Endpoint Security Self-Protection on MacOS

Recently we’ve been looking at MacOS in the context of redteaming, looking at endpoint security products and how they can be evaded on a Mac.

I have previously explored Windows Anti-Debugging techniques, also driven out of research into Antivirus engines, showing just how you could go about disabling anti-debug functionality for the purposes of furthering your research.

In this post we will look to complete a similar exercise on MacOS, looking at some of the self-protection methods employed by Antivirus engines, how they work, and just what we can do to disable them when looking to complete further research.

At the end of the post, we will have a bit of fun and show just how we can leverage self-protection techniques to hide our malware during an engagement.

Read the full post over on MDSec’s blog here.