// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRF-01DTG 0600Z
ColdRecon / Brief Archive / Week of January 20, 2025
Signal Brief · Archived

Week of January 20, 2025

2025-01-20 — 2025-01-26 · 1 PUBLIC EVENT · GENERAL / NON-PERSONALIZED

In the week of January 20, 2025, ColdRecon logged 1 public endpoint-security event from open-source reporting — 1 research poc.

The Week's Public Record

Events

2025-01-24
research poc
EDR Bypass Using Hardware Breakpoints and NtContinue to Evade ETW TelemetryHardware Breakpoint EDR Bypass via NtContinue
Researchers demonstrated a technique to bypass EDR detection by setting hardware breakpoints via NtContinue, avoiding ETW telemetry. This allows attackers to manipulate execution flow or disable security functions like AMSI without detection. The method highlights a gap in current EDR monitoring of CPU-level debug registers.
Every event in this brief is a record in ColdRecon's canonical set, drawn from public open-source reporting and linked to its source. This is the general, non-personalized signal — published 7 days after the fact. The live daily brief, written for your deals, is for cleared officers.

This is last week, public. Get this morning's, written for you.

The live ColdRecon brief lands at 0600 daily — the same signal, filtered to your competitors and framed for your deals. Request clearance and tomorrow's is yours.

Request Clearance →