// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRF-01DTG 0600Z
ColdRecon / Brief Archive / Week of December 4, 2023
Signal Brief · Archived

Week of December 4, 2023

2023-12-04 — 2023-12-10 · 2 PUBLIC EVENTS · GENERAL / NON-PERSONALIZED

In the week of December 4, 2023, ColdRecon logged 2 public endpoint-security events from open-source reporting — 1 research poc, 1 vuln disclosure. Vendors in the record this week: Palo Alto, SentinelOne, CrowdStrike.

The Week's Public Record

Events

2023-12-06
research poc
Pool Party Process Injection Techniques Bypass Major EDR SolutionsPool Party
SafeBreach researchers presented eight new process injection techniques called Pool Party at Black Hat Europe 2023. These techniques abuse Windows thread pools and worker factories to execute malicious code, achieving 100% bypass against five leading EDR products. The methods are more flexible than existing techniques and fully undetectable in tests.
2023-12-04
vuln disclosure
Arcserve UDP Agent Path Traversal Vulnerability CVE-2023-42000CVE-2023-42000
A path traversal vulnerability in Arcserve UDP agent prior to version 9.2 allows unauthenticated remote attackers to upload arbitrary files to any location on the file system where the agent is installed. This can lead to remote code execution and full system compromise. A proof-of-concept exploit is publicly available, but no in-the-wild exploitation has been confirmed.
Every event in this brief is a record in ColdRecon's canonical set, drawn from public open-source reporting and linked to its source. This is the general, non-personalized signal — published 7 days after the fact. The live daily brief, written for your deals, is for cleared officers.

This is last week, public. Get this morning's, written for you.

The live ColdRecon brief lands at 0600 daily — the same signal, filtered to your competitors and framed for your deals. Request clearance and tomorrow's is yours.

Request Clearance →