en
Feedback
APT

APT

Open in Telegram

This channel discusses: — Offensive Security — RedTeam — Malware Research — OSINT — etc Disclaimer: t.me/APT_Notes/6 Chat Link: t.me/APT_Notes_PublicChat

Show more
Russia45 152Technologies & Applications8 793

📈 Analytical overview of Telegram channel APT

Channel APT (@apt_notes) in the English language segment is an active participant. Currently, the community unites 14 795 subscribers, ranking 8 793 in the Technologies & Applications category and 45 152 in the Russia region.

📊 Audience metrics and dynamics

Since its creation on невідомо, the project has demonstrated rapid growth, gathering an audience of 14 795 subscribers.

According to the latest data from 19 June, 2026, the channel demonstrates stable activity. Although there has been a change in the number of participants by 459 over the last 30 days and by 22 over the last 24 hours, overall reach remains high.

  • Verification status: Not verified
  • Engagement rate (ER): The average audience engagement rate is 55.97%. Within the first 24 hours after publication, content typically collects N/A% reactions from the total number of subscribers.
  • Post reach: On average, each post receives 8 276 views. Within the first day, a publication typically gains 0 views.
  • Reactions and interaction: The audience actively supports content: the average number of reactions per post is 20.

📝 Description and content policy

The author describes the resource as a platform for expressing subjective opinions:
This channel discusses: — Offensive Security — RedTeam — Malware Research — OSINT — etc Disclaimer: t.me/APT_Notes/6 Chat Link: t.me/APT_Notes_PublicChat

Thanks to the high frequency of updates (latest data received on 20 June, 2026), the channel maintains relevance and a high level of publication reach. Analytics show that the audience actively interacts with content, making it an important point of influence in the Technologies & Applications category.

14 795
Subscribers
+2224 hours
+1297 days
+45930 days
Posts Archive
APT
APT
14 795
⚙️ Wazuh — Unsafe Deserialization RCE (CVE-2025-24016) An unsafe deserialization vulnerability in Wazuh servers allows remote
⚙️ Wazuh — Unsafe Deserialization RCE (CVE-2025-24016) An unsafe deserialization vulnerability in Wazuh servers allows remote code execution through unsanitized dictionary injection in DAPI requests/responses. If an attacker injects an unsanitized dictionary into a DAPI request or response, they can craft an unhandled exception, allowing arbitrary Python code execution. 🔗 Source: https://github.com/0xjessie21/CVE-2025-24016 #wazuh #deserialization #rce #cve

APT
APT
14 795
🛠 PsExeSVC - Remote Execution via Python PsExeSVC is a Python-based tool that interacts with the PsExec service to execute r
🛠 PsExeSVC - Remote Execution via Python PsExeSVC is a Python-based tool that interacts with the PsExec service to execute remote commands without relying on Windows binaries. It enables privilege escalation, remote shell access, and user authentication via primary tokens, mimicking legitimate PsExec.exe behavior while bypassing security controls like EDR detection. 🔗 Research: https://sensepost.com/blog/2025/psexecing-the-right-way-and-why-zero-trust-is-mandatory/ 🔗 Source: https://github.com/sensepost/susinternals #windows #ad #psexec #edr #bypass

APT
APT
14 795
Repost from RedTeam brazzers
Всем привет! Недавно вышел интересный разбор LPE-уязвимости CVE-2024-12754 через AnyDesk. Разбор подробный, однако без POC. П
Всем привет! Недавно вышел интересный разбор LPE-уязвимости CVE-2024-12754 через AnyDesk. Разбор подробный, однако без POC. Поэтому надо исправлять :) Сам механизм повышения привилегий основывается на возможности контроля целевого файла, который копируется в доступную для чтения низкопривилегированного пользователя директорию. Нам остается лишь заставить AnyDesk, работающий от лица системы, прочитать файл, недоступный нам. Автор в статье использует чтение SAM из Shadow Copy. Разработку, тестирование и отладку я проводил на AnyDesk версии 8.0.10, которую качал отсюда. Вы можете сами попробовать POCнуть эту уязвимость, используя набор инструментов от Google Project Zero. Моя реализация доступна здесь. Она осуществляет чтение произвольного файла, после чего копирует его содержимое на рабочий стол текущему пользователю. Хоть Windows и активно продвигает механизм защиты, именуемый RedirectionTrust, предотвращающий переход по ссылкам, созданными не администраторами, однако эта митигация зачастую не распространяется на службы, которые были разработаны сторонними компаниями. Причина проста: разработчики не знают о ней и забывают применить, отсюда и появляется возможность LPE. Демо можно посмотреть здесь

APT
APT
14 795
🖼 AnyDesk — Local Privilege Escalation (CVE-2024-12754) A vulnerability in AnyDesk allows low-privileged users to perform ar
🖼 AnyDesk — Local Privilege Escalation (CVE-2024-12754) A vulnerability in AnyDesk allows low-privileged users to perform arbitrary file read and copy operations with NT AUTHORITY\SYSTEM privileges. Exploitation is possible by manipulating the background image, creating symbolic links, and leveraging ShadowCopy, granting access to SAM, SYSTEM, and SECURITY files, ultimately leading to privilege escalation to administrator. 🔗 Source: https://mansk1es.gitbook.io/AnyDesk_CVE-2024-12754 #windows #anydesk #lpe #cve

APT
APT
14 795
🔑 Windows BitLocker — Screwed without a Screwdriver A newly discovered vulnerability in BitLocker allows attackers to bypass
🔑 Windows BitLocker — Screwed without a Screwdriver A newly discovered vulnerability in BitLocker allows attackers to bypass encryption without physical access. By exploiting flaws in Windows Boot Manager and TPM interaction, attackers can intercept or extract the BitLocker recovery key during the boot process. This makes encrypted data vulnerable even without direct physical access. 🔗 Presentation: https://media.ccc.de/v/38c3-windows-bitlocker-screwed-without-a-screwdriver 🔗 Research: https://neodyme.io/en/blog/bitlocker_screwed_without_a_screwdriver/#conclusion #windows #bitlocker #bitpixie #tpm

APT
APT
14 795
🖥 Living Off The Tunnels Living Off The Tunnels a.k.a LOTTunnels Project is community driven project to document digital tun
🖥 Living Off The Tunnels Living Off The Tunnels a.k.a LOTTunnels Project is community driven project to document digital tunnels that can be abused by threat actors as well by insiders for data exfiltrations, persistence, shell access etc. 🔗 Source: https://lottunnels.github.io/ #tunnels #persistence #cheatsheet #redteam

APT
APT
14 795
💻 Elevation of Privilege via Network Configuration Operators (CVE-2025-21293) This article discusses a vulnerability in Acti
💻 Elevation of Privilege via Network Configuration Operators (CVE-2025-21293) This article discusses a vulnerability in Active Directory (CVE-2025-21293) related to the Network Configuration Operators group, which has excessive permissions to create subkeys in the registry for DnsCache and NetBT. This allows attackers to leverage Performance Counters to execute code with NT\SYSTEM privileges, potentially leading to privilege escalation. 🔗 Source: https://birkep.github.io/posts/Windows-LPE/ #ad #network #group #lpe #cve

APT
APT
14 795
Repost from Ralf Hacker Channel
Telegram по неизвестной причине удалил канал 1N73LL1G3NC3. Однако автор решил продолжить делиться крутыми штуками и начал канал заново. Делюсь https://t.me/P0x3k_1N73LL1G3NC3

APT
APT
14 795
🔍 Exploring WinRM plugins for lateral movement In this blog, the process of leveraging WinRM plugins to perform lateral movement to other systems is explored. Additionally, the use of the CIM_LogicFile WMI class to bypass certain tricky detections by Microsoft Defender is examined. Finally, all the logic is incorporated into a Cobalt Strike BOF. 🔗 Research: https://falconforce.nl/exploring-winrm-plugins-for-lateral-movement/ 🔗 Source: https://github.com/FalconForceTeam/bof-winrm-plugin-jump #ad #winrm #cobaltstrike #bof #redteam

APT
APT
14 795
Repost from Ralf Hacker Channel
CVE-2024-43468: ConfigMgr/SCCM 2403 Unauth SQLi to RCE PATCHED: Oct 8, 2024 Exploit: https://github.com/synacktiv/CVE-2024-43468 Blog: https://www.synacktiv.com/advisories/microsoft-configuration-manager-configmgr-2403-unauthenticated-sql-injections #git #exploit #ad #rce #sccm #pentest #redteam

APT
APT
14 795
Repost from Ralf Hacker Channel
Эта работа заслуживает внимание! Если кратко, то механизм MS UIA позволяет читать любые текстовые значения на экране, открыва
Эта работа заслуживает внимание! Если кратко, то механизм MS UIA позволяет читать любые текстовые значения на экране, открывать меню, закрывать окна, ну и все такое)) А раз он дает такие возможности, то этим нужно пользоваться... Как пример, PoC от @Michaelzhm: https://github.com/CICADA8-Research/Spyndicapped Не думаю, что на данную технику вообще есть какие-то детекты. Все подробности в блоге. #redteam #pentest #spyware

APT
APT
14 795
🎉 Happy New Year! Дорогие друзья и подписчики канала, Прошедший год был полон увлекательных открытий и новых достижений. Спа
🎉 Happy New Year! Дорогие друзья и подписчики канала, Прошедший год был полон увлекательных открытий и новых достижений. Спасибо, что все это время оставались с нами, делились знаниями, юмором и поддержкой. В новом году желаю нам всем оставаться открытыми друг для друга, ведь самое ценное в нашем сообществе — это люди. Пусть ваши проекты будут изящнее, а сердца — теплее. Не забывайте отдыхать, любить и проводить время с близкими. Счастливого Нового года и до встречи в 2025-м! ❤️✨ ——— Dear friends and subscribers, The past year has been filled with exciting discoveries and new achievements. Thank you for staying with us all this time, sharing knowledge, humor, and support. In the new year, I wish for all of us to remain open to one another, because the most valuable thing in our community is its people. May your projects become more elegant and your hearts grow warmer. Don’t forget to rest, love, and spend time with your loved ones. Happy New Year, and see you in 2025! ❤️✨

APT
APT
14 795
.

APT
APT
14 795
Repost from Offensive Xwitter
😈 [ ap @decoder_it ] M'm glad to release the tool I have been working hard on the last month: #KrbRelayEx A Kerberos relay &
😈 [ ap @decoder_it ] M'm glad to release the tool I have been working hard on the last month: #KrbRelayEx A Kerberos relay & forwarder for MiTM attacks! >Relays Kerberos AP-REQ tickets >Manages multiple SMB consoles >Works on Win& Linux with .NET 8.0 >... GitHub: 🔗 https://github.com/decoder-it/KrbRelayEx 🐥 [ tweet ]

APT
APT
14 795
🎭 Spoofing Call Stacks To Confuse EDRs The article focuses on techniques for call stack spoofing to bypass detection by EDR.
🎭 Spoofing Call Stacks To Confuse EDRs The article focuses on techniques for call stack spoofing to bypass detection by EDR. It explains how to fake call stacks during Windows API interactions to mask malicious activity, such as accessing the lsass process, as legitimate operations. The text details the mechanics of call stacks in the x64 architecture, the use of unwind codes, tools for analysis, and provides a PoC implementation demonstrating call stack spoofing in practice. 🔗 Research: https://labs.withsecure.com/publications/spoofing-call-stacks-to-confuse-edrs 🔗 Source: https://github.com/WithSecureLabs/CallStackSpoofer #edr #evasion #stack #spoofing #lsass

APT
APT
14 795
📜 ADCS Attack Techniques Cheatsheet This is a handy table outlining the various methods of attack against Active Directory Certificate Services (ADCS) 🔗 Source: https://docs.google.com/spreadsheets/d/1E5SDC5cwXWz36rPP_TXhhAvTvqz2RGnMYXieu4ZHx64/edit?gid=0#gid=0 #ad #adcs #esc #cheatsheet

APT
APT
14 795
🔑 PanGPA Extractor Tool to extract username and password of current user from PanGPA in plaintext under Windows. Palo Alto N
🔑 PanGPA Extractor Tool to extract username and password of current user from PanGPA in plaintext under Windows. Palo Alto Networks GlobalProtect client queries the GlobalProtect Service for your username and password everytime you log on or refresh the connection. 🔗 Research: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/ 🔗 Source: https://github.com/t3hbb/PanGP_Extractor #paloalto #globalprotect #credentials #dump

APT
APT
14 795
Repost from Offensive Xwitter
😈 [ Synacktiv @Synacktiv ] Oh, you didn't know? Cool kids are now relaying Kerberos over SMB 😏 Check out our latest blogpost by @hugow_vincent to discover how to perform this attack: 🔗 https://www.synacktiv.com/publications/relaying-kerberos-over-smb-using-krbrelayx 🐥 [ tweet ]

APT
APT
14 795
🛡️ Palo Alto PAN-OS Pre-Auth RCE Chain (CVE-2024-0012 & CVE-2024-9474) A critical vulnerability chain in Palo Alto PAN-OS, c
🛡️ Palo Alto PAN-OS Pre-Auth RCE Chain (CVE-2024-0012 & CVE-2024-9474) A critical vulnerability chain in Palo Alto PAN-OS, combining an authentication bypass (CVE-2024-0012) and a command injection flaw (CVE-2024-9474) in the management web interface, allows unauthenticated attackers to execute arbitrary code with root privileges. 🛠 Affected Versions: — PAN-OS 11.2 (up to and including 11.2.4-h1) — PAN-OS 11.1 (up to and including 11.1.5-h1) — PAN-OS 11.0 (up to and including 11.0.6-h1) — PAN-OS 10.2 (up to and including 10.2.12-h2) 🔗 Research: https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/ 🔗 PoC: https://github.com/watchtowrlabs/palo-alto-panos-cve-2024-0012 🔗 Exploit: https://github.com/Chocapikk/CVE-2024-9474 #paloalto #panos #sslvpn #unauth #rce

APT
APT
14 795
💻 RustiveDump LSASS memory dumper using only NTAPIs, creating a minimal minidump, built in Rust with no_std and independent of the C runtime (CRT). It can be compiled as shellcode (PIC), supports XOR encryption, and remote file transmission. 🚀 Features: — NT System Calls for Everything — No-Std and CRT-Independent — Position Independent Code (PIC) — Indirect NT Syscalls — Lean Memory Dump — XOR Encryption 🔗 Source: https://github.com/safedv/RustiveDump #lsass #indirect #syscall #pic #rust