// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRF-01DTG 0600Z
ColdRecon / Brief Archive / Week of October 9, 2023
Signal Brief · Archived

Week of October 9, 2023

2023-10-09 — 2023-10-15 · 1 PUBLIC EVENT · GENERAL / NON-PERSONALIZED

In the week of October 9, 2023, ColdRecon logged 1 public endpoint-security event from open-source reporting — 1 research poc. Vendors in the record this week: Cobalt Strike.

The Week's Public Record

Events

2023-10-09
research poc
BOFRyptor Encrypts Cobalt Strike Beacon During BOF Execution to Evade Memory ScannersBOFRyptor
BOFRyptor is a proof-of-concept BOF that encrypts the Cobalt Strike beacon code and configuration in memory during BOF execution to prevent detection by memory scanners. It was developed after discovering that Microsoft Defender for Endpoint triggers a memory scan during certain API calls, exposing the unencrypted beacon. The technique encrypts the beacon region and heap configuration at BOF start and decrypts them at BOF end.
Every event in this brief is a record in ColdRecon's canonical set, drawn from public open-source reporting and linked to its source. This is the general, non-personalized signal — published 7 days after the fact. The live daily brief, written for your deals, is for cleared officers.

This is last week, public. Get this morning's, written for you.

The live ColdRecon brief lands at 0600 daily — the same signal, filtered to your competitors and framed for your deals. Request clearance and tomorrow's is yours.

Request Clearance →