// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRF-01DTG 0600Z
ColdRecon / Brief Archive / Week of December 18, 2023
Signal Brief · Archived

Week of December 18, 2023

2023-12-18 — 2023-12-24 · 3 PUBLIC EVENTS · GENERAL / NON-PERSONALIZED

In the week of December 18, 2023, ColdRecon logged 3 public endpoint-security events from open-source reporting — 2 vuln disclosures, 1 research poc. Vendors in the record this week: Sophos, Microsoft, ESET.

The Week's Public Record

Events

2023-12-24
research poc
Researcher Documents Meterpreter Evasion Against EDR Using XOR Encryption and .data SectionMeterpreter EDR Evasion via XOR and .data Section
A red teamer documents their process of evading EDR detection for a Meterpreter payload by applying XOR encryption and storing the encrypted shellcode in the .data section to reduce static signatures. The technique was tested against Sophos XDR Intercept and Microsoft Defender for Endpoint on Windows 11, aiming to run the payload with minimal alerts. The article is part one of a series, focusing on theoretical foundations and initial evasion attempts.
2023-12-21
vuln disclosure
CVE-2023-5594: ESET Endpoint Antivirus Certificate Validation BypassCVE-2023-5594
CVE-2023-5594 is an improper certificate validation vulnerability in ESET security products' secure traffic scanning feature. The flaw allows acceptance of intermediate certificates signed with weak MD5 or SHA1 algorithms, enabling man-in-the-middle attacks. This undermines TLS/SSL inspection, potentially exposing encrypted traffic to interception.
2023-12-18
vuln disclosure
Zabbix Agent 2 smart.disk.get Parameter Sanitization VulnerabilityCVE-2023-32728
CVE-2023-32728 is a medium-severity vulnerability in Zabbix Agent 2 where the smart.disk.get item key fails to sanitize parameters before passing them to a shell command, potentially allowing remote code execution. The flaw requires network access, high attack complexity, low privileges, and user interaction. It affects multiple versions of Zabbix Agent 2.
Every event in this brief is a record in ColdRecon's canonical set, drawn from public open-source reporting and linked to its source. This is the general, non-personalized signal — published 7 days after the fact. The live daily brief, written for your deals, is for cleared officers.

This is last week, public. Get this morning's, written for you.

The live ColdRecon brief lands at 0600 daily — the same signal, filtered to your competitors and framed for your deals. Request clearance and tomorrow's is yours.

Request Clearance →