// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRF-01DTG 0600Z
ColdRecon / Brief Archive / Week of December 15, 2025
Signal Brief · Archived

Week of December 15, 2025

2025-12-15 — 2025-12-21 · 2 PUBLIC EVENTS · GENERAL / NON-PERSONALIZED

In the week of December 15, 2025, ColdRecon logged 2 public endpoint-security events from open-source reporting — 2 research pocs.

The Week's Public Record

Events

2025-12-19
research poc
GhostLocker: AppLocker-Based EDR Neutralization TechniqueGhostLocker
A proof-of-concept tool named GhostLocker demonstrates using Windows AppLocker policies to block EDR userland executables from launching, effectively neutralizing detection capabilities. The technique leverages native administrative controls to create deny rules for security products, leaving kernel drivers active but unable to process telemetry without userland components. This research highlights a method for bypassing EDR without requiring kernel-level tampering.
2025-12-17
research poc
macOS EDR Evasion Using Lesser-Known Languages and Native APIsmacOS EDR evasion via lesser-known languages and APIs
Research demonstrates that macOS malware written in lesser-known languages like Nim, Rust, and Go can evade Endpoint Detection and Response (EDR) products. The evasion exploits gaps in static analysis, API hooking, and limited telemetry on macOS, allowing malicious code to bypass detection mechanisms.
Every event in this brief is a record in ColdRecon's canonical set, drawn from public open-source reporting and linked to its source. This is the general, non-personalized signal — published 7 days after the fact. The live daily brief, written for your deals, is for cleared officers.

This is last week, public. Get this morning's, written for you.

The live ColdRecon brief lands at 0600 daily — the same signal, filtered to your competitors and framed for your deals. Request clearance and tomorrow's is yours.

Request Clearance →