Two Seven One Three
@TwoSevenOneT
Followers
4K
Following
832
Media
39
Statuses
210
Chief Security Officer (CSO) || Security Researcher at https://t.co/YsorB5YEAu || Penetration Tester || Red Teamer || Social Engineering Awareness Trainer
Joined September 2024
He should continue analyzing EDR-Redir, DefenderWrite, and IAmAntimalware π
Hunting for EDR-Freeze
0
2
10
When the marketing team hits the deadline π
I always thought this was a normal feature.π
CVE-2025-9491 vulnerability exists in the way Windows handles .LNK (shortcut) files. Attackers can embed malicious command-line parameters in the "Target" field of the LNK file and pad them with spaces or other characters to hide
0
0
6
[1day1line] CVE-2025-59287 Hello! Todayβs 1day1line is about CVE-2025-59287 (RCE) in WSUS β an unauthenticated RCE affecting on-premises Windows Server Update Services. Check out the post! π https://t.co/ceQKf9hape
hackyboiz.github.io
URL https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287 Target WSUSκ° μ€μΉ λ° νμ±νλ μλ²μλ§ μν₯ Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Server 2019 Windows...
1
7
35
Very fast π
π§ββοΈ Hunting EDR-Redir V2 with KQLWizard Magic Big shoutout to Zero Salarium @TwoSevenOneT for the creative twist on EDR-Redir V2 β itβs slick, evasive, and demands some serious wizardry to track. So the KQLWizard went back to the arcane scrolls and conjured a fresh KQL spell to
0
1
19
After testing with @Cameron21668376 EDR-Redir can run successfully with CrowdStrike Falcon π₯ #PenTesting GitHub: TwoSevenOneT/EDR-Redir
2
8
50
EDR-Redir V2 uses the bind link technique with the Program Files folder and creates a bind link for a folder that points to itself to break, bypass, and block Antivirus and EDR solutions. #itsecurity #redteam #pentest
https://t.co/NKIOf3pc2R
zerosalarium.com
EDR-Redir V2 uses bind link technique with Program Files folder. Create bind link for folder points to itself to break, bypass, block Antivirus, EDRs
1
9
31
EDR-Redir V2 can redirect entire folders like "Program Files" to point back to themselves, except for the folders of #antimalware EDR. This means that other software continues to function normally, while only the EDR is redirected or blocked. #itsecurity #redteam
4
32
169
EDR-Redir can successfully run with ESET. I will soon upgrade it to V2 with the ability to "redir" more types of EDRs. πͺ GitHub: TwoSevenOneT/EDR-Redir #antimalware #CyberSecurity
3
34
183
Good news: EDR-Redir "bind" mode now can work with Windows 10 π€ https://t.co/PfCcG1xzmD
github.com
EDR-Redir : a tool used to redirect the EDR's folder to another location. - TwoSevenOneT/EDR-Redir
2
29
109
π‘οΈπ EDR-Redir: Breaking EDR with BindLink & Cloud Filter and how I detect it for MDE A new technique dubbed EDR-Redir from Zero Salarium shows how attackers can hijack or disable EDRs like Defender, Elastic, and Sophos by abusing Windows 11βs Bind Filter and Cloud Filter
0
39
112
Some EDR/Antivirus have been successfully tested Microsoft Windows Defender Elastic Defend Sophos Intercept X
1
2
18
EDR-Redir uses a Bind Filter (mini filter bindflt.sys) and the Windows Cloud Filter API (cldflt.sys) to redirect the Endpoint Detection and Response (EDR) 's working folder to a folder of the attacker's choice. https://t.co/7oDmOETdCA
#itsecurity #redteam #pentest
zerosalarium.com
EDR-Redir uses BindLink Filter and Windows Cloud Filter to inject, corrupt, and disable EDRs.
1
18
57
EDR-Redir: You can break EDRs/Antivirus from user mode with bind link and cloud minifilter. Because your payload deserves privacy. #antimalware #itsecurity #redteam
6
75
322
Credential Guard was supposed to end credential dumping. It didn't. @bytewreck just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled. Read for more ‡οΈ
specterops.io
Uncovering the protection mechanisms provided by modern Windows security features and identifying new methods for credential dumping.
4
309
651
π
π‘ Detecting DefenderWrite Exploitation in Microsoft Defender for Endpoint https://t.co/CKMj8uU48q DefenderWrite (developed by Zero Salarium) is a penetration testing utility designed to identify and exploit whitelisted Windows executables, enabling arbitrary file writes within
0
2
15
By using brute-force and injecting into all available programs on Windows 11. DefenderWrite will help you identify which programs are allowed to write into the Antivirus's operating folder. https://t.co/YqI8Pwm5s8
#itsecurity #cybersecurity #redteam
zerosalarium.com
DefenderWrite tool that helps find programs whitelisted by Antivirus and exploits these programs to write arbitrary files into the Antivirus's folder
0
14
43
#Windowsdefender allows certain special programs to write arbitrarily into its operating folder. I also tested with three other #antimalware products, and all of them had at least one Windows program whitelisted. GitHub: TwoSevenOneT/DefenderWrite #redteam
6
69
275
#IAmAntimalware vs BitDefender Antivirus, TrendMicro Antivirus+ #antimalware Github: TwoSevenOneT/IAmAntimalware #redteam
2
10
53