Category: zerosalarium

steathy persistence post logo 2
08
Mar
2026

Stealthy Persistence With Non-Existent Executable File

  I. INTRO One of the daily tasks of Pentesters or Redteamers is to establish and maintain persistence to ensure…

Share: X : Stealthy Persistence With Non-Existent Executable FileFacebook : Stealthy Persistence With Non-Existent Executable FileLinkedin : Stealthy Persistence With Non-Existent Executable FileReddit : Stealthy Persistence With Non-Existent Executable FileTelegram : Stealthy Persistence With Non-Existent Executable FileWhatsApp : Stealthy Persistence With Non-Existent Executable FileEmail : Stealthy Persistence With Non-Existent Executable File
breaking defender with symlink post logo
08
Mar
2026

Break The Protective Shell Of Windows Defender With The Folder Redirect Technique

I. INTRO During penetration testing or red team activities, the attackers are constantly pursued by Antivirus and Endpoint Detection and…

Share: X : Break The Protective Shell Of Windows Defender With The Folder Redirect TechniqueFacebook : Break The Protective Shell Of Windows Defender With The Folder Redirect TechniqueLinkedin : Break The Protective Shell Of Windows Defender With The Folder Redirect TechniqueReddit : Break The Protective Shell Of Windows Defender With The Folder Redirect TechniqueTelegram : Break The Protective Shell Of Windows Defender With The Folder Redirect TechniqueWhatsApp : Break The Protective Shell Of Windows Defender With The Folder Redirect TechniqueEmail : Break The Protective Shell Of Windows Defender With The Folder Redirect Technique
lsadump with wsass logo
08
Mar
2026

Old But Gold, Dumping LSASS With Windows Error Reporting On Modern Windows 11

  I. LEAD-IN As we know, after an attacker gains control of a machine on the network, the most common…

Share: X : Old But Gold, Dumping LSASS With Windows Error Reporting On Modern Windows 11Facebook : Old But Gold, Dumping LSASS With Windows Error Reporting On Modern Windows 11Linkedin : Old But Gold, Dumping LSASS With Windows Error Reporting On Modern Windows 11Reddit : Old But Gold, Dumping LSASS With Windows Error Reporting On Modern Windows 11Telegram : Old But Gold, Dumping LSASS With Windows Error Reporting On Modern Windows 11WhatsApp : Old But Gold, Dumping LSASS With Windows Error Reporting On Modern Windows 11Email : Old But Gold, Dumping LSASS With Windows Error Reporting On Modern Windows 11
EDR-Freeze logo post
08
Mar
2026

A Tool That Puts EDRs And Antivirus Into A Coma State

I. STARTER Currently, in addition to merely focusing on avoiding scrutiny from EDRs (Endpoint Detection and Response) and Antivirus, the…

Share: X : A Tool That Puts EDRs And Antivirus Into A Coma StateFacebook : A Tool That Puts EDRs And Antivirus Into A Coma StateLinkedin : A Tool That Puts EDRs And Antivirus Into A Coma StateReddit : A Tool That Puts EDRs And Antivirus Into A Coma StateTelegram : A Tool That Puts EDRs And Antivirus Into A Coma StateWhatsApp : A Tool That Puts EDRs And Antivirus Into A Coma StateEmail : A Tool That Puts EDRs And Antivirus Into A Coma State
Product
08
Mar
2026

Books on Programming and Cybersecurity recommended by Zero Salarium Researchers

Books Recommended by Zero Salarium Programming is the backbone of the digital world. If you want to sharpen your cybersecurity…

Share: X : Books on Programming and Cybersecurity recommended by Zero Salarium ResearchersFacebook : Books on Programming and Cybersecurity recommended by Zero Salarium ResearchersLinkedin : Books on Programming and Cybersecurity recommended by Zero Salarium ResearchersReddit : Books on Programming and Cybersecurity recommended by Zero Salarium ResearchersTelegram : Books on Programming and Cybersecurity recommended by Zero Salarium ResearchersWhatsApp : Books on Programming and Cybersecurity recommended by Zero Salarium ResearchersEmail : Books on Programming and Cybersecurity recommended by Zero Salarium Researchers
DefenderWrite post logo
08
Mar
2026

Abusing Whitelisted Programs for Arbitrary Writes

 I. OVERVIEW During the penetration testing process or red team activities, attackers always need to find a safe spot to…

Share: X : Abusing Whitelisted Programs for Arbitrary WritesFacebook : Abusing Whitelisted Programs for Arbitrary WritesLinkedin : Abusing Whitelisted Programs for Arbitrary WritesReddit : Abusing Whitelisted Programs for Arbitrary WritesTelegram : Abusing Whitelisted Programs for Arbitrary WritesWhatsApp : Abusing Whitelisted Programs for Arbitrary WritesEmail : Abusing Whitelisted Programs for Arbitrary Writes
EDR-Redir post logo image
08
Mar
2026

Using EDR-Redir To Break EDR Via Bind Link and Cloud Filter

  I. OVERVIEW Endpoint Detection and Response (EDR) always provides strong protection for its executable file locations. If an attacker…

Share: X : Using EDR-Redir To Break EDR Via Bind Link and Cloud FilterFacebook : Using EDR-Redir To Break EDR Via Bind Link and Cloud FilterLinkedin : Using EDR-Redir To Break EDR Via Bind Link and Cloud FilterReddit : Using EDR-Redir To Break EDR Via Bind Link and Cloud FilterTelegram : Using EDR-Redir To Break EDR Via Bind Link and Cloud FilterWhatsApp : Using EDR-Redir To Break EDR Via Bind Link and Cloud FilterEmail : Using EDR-Redir To Break EDR Via Bind Link and Cloud Filter
EDR-Redir V2 loading image
08
Mar
2026

Blind EDR With Fake Program Files

  I. INTRODUCTION In previous articles, I demonstrated using Windows’ bind link feature to block or redirect Antivirus/EDR from accessing…

Share: X : Blind EDR With Fake Program FilesFacebook : Blind EDR With Fake Program FilesLinkedin : Blind EDR With Fake Program FilesReddit : Blind EDR With Fake Program FilesTelegram : Blind EDR With Fake Program FilesWhatsApp : Blind EDR With Fake Program FilesEmail : Blind EDR With Fake Program Files
EDRStartupHinder illustration
08
Mar
2026

EDRStartupHinder: EDR Startup Process Blocker

  I. OVERVIEW Continuing the series of studies on exploiting the Bindlink API to tamper with Antivirus/EDRs. This time, I…

Share: X : EDRStartupHinder: EDR Startup Process BlockerFacebook : EDRStartupHinder: EDR Startup Process BlockerLinkedin : EDRStartupHinder: EDR Startup Process BlockerReddit : EDRStartupHinder: EDR Startup Process BlockerTelegram : EDRStartupHinder: EDR Startup Process BlockerWhatsApp : EDRStartupHinder: EDR Startup Process BlockerEmail : EDRStartupHinder: EDR Startup Process Blocker
Defense Evasion The service run failed successfully
08
Mar
2026

The Service Run Failed Successfully

 I. LEAD-IN In the process of red-teaming, what we often do during lateral movement is perform remote execution through other…

Share: X : The Service Run Failed SuccessfullyFacebook : The Service Run Failed SuccessfullyLinkedin : The Service Run Failed SuccessfullyReddit : The Service Run Failed SuccessfullyTelegram : The Service Run Failed SuccessfullyWhatsApp : The Service Run Failed SuccessfullyEmail : The Service Run Failed Successfully
IAmAntimalware post logo
13
Oct
2025

Inject Malicious Code Into Antivirus

  I. STARTER When conducting penetration testing on target machines, our actions will be ruthlessly monitored and judged by Antivirus….

Share: X : Inject Malicious Code Into AntivirusFacebook : Inject Malicious Code Into AntivirusLinkedin : Inject Malicious Code Into AntivirusReddit : Inject Malicious Code Into AntivirusTelegram : Inject Malicious Code Into AntivirusWhatsApp : Inject Malicious Code Into AntivirusEmail : Inject Malicious Code Into Antivirus
13
Oct
2025

Inject Malicious Code Into Antivirus

  I. STARTER When conducting penetration testing on target machines, our actions will be ruthlessly monitored and judged by Antivirus….

Share: X : Inject Malicious Code Into AntivirusFacebook : Inject Malicious Code Into AntivirusLinkedin : Inject Malicious Code Into AntivirusReddit : Inject Malicious Code Into AntivirusTelegram : Inject Malicious Code Into AntivirusWhatsApp : Inject Malicious Code Into AntivirusEmail : Inject Malicious Code Into Antivirus