// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRF-01DTG 0600Z
ColdRecon / Brief Archive / Week of January 12, 2026
Signal Brief · Archived

Week of January 12, 2026

2026-01-12 — 2026-01-18 · 2 PUBLIC EVENTS · GENERAL / NON-PERSONALIZED

In the week of January 12, 2026, ColdRecon logged 2 public endpoint-security events from open-source reporting — 2 research pocs. Vendors in the record this week: Microsoft.

The Week's Public Record

Events

2026-01-13
research poc
Patchless ETW and AMSI Bypass Using Hardware Breakpoints Reverse-Engineered from Turla's Kazuar v3 LoaderPatchless ETW & AMSI Bypass via Hardware Breakpoints
A proof-of-concept demonstrates a patchless bypass of ETW and AMSI using hardware breakpoints and vectored exception handling, reverse-engineered from the Turla Kazuar v3 loader. The technique avoids modifying code in memory, making it stealthier against EDR memory integrity checks. It was tested on Windows 10 22H2.
2026-01-13
research poc
AMSI Bypass Using Reflection Techniques Remains Effective Against Modern AV/EDR in 2025AMSI Bypass via Reflection
Researchers demonstrated a proof-of-concept AMSI bypass using reflection techniques that successfully evaded modern antivirus and EDR solutions. The method manipulates the AMSI runtime to disable script content scanning, allowing malicious code execution. The bypass is expected to remain effective until Microsoft implements deeper reflection monitoring.
Every event in this brief is a record in ColdRecon's canonical set, drawn from public open-source reporting and linked to its source. This is the general, non-personalized signal — published 7 days after the fact. The live daily brief, written for your deals, is for cleared officers.

This is last week, public. Get this morning's, written for you.

The live ColdRecon brief lands at 0600 daily — the same signal, filtered to your competitors and framed for your deals. Request clearance and tomorrow's is yours.

Request Clearance →