Two Seven One Three
LightNews LightNews
banner
twosevenonethree.bsky.social
Two Seven One Three
@twosevenonethree.bsky.social
12 followers 20 following 8 posts
Chief Security Officer (CSO) || Security Researcher at https://ZeroSalarium.com || Penetration Tester || Red Teamer || Social Engineering Awareness Trainer
Posts Replies Media Videos
twosevenonethree.bsky.social
We can exploit the #securityvulnerability of Windows Error Reporting to put EDRs and #antimalware into a coma-like state.
By using the EDR-Freeze #redteam tool:
Github: TwoSevenOneT/EDR-Freeze
September 21, 2025 at 7:19 AM
twosevenonethree.bsky.social
#redteam
Now, you can dump the #Windows password from the LSASS process with help from the past: WerFaultSecure.exe
Github: 2x7EQ13/WSASS
Experimental version: Windows 11 24H2
#Blueteam
wsass run console WSASS minidump file generated pypykatz lsa dump file of wsass
September 13, 2025 at 7:41 AM
twosevenonethree.bsky.social
#redteam
You can exploit the update functionality vulnerability of #Windows Defender to move its executable folder to a location of your choosing. After that, you can use DLL Sideloading for persistence, inject code, or simply disable it...
#blueteam
exploit make Windows Defender service file location redirected modules Defender service file location redirected after exploited Virus and Protection page disabled because of service not running after Defender was exploited
September 8, 2025 at 1:49 PM
twosevenonethree.bsky.social
It looks like an executable file with a .jpg extension from the early 2000s. But no! This is a method to create persistence with a non-existent executable file to bypass #antimalware
#PenTesting #BlueTeam
task schedule auto append .exe to execute file persistence task with execute entry not found file with .exe extension beside with non-exist task schedule exec file
September 7, 2025 at 9:20 AM