Two Seven One Three
@twosevenonethree.bsky.social
Chief Security Officer (CSO) || Security Researcher at https://ZeroSalarium.com || Penetration Tester || Red Teamer || Social Engineering Awareness Trainer
Detailed analysis of the techniques used in the EDR-Freeze tool and how the #securityvulnerability of Windows Error Reporting is exploited to halt the operation of #antimalware
#cybersecurity
www.zerosalarium.com/2025/09/EDR-...
#cybersecurity
www.zerosalarium.com/2025/09/EDR-...
EDR-Freeze: A Tool That Puts EDRs And Antivirus Into A Coma State
EDR-Freeze exploits the vulnerability of WerFaultSecure to suspend the processes of EDRs and Antimalware, halting the operation of Antivirus and EDR
www.zerosalarium.com
September 21, 2025 at 7:20 AM
Detailed analysis of the techniques used in the EDR-Freeze tool and how the #securityvulnerability of Windows Error Reporting is exploited to halt the operation of #antimalware
#cybersecurity
www.zerosalarium.com/2025/09/EDR-...
#cybersecurity
www.zerosalarium.com/2025/09/EDR-...
Analysis of command line parameters and #vulnerability of WerFaultSecure.exe in #microsoft Windows 8.1, along with the use of the WSASS tool for red team activities
#blueteam
www.zerosalarium.com/2025/09/Dump...
#blueteam
www.zerosalarium.com/2025/09/Dump...
Old But Gold, Dumping LSASS With Windows Error Reporting On Modern Windows 11
Use the offensive tool WSASS to dump the LSASS memory area by exploiting the vulnerability in WerFaultSecure.exe
www.zerosalarium.com
September 13, 2025 at 7:42 AM
Analysis of command line parameters and #vulnerability of WerFaultSecure.exe in #microsoft Windows 8.1, along with the use of the WSASS tool for red team activities
#blueteam
www.zerosalarium.com/2025/09/Dump...
#blueteam
www.zerosalarium.com/2025/09/Dump...
#Pentester can perform this manually using the tools available on Windows without the need for drivers or third-party software. #Redteam -ers simply use a symbolic link, after which they can control Windows Defender #antimalware
www.zerosalarium.com/2025/09/Brea...
www.zerosalarium.com/2025/09/Brea...
Break The Protective Shell Of Windows Defender With The Folder Redirect Technique
Exploiting vulnerability in the update mechanism of Windows Defender by using a symbolic link folder. Destroying or injecting code into Defender
www.zerosalarium.com
September 8, 2025 at 1:50 PM
#Pentester can perform this manually using the tools available on Windows without the need for drivers or third-party software. #Redteam -ers simply use a symbolic link, after which they can control Windows Defender #antimalware
www.zerosalarium.com/2025/09/Brea...
www.zerosalarium.com/2025/09/Brea...
Based on the mechanism where #Windows automatically searches for exec files in the same folder if the original executable file does not exist. #pentester can create stealthy persistence with non-existent executable files to confuse SysAdmin, #antimalware
www.zerosalarium.com/2025/09/Stea...
www.zerosalarium.com/2025/09/Stea...
Stealthy Persistence With Non-Existent Executable File
Exploiting the mechanism that automatically searches for additional executable files when Windows detects that the requested file does not exist
www.zerosalarium.com
September 7, 2025 at 9:22 AM
Based on the mechanism where #Windows automatically searches for exec files in the same folder if the original executable file does not exist. #pentester can create stealthy persistence with non-existent executable files to confuse SysAdmin, #antimalware
www.zerosalarium.com/2025/09/Stea...
www.zerosalarium.com/2025/09/Stea...