Skip to content

Hide Navigation Hide TOC

System Integrity Protection (SIP) Enumeration (53821412-17b0-4147-ade0-14faae67d54b)

Detects the use of csrutil to view the Configure System Integrity Protection (SIP) status. This technique is used in post-exploit scenarios.

Cluster A Galaxy A Cluster B Galaxy B Level
System Integrity Protection (SIP) Enumeration (53821412-17b0-4147-ade0-14faae67d54b) Sigma-Rules Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 1
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 2