// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRF-01DTG 0600Z
ColdRecon / Brief Archive / Week of February 19, 2024
Signal Brief · Archived

Week of February 19, 2024

2024-02-19 — 2024-02-25 · 3 PUBLIC EVENTS · GENERAL / NON-PERSONALIZED

In the week of February 19, 2024, ColdRecon logged 3 public endpoint-security events from open-source reporting — 2 research pocs, 1 vuln disclosure. Vendors in the record this week: Microsoft, Xcitium (formerly Comodo).

The Week's Public Record

Events

2024-02-25
research poc
BypassPG: New Method to Bypass Windows Patch GuardBypassPG
A proof-of-concept repository demonstrates a method to bypass Windows Patch Guard by hooking NtCreateFile and NtOpenProcess, tested on Windows 10 22H2. The technique reportedly evades detection by several anti-cheat systems and remains stable without blue screens for nearly a day.
2024-02-22
vuln disclosure
OpenEDR Vulnerabilities Allow Malicious DLL Injection via DriverOpenEDR DLL Hijacking and Unsigned DLL Loading
Two vulnerabilities were discovered in OpenEDR's DLL injector module: the driver does not verify the signature of the DLL it injects, and it searches for the DLL in an unprotected path (System32) before the protected installation path. An attacker with administrator privileges can replace the legitimate DLL with a malicious one, causing the EDR driver to inject malicious code into every monitored process, compromising system confidentiality and integrity.
Xcitium (formerly Comodo) ↗ scavengersecurity.com (2024-02-22)
2024-02-20
research poc
Case Study on AV/EDR Bypass Technique Publishedav-edr-bypass-1
A GitHub repository named 'av-edr-bypass-1' was published as a case study demonstrating a technique to bypass antivirus and EDR detection. The repository contains C++ code and has garnered modest community attention. It serves as a proof-of-concept for security researchers and engineers.
Every event in this brief is a record in ColdRecon's canonical set, drawn from public open-source reporting and linked to its source. This is the general, non-personalized signal — published 7 days after the fact. The live daily brief, written for your deals, is for cleared officers.

This is last week, public. Get this morning's, written for you.

The live ColdRecon brief lands at 0600 daily — the same signal, filtered to your competitors and framed for your deals. Request clearance and tomorrow's is yours.

Request Clearance →