𝗛𝗔𝗖𝗞𝗘𝗥𝗦 𝗔𝗦𝗦𝗘𝗠𝗕𝗟𝗘
前往频道在 Telegram
All Stuff Shared Here is for educational purpose. We are not resposible for any activity of a user with the posts and content here.
显示更多📈 Telegram 频道 𝗛𝗔𝗖𝗞𝗘𝗥𝗦 𝗔𝗦𝗦𝗘𝗠𝗕𝗟𝗘 的分析概览
频道 𝗛𝗔𝗖𝗞𝗘𝗥𝗦 𝗔𝗦𝗦𝗘𝗠𝗕𝗟𝗘 (@hackers_assemble) 英语 语言赛道中的 是活跃参与者。目前社区聚集了 14 967 名订阅者,在 技术与应用 类别中位列第 8 573,并在 美国 地区排名第 2 530 位。
📊 受众指标与增长动态
自 невідомо 创建以来,项目保持高速增长,吸引了 14 967 名订阅者。
根据 10 七月, 2026 的最新数据,频道保持稳定运转。过去 30 天订阅人数变化为 -34,过去 24 小时变化为 -2,整体触达仍然可观。
- 认证状态: 未认证
- 互动率 (ER): 平均受众互动率为 16.30%。内容发布后 24 小时内通常能获得 6.27% 的反应,占订阅者总量。
- 帖子覆盖: 每篇帖子平均可获得 2 440 次浏览,首日通常累积 939 次浏览。
- 互动与反馈: 受众积极参与,单帖平均反应数为 4。
- 主题关注点: 内容集中在 ksroski, pinkgateway, rat, exploit, ksroskis 等核心主题上。
📝 描述与内容策略
作者将该频道定位为表达主观观点的平台:
“All Stuff Shared Here is for educational purpose.
We are not resposible for any activity of a user with the posts and content here.”
凭借高频更新(最新数据采集于 11 七月, 2026),频道始终保持新鲜度与高覆盖。分析显示受众积极互动,使其成为 技术与应用 类别中的关键影响点。
14 967
订阅者
-224 小时
-177 天
-3430 天
帖子存档
14 967
featured articles
EN
https://flare.io/learn/resources/blog/falkonc2
https://www.brinztech.com/breach-alerts/brinztech-alert-falkonc2-rat-rotemelli-dark-web-sale-0-day-evasion/
https://meterpreter.org/falkonc2-malware-analysis/
https://thehackernews.com/2026/06/threatsday-bulletin-ai-agents-gone.html#trusted-tools-abused
https://x.com/akaclandestine/status/2055791042147041552
https://x.com/DarkWebInformer/status/2060892709200564357
RU
https://www.securitylab.ru/news/573464.php
https://techora.ru/news/flare-obnaruzhila-freymvork-falkonc2-dlya-skrytogo-2026-06-07
SK
https://slovakia.news-pravda.com/eu/2026/06/07/326983.html
14 967
Rotemelli1 ports and database will be deleted at Midnight as we are permanently discontinuing Rotemelli1
Backup your infected systems
We are not back on telegram. This is just a friendly reminder for members not in the Simpex Channel who do not get the notifications you can use the new private updates channel
https://t.me/+RJy7lXtqEp9jZDA5
the simplex channel has been deleted. contacts are intact
14 967
BACKUP GROUPS
Join this group on Signal (BACKUP)
Group (no one can write):
https://signal.group/#CjQKIIbG83sBIkXMU4QWAMXgqAkENQtP7vdZLzpHXnvBsxYqEhC-v8VlmuDqQ3Foxa4P7J-Q
Group chat (everyone can write):
https://signal.group/#CjQKIPELc6muMGOx_BYmG4nJpXb_EsfFJiisHDIbpC0kKTqPEhDWjriIfVk885H9cvjR6XkG
SimpleX
Channel: https://smp8.simplex.im/c#YUmfZ_Wn2ZvCRpz06OSRU3v3wpm716UqVyloApJo8p8
Group: https://smp14.simplex.im/g#lwI_J0zBlcqtsRNz9JPirSatTGVpajgSi2xbkG5Y708
Telegram
ViperZCrew Pentesting Channel:
https://t.me/+ZcWpNaZALkIxYjUy
ViperZCrew Diskussion Group:
https://t.me/+gSMG53xUb7NmMmNi
14 967
Repost from falkonC2: old version
FALSE COMPROMISE NOTICE
users brought to our attention today there was a misleading message posted to our channel days ago
'Falkonc2 has been compromised. contact for negotiation'
first of all we never saw any such message because the attacker probably deleted the message so we had no idea such a thing had happened until a user brought to our attention today because we were working on a new morpher and did not notice that activity
this is not the first time we have experienced this with telegram so its not as surprising because telegram used to manually disable our channels of communication when we used to publish public poc and works and we moved to private groups and attacker somehow got access to the group and posted a misleading message and an ad
most people or attackers have known us to reject posting ads in any channel associated with us and we recently received a message from couple of apts and loaders asking for ads placement but we refused and someone probably had to use a telegram 0day or access to our backup account to post such misleading message
as of this writing we are fed up and leaving telegram completely for these numerous errors and unapproved access
our updates and private channel has been moved to simplex
link below. goodbye
https://smp12.simplex.im/c#qWGsadvrIodXHMDrDPra2_S0QX-UtrIsQFWWEEeQG24
ANY OTHER MESSAGE SENT AFTER THIS MESSAGE IS FAKE AND NOT FROM US
14 967
Repost from falkonC2: old version
Extra Security Additions
[!] Windows agent will use a unified tor proxy routing feature for communications to remove traces of operation to affiliate system completely
[!] Javascript and CSS will be removed completely from the clearnet and tor cdn to improve load time and speed
[!] Affiliate logon to the windows agent will now require a compulsory 4 digit decryption pin for all systems and communication to the central c2 server to add an extra layer of security which prevents account takeover through KeyID file
[!] PGP key encryption will be compulsory for all windows agent downloads to prevent account takeovers and binary exposure
falkonC2 Comms.
14 967
Repost from falkonC2: old version
Additions in falkonC2 v3 Cherenkov
Signed stubs with legitimate certificates
Quickbooks company data and backup file extractor
Privilege escalation to SYSTEM/NTAUTHORITY
DNSFORGE banking and crypto addon
Morpher for Microsoft Endpoint and Security
1 SURPRISE FEATURE
Coming this July
falkonC2 Comms.
14 967
BreachForums CDN Torrent (905GB)
Link: https://www.vanish.so/n/IeEWsGkCIt
Password:
hackerassemble14 967
CyberSudo Course: LeakHunt
What you will learn:
✅ Real-life Practical OSINT investigation
✅ Setting up a Secure Environment
✅ Find & Download Leaked Databases
✅ Multiple Methods to Hunt Databases
✅ Reveal Covert Email Addresses
✅ Find Phone Numbers of ANY Person
✅ Find Home Addresses of ANY Person
✅ Password Hash Cracking
✅ Download + Search Computer Info
✅ Download Databases Automatically
✅ Write Professional OSINT Reports
🔗 Download : https://t.me/c/3313734094/3758
14 967
Repost from falkonC2: old version
falkonC2 DNSFORGE feature to replace legitimate banking and crypto websites with a scampage or sniffer whilst domain and ssl certificate remains unchanged
Currently works on all Google Chrome versions
Coming this July
falkonC2 Comms.
14 967
Repost from falkonC2: old version
We received reports about lost requests and messages with the qTox support service
For this reason qTox communication has been discontinued permanently
Use the alternative below which is has been vetted as stable and secure
falkonC2 SimpleX Support (simplex.chat/downloads/)
https://smp10.simplex.im/a#jEhRodC0hqitonn7HEdgEVSLvevnR7FDk9OGkl2J4A8
falkonC2 Comms.
14 967
Repost from ☘️ { 𝔖𝔠𝔞𝔯𝔩𝔢𝔱𝔱𝔞'𝔰 𝔏𝔬𝔲𝔫𝔤𝔢 } ☘️
🖥 The life of a malware developer who doesn't give a damn about OPSEC
+ his files, c2, panel etc.
Read now : https://t.me/c/3313734094/3324
Can't access ? Join now:
https://t.me/+ZcWpNaZALkIxYjUy
14 967
Repost from falkonC2: old version
FalkonC2 Rotemelli2 Slots Sold Out
What to expect in the next upcoming updates
'Big surprise for initial access brokers'
'Big surprise for spammers and cc brokers'
'Big surprise for Sophos and TrendMicro'
Cheers to successful work and enjoy the rest of the week
Contact Support - @falkonc2
14 967
Repost from falkonC2: old version
DEMO 284
System - Windows 11 Enterprise
Endpoint - Microsoft Defender
MOE - ScreenConnect by ConnectWise
Exploit - AV Bypass + Silent
Module - BSOD Screen Disrupter For VNC/HVNC Agents
Privilege Level - NT AUTHORITY\SYSTEM
Location - Australia OCEANIA
Contact Support - @falkonc2
14 967
Repost from falkonC2: old version
Update 2905:MAY is now available on the CDN
Direct windows privilege escalation 0day exploit without dependencies or dlls was bound to be added to the update but it arrived late and we had to strip down the exploit size to favor our size limit which is why we did not add that exploit to current update
There are negotiations ongoing with various vendors and insiders to activate directly signed signatures for all builds possibly in the next upcoming update which will remove the need for dll side loading completely
Rotemelli1 was discontinued because there are very much expensive exploits and updates lined up and Rotemelli1 level of subscription would put both our work ethic and planned exploits in the future at huge risk and most requests were to upgrade to Rotemelli2 so there was no need to keep Rotemelli1 slots.
We already added native infostealer and quickbooks specific customer data exfiltrator to the next update with development currently underway there is also a feature underway which will proxy cookies directly to system and combat the new chrome session cookie update. Enjoy the rest of the week
Contact Support - @falkonc2
14 967
Repost from ViperZCrew [ARCHIVE] [2025.2]
+1
PHISH ALERT: Built to Bypass — The Same Kit. Different Victims. Every Time
Device code phishing is no longer just a targeted technique attackers have figured out how to scale it to mass campaigns. Currently, KnowBe4 ThreatLabs is tracking a highly sophisticated campaign that impersonates SharePoint and DocuSign document-sharing workflows to trick victims into handing over account control via compromised websites.
What makes this campaign particularly dangerous is its multi-layered evasion matrix, specifically engineered to trick both automated security filters and human eyes.
The Hook - Victims receive personalized document-sharing notifications spoofing trusted internal tools. These emails use the recipient's name and plausible file names to mimic legitimate platform alerts and establish credibility.
The Attack Chain:
Content Stuffing - Attackers embed invisible newsletters in email bodies using White-on-White text to deceive security scanners. This content flooding dilutes phishing signals with legitimate vocabulary, bypassing ML-based classifiers into assigning safe spam scores.
Per-Recipient Token Randomization - Each campaign email uses a unique cryptographic token in redirect URLs to bypass hash-based filters by appearing original. This randomization simultaneously verifies active targets for the attacker upon clicking.
The Dynamic Bait: The visible email body perfectly mimics DocuSign or SharePoint templates, but with a twist the kit dynamically injects the recipient's organization name into the file name (e.g., [orgname]-Agreement2026.pdf) and randomizes the subject lines. It's the exact same kit, but results in zero identical emails, completely breaking signature-based detection.
Redirect Chain:
flosync[.]io (click tracker + victim fingerprint) → cofraviles[.]com//cgi-bin/waggers (credential harvest)
IOCs to Monitor and Block:
fc263848[.]link[.]flosync[.]io
f70abfd6[.]map[.]travelicious[.]com[.]pk
fatel97407-okcpress-com-s-account[.]workers[.]dev
authsign-verifyemail[.]workers[.]dev
axiscaremn[.]com/439fh92/
polisradio[.]net/wp-admin/wagger
ketoannhs[.]com/wp-admin/rese/
cofraviles[.]com//cgi-bin/waggers
gs-stellaalpina[.]com/wp-admin/arinola/
pohana[.]de/wp-admin/herc
#ThreatIntel #Phishing #OAuth #DeviceCodePhishing #M365 #IoCs #infosec #CyberSecurity #knowbe4
14 967
Repost from falkonC2: old version
DEMO 284
System - Windows 11 Enterprise
Endpoint - Microsoft Defender
MOE - ScreenConnect by ConnectWise
Exploit - AV Bypass + Silent
Location - Australia OCEANIA
Contact Support - @falkonc2
14 967
Repost from falkonC2: old version
FalkonC2 Private Windows RAT
Update 2905:MAY
• Enabled automatic agent update
• Enabled rmm loader nohost mechanism (no need to host your rmm stub again)
• Enabled screenconnect, datto, simplehelp rmm options with direct windows defender detection bypass even when name is changed
• Enabled windows defender detection bypass for lumma,vidar,remcos and other hvnc clients
• Rebuilt the agent to a retro style design with visual improvements
• Reduced stub memory usage to less than 5mb
• Rebuilt the windows stub assembler
• Fixed major issues with stub status updator and control server
• Reduced infections update time to 500ms
• Rewrote and activated the native bsod agent for kernel ring0 system crash and usermode vnc screen disrupter
• Fixed bug with resident loader failing to report past firewall
• Cleansed various av and edr morphers
Opened slots temporarily for urgent workers with a reputation and proof of previous works
Rotemelli1 will be discontinued July 1st. Active subscriptions have been extended until June 30th
Contact Support - @falkonc2
