// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRF-01DTG 0600Z
ColdRecon / Brief Archive / Week of May 13, 2024
Signal Brief · Archived

Week of May 13, 2024

2024-05-13 — 2024-05-19 · 4 PUBLIC EVENTS · GENERAL / NON-PERSONALIZED

In the week of May 13, 2024, ColdRecon logged 4 public endpoint-security events from open-source reporting — 2 research pocs, 2 vuln disclosures. Vendors in the record this week: Easy Anti-Cheat, nProtect, VMProtect.

The Week's Public Record

Events

2024-05-18
research poc
Proof-of-Concept: Hells Gate EDR Evasion via Direct Syscalls in RustHells Gate EDR evasion in Rust
A proof-of-concept demonstrates EDR evasion by calling Windows kernel syscalls directly from Rust, bypassing user-mode hooks. The technique, known as Hells Gate, avoids detection by not using the standard Windows API. This implementation shows how Rust can be used for such evasion, previously common in C.
2024-05-17
research poc
QEMU Anti-Detection Patch Evades Multiple Anti-Cheat and Packer VM ChecksQEMU-Anti-Detection
A publicly available patch for QEMU modifies emulated hardware identifiers to bypass virtual machine detection by several anti-cheat engines and software protectors. The technique hides QEMU-specific strings, serial numbers, and firmware artifacts but does not address timing-based detection methods. This research proof-of-concept demonstrates a practical method for evading endpoint security tools that rely on VM detection.
Easy Anti-Cheat · nProtect · VMProtect · Themida · Enigma Protector · Safegine Shielden · Vanguard · Anti Cheat Expert · Gepard Shield · Mhyprot ↗ github.com (2024-05-17)
2024-05-14
vuln disclosure
VMware Workstation and Fusion SVGA Heap Buffer Overflow Allows Guest-to-Host Code ExecutionCVE-2024-22268
CVE-2024-22268 is an out-of-bounds write vulnerability in the SVGA virtual device of VMware Workstation and Fusion. It allows a remote attacker with user interaction to execute arbitrary code on the host from a guest, potentially compromising the hypervisor and all guest systems. Patches are available in Workstation 17.5.2 and Fusion 13.5.2.
2024-05-13
vuln disclosure
CVE-2024-27834: Pointer Authentication Bypass in Apple iOS and iPadOSCVE-2024-27834
CVE-2024-27834 is a vulnerability in Apple's Pointer Authentication mechanism that allows an attacker with arbitrary read/write capability to bypass pointer integrity checks. The flaw was addressed in iOS 17.5, iPadOS 17.5, and other Apple OS updates. Successful exploitation could lead to arbitrary code execution or privilege escalation.
Every event in this brief is a record in ColdRecon's canonical set, drawn from public open-source reporting and linked to its source. This is the general, non-personalized signal — published 7 days after the fact. The live daily brief, written for your deals, is for cleared officers.

This is last week, public. Get this morning's, written for you.

The live ColdRecon brief lands at 0600 daily — the same signal, filtered to your competitors and framed for your deals. Request clearance and tomorrow's is yours.

Request Clearance →