• Home
  • Search
  • Map
  • Scan
  • Resources
    • Technique List
    • Snippet List
    • Detection Rule List
    • Featured Evasion API List
    • Contributors
    • Scanned Samples
  • Tools
  • About
  • API
    • Unprotect API
    • API Documentation
  • Avatar Login

Search Evasion Techniques

Names, Techniques, Definitions, Keywords

Clear

Search Result

2 item(s) found so far for this keyword.

XProtect Encryption Abuse Data Obfuscation

Malware can abuse Apple's macOS XProtect string encryption algorithm to hide critical strings, including commands, browser paths, extension IDs, cryptocurrency wallet locations, and command-and-control (C2) details.

This technique leverages the same XOR-based encryption logic implemented in macOS’s XProtect antivirus engine, this encryption is used for “encrypted YARA rules stored within the XProtect Remediator binaries”.

The encryption process involves …

kernel flag inspection via sysctl Anti-Debugging

The sysctl anti-debugging technique can be abused by malware to detect and evade debugging tools on macOS or BSD-like systems. By querying the kernel for process information, malware checks flags (e.g., 0x800) to see if a debugger is attached. If detected, the malware can terminate, alter behavior, or enter a dormant state to avoid analysis.

This technique blends …

The #UnprotectProject is brought to you by 🇫🇷 fr0gger_ and 🇫🇷 DarkCoderSc

Terms And Conditions | Cookie Policy | Cookies preferences | GDPR

Contribute Now