Skip to content

Hide Navigation Hide TOC

System Integrity Protection (SIP) Disabled (3603f18a-ec15-43a1-9af2-d196c8a7fec6)

Detects the use of csrutil to disable the Configure System Integrity Protection (SIP). This technique is used in post-exploit scenarios.

Cluster A Galaxy A Cluster B Galaxy B Level
System Integrity Protection (SIP) Disabled (3603f18a-ec15-43a1-9af2-d196c8a7fec6) Sigma-Rules Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 1
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 2