ar
Feedback
APT

APT

الذهاب إلى القناة على Telegram

This channel discusses: — Offensive Security — RedTeam — Malware Research — OSINT — etc Disclaimer: t.me/APT_Notes/6 Chat Link: t.me/APT_Notes_PublicChat

إظهار المزيد
روسيا45 631التكنولوجيات والتطبيقات8 841

📈 نظرة تحليلية على قناة تيليجرام APT

تُعد قناة APT (@apt_notes) في القطاع اللغوي الإنكليزية لاعباً نشطاً. يضم المجتمع حالياً 14 658 مشتركاً، محتلاً المرتبة 8 841 في فئة التكنولوجيات والتطبيقات والمرتبة 45 631 في منطقة روسيا.

📊 مؤشرات الجمهور والحراك

منذ تأسيسه في невідомо، حقق المشروع نمواً سريعاً وجمع 14 658 مشتركاً.

بحسب آخر البيانات بتاريخ 12 يونيو, 2026، تحافظ القناة على نشاط مستقر. خلال آخر 30 يوماً تغيّر عدد الأعضاء بمقدار 406، وفي آخر 24 ساعة بمقدار 7، مع بقاء الوصول العام مرتفعاً.

  • حالة التحقق: غير موثّقة
  • معدل التفاعل (ER): يبلغ متوسط تفاعل الجمهور 49.89‎%. وخلال أول 24 ساعة من النشر يحصد المحتوى عادةً N/A‎% من ردود الفعل نسبةً إلى إجمالي المشتركين.
  • وصول المنشورات: يحصل كل منشور على متوسط 7 313 مشاهدة. وخلال اليوم الأول يجمع عادةً 0 مشاهدة.
  • التفاعلات والاستجابة: يتفاعل الجمهور بانتظام؛ متوسط التفاعلات لكل منشور يبلغ 20.

📝 الوصف وسياسة المحتوى

يصف المؤلف القناة بأنها مساحة للتعبير عن الآراء الذاتية:
This channel discusses: — Offensive Security — RedTeam — Malware Research — OSINT — etc Disclaimer: t.me/APT_Notes/6 Chat Link: t.me/APT_Notes_PublicChat

بفضل وتيرة التحديث المرتفعة (أحدث البيانات بتاريخ 13 يونيو, 2026) تحافظ القناة على حداثتها ومستوى وصول مرتفع. وتُظهر التحليلات تفاعلاً نشطاً من الجمهور، ما يجعلها نقطة تأثير مهمة ضمن فئة التكنولوجيات والتطبيقات.

14 658
المشتركون
+724 ساعات
+1007 أيام
+40630 أيام
أرشيف المشاركات
APT
APT
14 663
🔒 TLSX Collection of additional assets of a target CIDR/IP/HOST from TLS certificates. Features: — Fast And fully configurab
🔒 TLSX Collection of additional assets of a target CIDR/IP/HOST from TLS certificates. Features: — Fast And fully configurable TLS Connection — Multiple Modes for TLS Connection — Multiple TLS probes — Auto TLS Fallback for older TLS version — Pre Handshake TLS connection (early termination) — Customizable Cipher / SNI / TLS selection — TLS Misconfigurations — HOST, IP, URL and CIDR input — STD IN/OUT and TXT/JSON output Example: 
tlsx -u 209.133.79.0/24 -san -cn -silent -resp-only | dnsx -silent | httpx | nuclei
https://github.com/projectdiscovery/tlsx #recon #tls #grabber #tools

APT
APT
14 663
Repost from Волосатый бублик
#ad #rpc #ntlm #privesc [ Coercer ] atricle: https://github.com/p0dalirius/windows-coerced-authentication-methods There is cu
#ad #rpc #ntlm #privesc [ Coercer ] atricle: https://github.com/p0dalirius/windows-coerced-authentication-methods There is currently 15 known methods in 5 protocols. tool: https://github.com/p0dalirius/Coercer A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods.

APT
APT
14 663

APT
APT
14 663
🔴 Reversing BRc4 Red-Teaming Tool Used by APT 29 On May 19, a malicious payload associated with Brute Ratel C4 (BRc4) was uploaded to VirusTotal, where it received a benign verdict from all 56 vendors that evaluated it. Beyond the obvious detection concerns, we believe this sample is also significant in terms of its malicious payload, command and control (C2), and packaging. Blog post: https://unit42.paloaltonetworks.com/brute-ratel-c4-tool/ Reversing the Malware by IppSec: https://youtu.be/a7W6rhkpVSM #maldev #c2 #brc4

APT
APT
14 663
🐞 Malware Development for Dummies In the age of EDR, red team operators cannot get away with using pre-compiled payloads any
🐞 Malware Development for Dummies In the age of EDR, red team operators cannot get away with using pre-compiled payloads anymore. As such, malware development is becoming a vital skill for any operator. Getting started with maldev may seem daunting, but is actually very easy. This workshop will show you all you need to get started! Slides: https://github.com/chvancooten/maldev-for-dummies/tree/main/Slides Exercises: https://github.com/chvancooten/maldev-for-dummies/tree/main/Exercises #maldev #csharp #nim

APT
APT
14 663
Repost from 1N73LL1G3NC3
Weaponizing and Abusing Hidden Functionalities Contained in Office Document Properties https://www.offensive-security.com/offsec/macro-weaponization/

APT
APT
14 663
⚔️ Maelstrom: C2 Development Blog Series We wanted to explore how C2s function in 2022, what evasive behavior's are required, and what a minimum viable C2 looks like in a world of sophisticated endpoint protection. Which gave us our goals for this blog series: - Document the internals of a minimum viable C2: * What are the ideas behind popular C2 implementations? * What are their goals and objectives? - Analyse and implement evasive behaviors: * What is required to run on a contemporary Windows system? * What is required to bypass up-to-date, modern endpoint protection? - Produce a proof-of-concept C2: * What is the minimum viable C2 for an operator in 2022? * What is required to detect this minimum viable C2? 🔗 Maelstrom: An Introduction 🔗 Maelstrom: The C2 Architecture 🔗 Maelstrom: Building the Team Server 🔗 Maelstrom: Writing a C2 Implant #maldev #c2

APT
APT
14 663
🐾 ChopHound Some scripts for dealing with any challenges that might arise when importing (large) JSON datasets into BloodHound. Blog post: https://blog.bitsadmin.com/blog/dealing-with-large-bloodhound-datasets Tool: https://github.com/bitsadmin/chophound #ad #bloodhound #cypher

APT
APT
14 663
⚙️ A Few Ways to Get TrustedInstaller Privileges GetTrustedInstaller Make an executable run with TrustedInstaller permissions
+1
⚙️ A Few Ways to Get TrustedInstaller Privileges GetTrustedInstaller Make an executable run with TrustedInstaller permissions under SYSTEM account. https://github.com/rara64/GetTrustedInstaller NtObjectManager This module adds a provider and cmdlets to access the NT object manager namespace. Example. Apply TrustedInstaller impersonation token to the current PowerShell process: 
Install-Module -Name NtObjectManager -Confirm:$false
Restart-Service TrustedInstaller
$procId = (Get-Process TrustedInstaller).Id
$token = Get-NtTokenFromProcess -ProcessId $procId
$current = Get-NtThread -Current -PseudoHandle
$ctx = $current.Impersonate($token)
$impToken = Get-NtToken -Impersonation
$impToken.Groups
https://github.com/googleprojectzero/sandbox-attacksurface-analysis-tools/tree/main/NtObjectManager #localsystem #trustedinstaller

APT
APT
14 663
🔎 ldeep In-depth LDAP enumeration utility. https://github.com/franc-pentest/ldeep Install: $ pip3 install ldeep Usage Exampl
🔎 ldeep In-depth LDAP enumeration utility. https://github.com/franc-pentest/ldeep Install: 
$ pip3 install ldeep
Usage Example: 
# Enumerate ACEs on AdminSDHolder object

$ ldeep ldap -s 'ldap://10.10.13.37' -d megacorp -u j.doe -p 'Passw0rd!' -b 'CN=System,DC=megacorp,DC=local' sddl AdminSDHolder | jq '.[].nTSecurityDescriptor.DACL.ACEs[] | select(.Type | contains("Allowed")) | .SID + " :: " + .Type'

# Convert SID to name

$ ldeep ldap -s 'ldap://10.10.13.37' -d megacorp -u j.doe -p 'Passw0rd!' from_sid <SID>
#ad #ldap

APT
APT
14 663
😡 Brute-Ratel-C4-Community-Kit This repository contains scripts, configurations and deprecated payload loaders for Brute Ratel C4. Anything which is added in the deprecated folder will not be a part of the latest release of BRc4. https://github.com/paranoidninja/Brute-Ratel-C4-Community-Kit #c2 #bof #shellcode #injection

APT
APT
14 663
📡 Relaying to ADFS Attacks Praetorian has developed and is releasing an open source tool ADFSRelay and NTLMParse, which can be used for performing relaying attacks targeting ADFS and analyzing NTLM messages respectively. https://www.praetorian.com/blog/relaying-to-adfs-attacks/ #ad #adfs #relay #ntlm

APT
APT
14 663
Repost from SHADOW:Group
​​🐘 Удаленная эксплуатация переполнения кучи в веб-приложениях PHP (CVE 2022-31626) Представлен PoC для RCE уязвимости в PHP <=7.4.29, которая может быть запущена через мошеннический сервер MySQL/MariaDB. Ссылка на PoC #web #rce

APT
APT
14 663
🦠 Mangle Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL). Mangle can remove known Indicators of Compromise (IoC) based strings and replace them with random characters, change the file by inflating the size to avoid EDRs, and can clone code-signing certs from legitimate files. In doing so, Mangle helps loaders evade on-disk and in-memory scanners. https://github.com/optiv/Mangle #av #edr #memory #evasion #redteam

APT
APT
14 663
😈 How to Detect Linux Anti-Forensics Log Tampering When forensically examining Linux systems for malicious intrusion, respon
😈 How to Detect Linux Anti-Forensics Log Tampering When forensically examining Linux systems for malicious intrusion, responders often rely on the following three artefacts to determine logins and logouts: — /var/run/utmp – currently logged in users — /var/run/wtmp – current, past logins and system reboot — /var/log/btmp – bad login attempts Of course, these artefacts are not all you can forensically investigate for malicious access, however, these will be the focus of this anti-forensics blog post. https://www.inversecos.com/2022/06/detecting-linux-anti-forensics-log.html #linux #log #evasion #antiforensics

APT
APT
14 663
🦠 Hiding C2 Traffic Using Tyk.io A small article on the topic of hiding your malicious C2 traffic through of the TYK cloud A
🦠 Hiding C2 Traffic Using Tyk.io A small article on the topic of hiding your malicious C2 traffic through of the TYK cloud API management service domains. Tyk API gateway will let you manage your API ingress and routing them to different endpoints, some of them could be internally but some of them could be publicly exposed, and you can add some controls for authentication purposes while calling one of your APIs. 🔗 https://shells.systems/oh-my-api-abusing-tyk-cloud-api-management-service-to-hide-your-malicious-c2-traffic/ #c2 #rederectors #trafific #redteam

APT
APT
14 663
How it started: “I waited 2 years for this, rewrote impacket for this, asked cryptographers to remake algos in python for thi
How it started: “I waited 2 years for this, rewrote impacket for this, asked cryptographers to remake algos in python for this, spent enormous time of my life to make this happen. and it's finally here this finally works and I can't find the words to express my satisfaction.” (SkelSec)

APT
APT
14 663
🐙🐍 OctoPwn & OctoPwnWeb Pentest framework running (almost) entirely in the browser via pyodide. OctoPwnWeb has been presented a41con. Talk: https://youtu.be/jStdrDHTmD4 Slides: https://docs.google.com/presentation/d/1XQFYr_OBI1lrpybsLrHWTWcYNZcF_zOmGDHiIBwSMng Tool: http://octopwn.porchetta.industries/ Repository: https://github.com/skelsec/octopwnweb Readme: http://octopwn.porchetta.industries/readme.html Sponsor for more features: https://porchetta.industries #pentest #framework

APT
APT
14 663
🧲 PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot method Spooler service disabled, RPC filters installed t
🧲 PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot method Spooler service disabled, RPC filters installed to prevent PetitPotam and File Server VSS Agent Service not installed but you still want to relay DC authentication to ADCS? Don't worry MS-DFSNM have your back: 🔗 https://github.com/Wh04m1001/DFSCoerce Inspired by: 🔗 https://github.com/topotam/PetitPotam 🔗 https://github.com/ShutdownRepo/ShadowCoerce 🔗 https://github.com/leechristensen/SpoolSample #authentication #coercion #petitpotam #ms-dfsnm

APT
APT
14 663
Repost from RedTeam brazzers
Меньше месяца назад вышло исследование под названием "Уязвимости и атаки на CMS Bitrix". Вдохновившись этим исследованием, мой коллега Юрий (Компания BSS-Security) докрутил один из путей до RCE. Пообшавшись с разработчиками и убедившись, что уязвимость в последней версии устранена - со спокойной душой выкладываем разбор и PoC уязвимости. Ну и как всегда рекомендация - обновляйтесь вовремя))