In this post we will look to complete a similar exercise on MacOS, looking at some of the self-protection methods employed by Antivirus engines, how they work, and just what we can do to disable them when looking to complete further research.Īt the end of the post, we will have a bit of fun and show just how we can leverage self-protection techniques to hide our malware during an engagement.ĭisclaimer: It should be noted that a lot of the techniques in this post require elevated or root permissions (or an attached kernel debugger), meaning that if an attacker were in a position to exploit any of these conditions, no security product would be able to protect you. I have previously explored Windows Anti-Debugging techniques, also driven out of research into Antivirus engines, showing just how you could go about disabling anti-debug functionality for the purposes of furthering your research. Recently we’ve been looking at MacOS in the context of redteaming, looking at endpoint security products and how they can be evaded on a Mac.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |