// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRF-01DTG 0600Z
ColdRecon / Brief Archive / Week of November 11, 2024
Signal Brief · Archived

Week of November 11, 2024

2024-11-11 — 2024-11-17 · 1 PUBLIC EVENT · GENERAL / NON-PERSONALIZED

In the week of November 11, 2024, ColdRecon logged 1 public endpoint-security event from open-source reporting — 1 incident.

The Week's Public Record

Events

2024-11-11
incident
Threat Actors Use Mounted Guest Technique to Bypass EDR on Hyper-V Virtual MachinesMounted Guest EDR Bypass
Stroz Friedberg observed a previously undocumented EDR bypass technique used in the wild. Attackers with administrative access to a Hyper-V host mounted a virtual machine's disk file, deleted EDR program files from the offline volume, then rebooted the VM without EDR protection to deploy ransomware. This method exploits the host-guest relationship in hypervisors and is not specific to any EDR product or hypervisor platform.
Every event in this brief is a record in ColdRecon's canonical set, drawn from public open-source reporting and linked to its source. This is the general, non-personalized signal — published 7 days after the fact. The live daily brief, written for your deals, is for cleared officers.

This is last week, public. Get this morning's, written for you.

The live ColdRecon brief lands at 0600 daily — the same signal, filtered to your competitors and framed for your deals. Request clearance and tomorrow's is yours.

Request Clearance →