// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRF-01DTG 0600Z
ColdRecon / Brief Archive / Week of August 28, 2023
Signal Brief · Archived

Week of August 28, 2023

2023-08-28 — 2023-09-03 · 3 PUBLIC EVENTS · GENERAL / NON-PERSONALIZED

In the week of August 28, 2023, ColdRecon logged 3 public endpoint-security events from open-source reporting — 2 research pocs, 1 vuln disclosure. Vendors in the record this week: Arxan, Splunk, Microsoft.

The Week's Public Record

Events

2023-08-31
research poc
CWHook Proof-of-Concept Bypasses Arxan Integrity Checks in Call of Duty: Cold WarCWHook
CWHook is a proof-of-concept tool that circumvents Arxan's integrity checks in Call of Duty: Cold War, enabling reverse engineering and debugging. It includes a plugin loader with hot-reload capabilities to streamline mod development. The project documents Arxan's behavior and provides code for checksum healing and inline hook stubs.
2023-08-30
vuln disclosure
CVE-2023-40596: Splunk Enterprise Privilege Escalation via Insecure OPENSSLDIR PathCVE-2023-40596
CVE-2023-40596 is a privilege escalation vulnerability in Splunk Enterprise on Windows. It arises from an insecure OPENSSLDIR build definition in the bundled OpenSSL library, allowing local attackers to plant malicious DLLs. Successful exploitation can lead to full system compromise.
2023-08-28
research poc
DebugAmsi: AMSI Bypass via Windows Process DebuggerDebugAmsi
A proof-of-concept tool named DebugAmsi demonstrates a method to bypass the Antimalware Scan Interface (AMSI) in Windows by using the debugger mechanism. It attaches as a debugger to a suspended PowerShell process, intercepts the loading of amsi.dll, and patches its AmsiOpenSession and AmsiScanBuffer functions to disable AMSI scanning. This technique allows execution of malicious scripts without AMSI detection.
Every event in this brief is a record in ColdRecon's canonical set, drawn from public open-source reporting and linked to its source. This is the general, non-personalized signal — published 7 days after the fact. The live daily brief, written for your deals, is for cleared officers.

This is last week, public. Get this morning's, written for you.

The live ColdRecon brief lands at 0600 daily — the same signal, filtered to your competitors and framed for your deals. Request clearance and tomorrow's is yours.

Request Clearance →