APT

الذهاب إلى القناة على Telegram

This channel discusses: — Offensive Security — RedTeam — Malware Research — OSINT — etc Disclaimer: t.me/APT_Notes/6 Chat Link: t.me/APT_Notes_PublicChat

📈 نظرة تحليلية على قناة تيليجرام APT

تُعد قناة APT (@apt_notes) في القطاع اللغوي الإنكليزية لاعباً نشطاً. يضم المجتمع حالياً 14 757 مشتركاً، محتلاً المرتبة 8 814 في فئة التكنولوجيات والتطبيقات والمرتبة 45 328 في منطقة روسيا.

📊 مؤشرات الجمهور والحراك

منذ تأسيسه في невідомо، حقق المشروع نمواً سريعاً وجمع 14 757 مشتركاً.

بحسب آخر البيانات بتاريخ 16 يونيو, 2026، تحافظ القناة على نشاط مستقر. خلال آخر 30 يوماً تغيّر عدد الأعضاء بمقدار 461، وفي آخر 24 ساعة بمقدار 19، مع بقاء الوصول العام مرتفعاً.

حالة التحقق: غير موثّقة
معدل التفاعل (ER): يبلغ متوسط تفاعل الجمهور 53.58‎%. وخلال أول 24 ساعة من النشر يحصد المحتوى عادةً N/A‎% من ردود الفعل نسبةً إلى إجمالي المشتركين.
وصول المنشورات: يحصل كل منشور على متوسط 7 900 مشاهدة. وخلال اليوم الأول يجمع عادةً 0 مشاهدة.
التفاعلات والاستجابة: يتفاعل الجمهور بانتظام؛ متوسط التفاعلات لكل منشور يبلغ 20.

📝 الوصف وسياسة المحتوى

يصف المؤلف القناة بأنها مساحة للتعبير عن الآراء الذاتية:
“This channel discusses: — Offensive Security — RedTeam — Malware Research — OSINT — etc Disclaimer: t.me/APT_Notes/6 Chat Link: t.me/APT_Notes_PublicChat”

بفضل وتيرة التحديث المرتفعة (أحدث البيانات بتاريخ 17 يونيو, 2026) تحافظ القناة على حداثتها ومستوى وصول مرتفع. وتُظهر التحليلات تفاعلاً نشطاً من الجمهور، ما يجعلها نقطة تأثير مهمة ضمن فئة التكنولوجيات والتطبيقات.

14 757

المشتركون

+1924 ساعات

+1177 أيام

+46130 أيام

7 900

عرض المشاهدات

لا توجد بيانات24 ساعات

لا توجد بيانات48 ساعات

53.58%

معدل المشاركة

لا توجد بيانات

المشاركات في اليوم

Ads index

beta

أرشيف المشاركات

14 757

🚨 Fortinet FortiManager Unauthenticated RCE (CVE-2024-47575) The remote code execution vulnerability in FortiManager allows attackers to perform arbitrary operations by exploiting commands via the FGFM protocol, circumventing authentication. Referred to as FortiJump, this vulnerability provides unauthorized access to FortiManager, enabling control over FortiGate devices by taking advantage of insufficient security in command handling and device registration processes. 🛠 Affected Versions:

FortiManager 7.6.0
FortiManager 7.4.0 through 7.4.4
FortiManager 7.2.0 through 7.2.7
FortiManager 7.0.0 through 7.0.12
FortiManager 6.4.0 through 6.4.14
FortiManager 6.2.0 through 6.2.12
FortiManager Cloud 7.4.1 through 7.4.4
FortiManager Cloud 7.2.1 through 7.2.7
FortiManager Cloud 7.0.1 through 7.0.12
FortiManager Cloud 6.4

🔗 Research: https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/ 🔗 Source: https://github.com/watchtowrlabs/Fortijump-Exploit-CVE-2024-47575 #fortinet #fortimanager #fgfm #unauth #rce

14 757

🌐 URLFinder URLFinder is a high-speed, passive URL discovery tool designed to simplify and accelerate web asset discovery, ideal for penetration testers, security researchers, and developers looking to gather URLs without active scanning. 🚀 Features: — Passive source discovery — JSON/file/stdout output — Optimized speed & efficiency 🔗 Source: https://github.com/projectdiscovery/urlfinder #url #domain #finder #osint

14 757

⚙️ Citrix Virtual Apps and Desktops — Unauthenticated RCE This vulnerability in Citrix Virtual Apps and Desktops enables unauthorized users to achieve remote code execution through a misconfigured Microsoft Message Queuing (MSMQ) service accessible over HTTP. The issue stems from using an outdated BinaryFormatter for data deserialization, allowing attackers to run commands with SYSTEM privileges on the Citrix server. 🔗 Research: https://labs.watchtowr.com/visionaries-at-citrix-have-democratised-remote-network-access-citrix-virtual-apps-and-desktops-cve-unknown/ 🔗 Source: https://github.com/watchtowrlabs/Citrix-Virtual-Apps-XEN-Exploit #citrix #msmq #deserialization #unauth #rce

14 757

✉️ Finding Email Addresses without Paywalls Every Pentester or Red Teamer has likely encountered situations where they need to perform User Enumeration or Password Spraying, but where can you find a list of valid users? Snov.io, Hunter.io, and Phonebook.cz no longer provide easy access to email lists and instead hit you with a paywall. Here’s the solution — Prospeo! Just log in with Google SSO, enter the target domain, and get a list of email addresses with no strings attached. Source: https://app.prospeo.io/domain-search #user #email #enumeration #wordlist

14 757

🧑‍💻Obsidian Web Clipper New extension that helps you highlight and capture the web in your browser. Anything you save is stored as durable Markdown files that you can read offline, and preserve for the long term. Source: https://obsidian.md/clipper #obsidian #markdown #extensions

14 757

Repost from 1N73LL1G3NC3

BOFHound Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel. Blog Posts: • BOFHound: AD CS Integration • BOFHound: Session Integration • Granularize Your AD Recon Game • Granularize Your AD Recon Game Part 2 P.S:

BOFHound can now parse Active Directory Certificate Services (AD CS) objects, manually queried from LDAP, for review and attack path mapping within BloodHound Community Edition (BHCE).

14 757

Repost from 1N73LL1G3NC3

TypeLibWalker Hijack the TypeLib. New COM persistence technique So I decided to look for some new way of persistence. The object of study was the COM (Component Object Model) system. The choice was not made by chance, it is quite an old, not too simple and not too complex system that not many people understand. In this article, i will introduce TypeLib libraries, see the relationship between TypeLib and COM, and achieve persistent code execution using TypeLib.

14 757

Repost from Offensive Xwitter

😈 [ Steph @w34kp455 ] Call it the biggest #NTLM #password database or monstrous #MD5 leak, but on, you can find precomputed datasets for various wordlists and different hashes - all free! FYI: all_in_one.latin.txt for NTLM contains 26.5 billion pairs of hash:password inside!🔥 🔗 http://weakpass.com 🐥 [ tweet ]

14 757

🔔Call and Register — Relay Attack on WinReg RPC Client A critical vulnerability (CVE-2024-43532) has been identified in Microsoft’s Remote Registry client. This flaw allows attackers to exploit insecure fallback mechanisms in the WinReg client, enabling them to relay authentication details and make unauthorized certificate requests through Active Directory Certificate Services (ADCS). 🔗 Research: https://www.akamai.com/blog/security-research/winreg-relay-vulnerability 🔗 RPC Visibility Tool: https://github.com/akamai/akamai-security-research/tree/main/rpc_toolkit/rpc_visibility 🔗 PoC: https://github.com/akamai/akamai-security-research/tree/main/PoCs/cve-2024-43532 #ad #adcs #rpc #ntlm #relay #etw #advapi

14 757

💻 Exploiting Windows Kernel via Kernel Streaming Proxying An in-depth look at CVE-2024-30090, a vulnerability in Kernel Streaming, allowing privilege escalation via malformed IOCTL requests. By leveraging KS Event mishandling during 32-bit to 64-bit conversions, can exploit the bug pattern to gain arbitrary kernel mode access. 🔗 Research: Proxying to Kernel - Part I Proxying to Kernel - Part II 🔗 Source: https://github.com/Dor00tkit/CVE-2024-30090 #windows #streaming #kernel #cve #poc

14 757

👻 Ghost: Shellcode Loader Ghost is a shellcode loader project designed to bypass multiple detection capabilities that are usually implemented by an EDR. 🚀 Feature: — Bypassing kernel callbacks with fiber threads — Stack spoofing (Return Address Spoofing and Function Hooking) — Hiding shellcode within large, randomized memory regions — Disabling ETW — Removing EDR function hooks with suspended processes — Custom API hashing for resolving functions 🔗 Source: https://github.com/cpu0x00/Ghost #edr #shellcode #kernel #memory #evasion

14 757

Repost from 1N73LL1G3NC3

Exploit for Windows Kernel-Mode Driver Elevation of Privilege Flaw (CVE-2024-35250)

14 757

Repost from 1N73LL1G3NC3

CVE-2024-9465: Palo Alto Expedition Unauthenticated SQL Injection Firing up the SQLMAP tool, and supplying it the endpoint and parameter to inject and table to dump, it successfully dumps the entire users table:

python3 sqlmap.py -u "https://10.0.40.64/bin/configurations/parsers/Checkpoint/CHECKPOINT.php?action=im port&type=test&project=pandbRBAC&signatureid=1" -p signatureid -T users --dump

CVE-2024-5910: Expedition: Missing Authentication Leads to Admin Account Takeover for attackers with network access

curl -k 'https://10.0.40.64/0S/startup/restore/restoreAdmin.php'

CVE-2024-9464: Palo Alto Expedition Authenticated Command Injection Exploit CVE-2024-9466: Cleartext Credentials in Logs

/home/userSpace/devices/debug.txt

This world-readable file contained the raw request logs of the Expedition server when it exchanged cleartext credentials for API keys in the device integration process. The Expedition server only stores the API keys, and is not supposed to retain the cleartext credentials, but this log file showed all the credentials used in cleartext. This issue was reported and assigned CVE-2024-9466. Blog: https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/ Shodan dork:

html:"Expedition Project"

14 757

Repost from 1N73LL1G3NC3

KrbRelay-SMBServer This krbrelay version acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP.

Relaying SMB to HTTP (ADCS) with a modified version of krbrelay using DFSCoerce and PetitPotam - classic ESC8 attack with Kerberos, no DCOM involved ;)

14 757

Repost from haxx

📖 Тем временем в NetExec (nxc) подвезли поддержку протокола NFS. Из функций сейчас доступен энум файловых шар (права и файлы рекурсивно), погрузка и разгрузка файлов. Базовый энум

NetExec nfs IP --shares

Рекурсивный энум

NetExec nfs IP --enum-shares

Забираем файл

NetExec nfs IP --get-file /home/user/Desktop/test/lolkekpohek.txt lolkekpohek.txt

Заливаем файл

NetExec nfs IP --put-file lolkekpohek.txt /home/user/Desktop/

🔗 Где почитать подробнее: Энум https://www.netexec.wiki/nfs-protocol/enumeration Льем/качаем файлы https://www.netexec.wiki/nfs-protocol/download-and-upload-files Исходники https://github.com/Pennyw0rth/NetExec/tree/main/nxc/protocols/nfs

14 757

Repost from 1N73LL1G3NC3

CVE-2024-26808 Linux kernel Netfilter Use-After-Free leads to LPE CVE-2024-26808 is a use-after-free vulnerability within the Linux Kernel Netfilter, a powerful framework integral to the Linux networking stack. Netfilter provides essential networking operations such as packet filtering, network address translation (NAT), and port forwarding. The flaw arises from improper handling of network packet processing, leading to the potential for unauthorized memory access. Writeup: https://github.com/google/security-research/blob/master/pocs/linux/kernelctf/CVE-2024-26808_cos/docs/exploit.md

14 757

Underconf Конференция получилась просто огонь! Полезные доклады, превосходные спикеры и невероятная атмосфера. Отдельный респект за ностальгическую игровую зону, которая вернула в прошлое, и трек Pentest AD. Особая благодарность ISTINA lounge за уют и потрясающие чаи ❤️ «12 мундштуков из 10!» Спасибо организаторам за крутой эвент! 🔥

14 757

🚀 Elevating Privileges in Windows via Activation Cache Poisoning A deep dive into CVE-2024-6769, which leverages two chained bugs to escalate privileges from medium to high integrity. The first stage involves remapping the root drive, followed by a DLL hijacking exploit. The second stage poisons the Activation Cache through the CSRSS process to gain full administrator access. 🔗 Research: https://www.coresecurity.com/core-labs/articles/cve-2024-6769-poisoning-activation-cache-elevate-medium-high-integrity 🔗 Source: https://github.com/fortra/CVE-2024-6769 #windows #privesc #dll #hijacking

14 757

Repost from PT SWARM

ATTACKING UNIX SYSTEMS VIA CUPS, PART I 👤 by Simone Margaritelli A remote unauthenticated attacker can silently replace existing printers’ (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print job is started (from that computer). Entry Points • WAN / public internet: a remote attacker sends an UDP packet to port 631. No authentication whatsoever. • LAN: a local attacker can spoof zeroconf / mDNS / DNS-SD advertisements and achieve the same code path leading to RCE. RCE chain • Force the target machine to connect back to our malicious IPP server. • Return an IPP attribute string that will inject controlled PPD directives to the temporary file. • Wait for a print job to be sent to our fake printer for the PPD directives, and therefore the command, to be executed. 📝 Contents: ● Summary ● Intro ● What is cups-browsed? ● Stack Buffer Overflows and Race Conditions ● Back to found_cups_printer ● Internet Printing Protocol ● PostScript Printer Description ● The problematic child: foomatic-rip ● Remote Command Execution chain ● Personal Considerations ● One More Thing https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/

14 757

🔐 Red Teaming in the age of EDR: Evasion of Endpoint Detection Through Malware Virtualisation This article explains how attackers use malware virtualization, custom virtual machines, code obfuscation, and polymorphic packers to evade detection by EDR systems, allowing Red Teams to remain undetected in secure environments. 🔗 Source: https://blog.fox-it.com/2024/09/25/red-teaming-in-the-age-of-edr-evasion-of-endpoint-detection-through-malware-virtualisation/ #edr #evasion #virtualization #obfuscation #redteam