| ID | Name |
|---|---|
| ATAGS-T1107.001 | Code Signing |
| ATAGS-T1107.002 | Code Signing Policy Modification |
| ATAGS-T1107.003 | Gatekeeper Bypass |
| ATAGS-T1107.004 | Install Root Certificate |
| ATAGS-T1107.005 | Mark-of-the-Web Bypass |
| ATAGS-T1107.006 | SIP and Trust Provider Hijacking |
Threat Actors may modify code signing policies to enable execution of unsigned or self-signed code. Code signing provides a level of authenticity on a program from a developer and a guarantee that the program has not been tampered with. Security controls can include enforcement mechanisms to ensure that only valid, signed code can be run on an operating system.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.