// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRF-01DTG 0600Z
ColdRecon / Brief Archive / Week of July 31, 2023
Signal Brief · Archived

Week of July 31, 2023

2023-07-31 — 2023-08-06 · 2 PUBLIC EVENTS · GENERAL / NON-PERSONALIZED

In the week of July 31, 2023, ColdRecon logged 2 public endpoint-security events from open-source reporting — 2 vuln disclosures. Vendors in the record this week: Ivanti, STRANGETRINITY (anonymized top-tier EDR vendor).

The Week's Public Record

Events

2023-08-03
vuln disclosure
CVE-2023-35081: Ivanti EPMM Path Traversal VulnerabilityCVE-2023-35081
CVE-2023-35081 is a path traversal vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that allows authenticated administrators to write arbitrary files. It has been actively exploited in the wild and added to CISA's Known Exploited Vulnerabilities catalog. Successful exploitation can lead to remote code execution and full system compromise.
2023-08-02
vuln disclosure
EDR Whitelist Bypass Allows Undetected Malicious Activity via PPID SpoofingSTRANGETRINITY EDR Whitelist Bypass via PPID Spoofing
Researchers discovered that a top-tier EDR product (anonymized as STRANGETRINITY) did not inject its hooking DLL into its own user-mode process, which ran without process protection. By using PPID spoofing to spawn a new instance of the EDR process and injecting shellcode via CreateRemoteThread, attackers could execute post-exploitation tools like Mimikatz without detection. The vendor confirmed this was unintended behavior and has since fixed the issue.
Every event in this brief is a record in ColdRecon's canonical set, drawn from public open-source reporting and linked to its source. This is the general, non-personalized signal — published 7 days after the fact. The live daily brief, written for your deals, is for cleared officers.

This is last week, public. Get this morning's, written for you.

The live ColdRecon brief lands at 0600 daily — the same signal, filtered to your competitors and framed for your deals. Request clearance and tomorrow's is yours.

Request Clearance →