// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRF-01DTG 0600Z
ColdRecon / Brief Archive / Week of September 30, 2024
Signal Brief · Archived

Week of September 30, 2024

2024-09-30 — 2024-10-06 · 2 PUBLIC EVENTS · GENERAL / NON-PERSONALIZED

In the week of September 30, 2024, ColdRecon logged 2 public endpoint-security events from open-source reporting — 2 research pocs.

The Week's Public Record

Events

2024-10-04
research poc
Methodology for Bypassing RASP and Root Detection in Mobile Apps Using FridaFrida-based RASP and root detection bypass in mobile apps
A security researcher details a methodology to bypass Runtime Application Self-Protection (RASP) checks in a mobile app, including root detection, hooking framework detection, and developer mode detection, using Frida dynamic instrumentation. The technique involves reverse engineering the app with JADX, identifying RASP-related classes, and crafting a Frida script to override security checks. This demonstrates a practical bypass of mobile endpoint security controls.
2024-10-02
research poc
farsidePacker: EDR/AV Evasion Packer Demonstrating Multiple Bypass TechniquesfarsidePacker
Security researcher 0xOvid released farsidePacker, an open-source packer that demonstrates various methods to bypass EDR and AV solutions. The tool encrypts a target binary with AES and uses a stub to unpack and execute it in memory, evading detection. It was presented at BSides Copenhagen 2024 and includes techniques like resolving imports and relocations for memory execution.
Every event in this brief is a record in ColdRecon's canonical set, drawn from public open-source reporting and linked to its source. This is the general, non-personalized signal — published 7 days after the fact. The live daily brief, written for your deals, is for cleared officers.

This is last week, public. Get this morning's, written for you.

The live ColdRecon brief lands at 0600 daily — the same signal, filtered to your competitors and framed for your deals. Request clearance and tomorrow's is yours.

Request Clearance →