHat 2002 USA/Asia[18]
  • Runtime Decompilation, BlackHat Windows Security 2003 Asia [19]
  • Active Reversing: The Next Generation of Reverse Engineering, BlackHat 2007 USA/Europe[20]
  • VICE - Catch the Hookers!, BlackHat 2004 USA[21]
  • Hacking World of Warcraft: An Exercise in Advanced Rootkit Design, BlackHat 2005/2006 USA/Europe/Asia[22]

Controversy and email leak[edit]

HBGary found controversy in 2011 after corporate emails were leaked from the now defunct sister company HBGary Federal. Of particular note, the founder of HBGary Federal, Aaron Barr, had authored a draft Powerpoint presentation on information warfare (IW) that was the subject of much interpretation by online reporters and bloggers. It outlined controversial information warfare strategies and techniques, including background checks to discredit online reporters/bloggers, OSINT monitoring of detractors, and disinformation to discredit Wikileaks. This presentation was never shown to be used, and the supposed customers of this work were never actually customers of HBGary Federal, and further stated they were not aware of the presentation.[23]

After the incident in 2011, several hackers branded the attack on HBGary as the work of Anonymous.[24] Later, this branding was abandoned and replaced with the hacking group LulzSec. At this time, the identities of the hackers behind LulzSec were not known. In an interview after the attack, Hoglund characterized the group as criminal hackers and revealed that he had recently refocused HBGary's attribution team, previously used to hunt down Chinese APT (Advanced persistent threat), to instead discover the identities of the Lulzsec hackers.[25] Less than six months later, the leader of LulzSec, Hector Xavier Monsegur (aka Sabu), had been secretly arrested by the FBI and turned into an informant against the rest of Anonymous. HBGary admitted to working closely with law enforcement, and was later given credit for their assistance to the FBI in the investigation that lead to the arrest of the LulzSec leader Hector Xavier Monsegur (aka Sabu).[26][edit]

Hoglund also founded and operated,[27] a popular site devoted to the subject of rootkits. Several well known rootkits and anti-rootkits were hosted from, including Jamie Butler's FU rootkit, Hacker Defender by HF, Bluepill by Joanna Rutkowska and Alexander Tereshkin, ShadowWalker by Sherri Sparks, FUTo by Peter Silberman, BootKit by Derek Soeder (eEye), and AFX Rootkit by Aphex. A complete list can be found on the wayback engine for Last snapshot of on Wayback.[28]'s original site administrators were Greg Hoglund, Fuzen_Op (Jamie Butler), Barns (Barnaby Jack), Caezar of GhettoHackers (Riley Eller), Talis (JD Glaser of NTObjectives), and Vacuum of Technotronic. At its peak, had 81,000 users. was compromised in 2011 via Social engineering (security) as part of the LulzSec attack by Hector Xavier Monsegur (aka Sabu) and the user database was leaked.[29] The leaked user database was then used for research against the Chinese Government-sponsored hacking group commonly known as 'APT1'.[30] The site since remains offline.

Physical memory forensics[edit]

Hoglund was an early pioneer in the research and development of physical memory forensics, now considered standard practice in computer forensics in law enforcement. He saw the physical memory as a complex snapshot of interrelated structures and data arrays, instead of just a flatfile full of strings. The original application was not forensics, but rootkit detection and process hiding – showing how physical memory forensics grew partly from rootkit development.[31] With the release of HBGary's product Responder in 2008, Hoglund was one of the first to deliver OS reconstruction to the market, pivotal in the use of physical memory to reconstruct software and user behavior. Responder PRO continues to be a staple tool for law enforcement and incident response today.


  1. ^Nate Anderson (February 10, 2011). 'How one man tracked down Anonymous—and paid a heavy price'. Ars Technica.
  2. ^Nate Anderson (19 February 2011). 'Black ops: how HBGary wrote backdoors for the government'. Ars Technica.
  3. ^Tim Greene (19 February 2011). 'Stolen HBGary e-mails indicate it was planning a 'new breed of rootkit''. Network World. Archived from the original on 15 October 2012.
  4. ^staff (2 April 2012). 'HBGary acquisition by ManTech complete'. Sacramento Business Journal.
  5. ^'About Us : Reverse Engineering Rootkits by Greg Hoglund, HBGary & Rich Cummings, HBGary'. Black Hat. Retrieved 2011-06-20.
  6. ^'Web Application Security'. Archived from the original on 2014-08-30. Retrieved 2011-06-20.
  7. ^Krill, Paul (2004-09-14). 'LogicLibrary buys BugScan Developer World'. InfoWorld. Archived from the original on 2008-05-15. Retrieved 2011-06-20.
  8. ^MandaSoft (2 April 2012). 'ManTech International Corporation will acquire HBGary Inc'. BusinessWire.
  9. ^US grant 8484152, Michael Gregory Hoglund, 'Fuzzy Hash Algorithm', published 2009-6-26
  10. ^US grant 7620851, Michael Gregory Hoglund, 'Fault injection methods and apparatus', published 2007-1-31
  11. ^US applied 20120110673, Michael Gregory Hoglund, 'Inoculator and antibody for computer security', published 2011-9-23
  12. ^US applied 20110067108, Michael Gregory Hoglund, 'Digital DNA sequence', published 2011-9-23
  13. ^US applied 20010013052, Greg Hoglund, 'Universal method and apparatus for disparate systems to communicate', published 2001-8-09
  14. ^'Phrack Magazine'. Retrieved 2011-06-20.
  15. ^Jeff Moss. 'The Black Hat Briefings Conference List of Speakers at'. Retrieved 2011-06-20.
  16. ^Jeff Moss (2007-06-21). 'The Black Hat Briefings Conference List of Speakers at'. Retrieved 2011-06-20.
  17. ^Jeff Moss (2007-06-21). 'Black Hat USA 2002 Topics and Speakers'. Retrieved 2011-06-20.
  18. ^Jeff Moss (2007-06-21). 'Black Hat Asia 2002 Topics and Speakers'. Retrieved 2011-06-20.
  19. ^Jeff Moss. 'Black Hat USA 2003 Topics and Speakers'. Retrieved 2011-06-20.
  20. ^Jeff Moss. 'Black Hat USA 2007 Topics and Speakers'. Retrieved 2011-06-20.
  21. ^Jeff Moss. 'Black Hat USA 2004 Topics and Speakers'. Retrieved 2011-06-20.
  22. ^Jeff Moss. 'Black Hat USA 2006 Topics and Speakers'. Retrieved 2011-06-20.
  23. ^Eric Lipton (11 February 2011). 'Hackers Reveal Offers to Spy on Corporate Rivals'. New York Times.
  24. ^Brian Krebs (7 February 2011). 'HBGary Federal Hacked by Anonymous'. Krebs on Security.
  25. ^Rob Lemos (22 March 2011). 'HBGary's Hoglund sheds light on Anonymous'. Computerworld.
  26. ^U.S. Attorney's Office (6 March 2012). 'Hacker of Sacramento Company HBGary Pleads Guilty'. Federal Bureau of Investigation.
  27. ^'Archived copy'. Archived from the original on 2007-04-06. Retrieved 2013-10-19.CS1 maint: archived copy as title (link)
  28. ^'rootkit - dot com'. Archived from the original on 5 February 2011.
  29. ^Lucian Constantin (14 February 2011). ' Compromise Poses Risks to Other Sites'. softpedia.
  30. ^Gerry Smith (19 February 2013). 'Anonymous Helps Researchers Link Hackers To Chinese Army'. Huffington Post.
  31. ^Greg Hoglund (25 May 2011). 'A Brief History of Physical Memory Forensics'. Fast Horizon.

External links[edit]

  • Black ops: how HBGary wrote backdoors for the government (by Nate Anderson, ars technica)
Retrieved from ''