Currently viewing ATT&CK v8.2 which was live between October 27, 2020 and April 28, 2021. Learn more about the versioning system or see the live site.

Disguise Root/Jailbreak Indicators

An adversary could use knowledge of the techniques used by security software to evade detection[1][2]. For example, some mobile security products perform compromised device detection by searching for particular artifacts such as an installed "su" binary, but that check could be evaded by naming the binary something else. Similarly, polymorphic code techniques could be used to evade signature-based detection[3].

ID: T1408
Sub-techniques:  No sub-techniques
Tactic Type: Post-Adversary Device Access
Tactic: Defense Evasion
Platforms: Android, iOS
MTC ID: EMM-5
Version: 1.1
Created: 25 October 2017
Last Modified: 03 February 2019

Mitigations

Mitigation Description
Security Updates

References