Available now! Telegram Research 2025 β the year's key insights 
APT
Open in Telegram
This channel discusses: β Offensive Security β RedTeam β Malware Research β OSINT β etc Disclaimer: t.me/APT_Notes/6 Chat Link: t.me/APT_Notes_PublicChat
Show moreπ Analytical overview of Telegram channel APT
Channel APT (@apt_notes) in the English language segment is an active participant. Currently, the community unites 14 712 subscribers, ranking 8 844 in the Technologies & Applications category and 45 464 in the Russia region.
π Audience metrics and dynamics
Since its creation on Π½Π΅Π²ΡΠ΄ΠΎΠΌΠΎ, the project has demonstrated rapid growth, gathering an audience of 14 712 subscribers.
According to the latest data from 14 June, 2026, the channel demonstrates stable activity. Although there has been a change in the number of participants by 432 over the last 30 days and by 26 over the last 24 hours, overall reach remains high.
- Verification status: Not verified
- Engagement rate (ER): The average audience engagement rate is 51.64%. Within the first 24 hours after publication, content typically collects N/A% reactions from the total number of subscribers.
- Post reach: On average, each post receives 7 592 views. Within the first day, a publication typically gains 0 views.
- Reactions and interaction: The audience actively supports content: the average number of reactions per post is 20.
π Description and content policy
The author describes the resource as a platform for expressing subjective opinions:
βThis channel discusses:
β Offensive Security
β RedTeam
β Malware Research
β OSINT
β etc
Disclaimer:
t.me/APT_Notes/6
Chat Link:
t.me/APT_Notes_PublicChatβ
Thanks to the high frequency of updates (latest data received on 15 June, 2026), the channel maintains relevance and a high level of publication reach. Analytics show that the audience actively interacts with content, making it an important point of influence in the Technologies & Applications category.
14 712
Subscribers
+2624 hours
+1137 days
+43230 days
Posts Archive
14 721
Decoding PDF Injection
This article talks about PDF injection from scratch to the execution of XSS and SSRF via PDF injection.
https://medium.com/@urshilaravindran/pdf-injection-in-simple-words-8c399f92593c
#pdf #xss #ssrf #injection
14 721
ADExplorerSnapshot
ADExplorerSnapshot is an AD Explorer snapshot ingestor for BloodHound.
AD Explorer allows you to connect to a DC and browse LDAP data. It can also create snapshots of the server you are currently attached to. This tool allows you to convert those snapshots to BloodHound-compatible JSON files.
https://github.com/c3c/ADExplorerSnapshot.py
#adexplorer #ldap #json #bloodhound
14 721
Apache APISIX Dashboard β Unauthorized RCE (CVE-2021-45232)
Attackers can access certain interfaces without logging in to Apache APISIX Dashboard, thus making unauthorized changes or obtaining relevant configuration information such as Apache APISIX Route, Upstream, Service, etc., and cause problems such as SSRF, malicious traffic proxies built by attackers, and arbitrary code execution.
Shodan Dorks:
title:"Apache APISIX Dashboard"PoC:
curl http://IP:9000/apisix/admin/migrate/exporthttps://apisix.apache.org/blog/2021/12/28/dashboard-cve-2021-45232/ #apache #apisix #cve #poc
14 721
ldap2json β Offline Analysis Tool
The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.
Features:
β Authenticate with password
β Authenticate with LM:NT hashes
β Authenticate with kerberos ticket
β Save ldap content in json format
https://github.com/p0dalirius/ldap2json
#ldap #json #tools #redteam
14 721
GoWard
GoWard proxies HTTP C2 traffic to specified Red Team servers based on the HTTP header of the traffic.
https://github.com/chdav/GoWard
#c2 #proxy #redteam
14 721
PHP LFI with Nginx Assistance
This post presents a new method to exploit local file inclusion (LFI) vulnerabilities in utmost generality, assuming only that PHP is running in combination with Nginx under a common standard configuration.
https://bierbaumer.net/security/php-lfi-with-nginx-assistance/
#lfi #nginx #php
14 721
ADCS: Playing with ESC4
ADCS cert template modification and ACL enumeration
https://www.fortalicesolutions.com/posts/adcs-playing-with-esc4
https://github.com/fortalice/modifyCertTemplate
#adcs #certificates #esc4 #acl
14 721
Executing Code Using Microsoft Teams Updater
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/executing-code-using-microsoft-teams-updater/
#teams #redteam #research
14 721
Π‘aldera β Automated Adversary Emulation Platform
Π‘aldera is a cyber security platform designed to easily automate adversary emulation, assist manual red-teams, and automate incident response.
https://github.com/mitre/caldera
#blueteam #redteam #automated
14 721
DetectionLab
DetectionLab is a repository containing a variety of Packer, Vagrant, Powershell, Ansible, and Terraform scripts that allow you to automate the process of bringing an ActiveDirectory environment online complete with logging and security tooling using a variety of different platforms.
DetectionLab can currently be deployed to the following platforms:
β Virtualbox (Windows, MacOS, Linux)
β VMware Workstation/Fusion (Windows, MacOS, Linux)
β HyperV
β ESXi
β AWS
β Azure
β LibVirt (Not officially supported)
β Proxmox (Not officially supported)
https://detectionlab.network/
#lab #cloud #blueteam #redteam
14 721
MultiPotato
Another Potato to get SYSTEM via SeImpersonate privileges
https://github.com/S3cur3Th1sSh1t/MultiPotato
#windows #lpi #potato #tools
14 721
Arsenal of AWS Security Tools
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
https://github.com/toniblyx/my-arsenal-of-aws-security-tools
#aws #security #benchmarks #blueteam
14 721
A (not so deep) Dive into Grafana CVE-2021-43798
This post will cover some details behind the recent Grafana vulnerability (CVE-2021-43798), which is a directory traversal bug allowing unauthenticated attackers to read files on the target server filesystem. This post will also discuss some real world scenario and attack surface of the Grafana.
https://nusgreyhats.org/posts/writeups/a-not-so-deep-dive-in-to-grafana-cve-2021-43798/
#grafana #lfi #cve
14 721
Windows 10 Hardening
The project started as a simple hardening list for Windows 10. After some time, HardeningKitty was created to simplify the hardening of Windows. Now, HardeningKitty supports guidelines from Microsoft, CIS Benchmarks, DoD STIG and BSI SiSyPHuS Win10
https://github.com/0x6d69636b/windows_hardening/
#blueteam #windows #hardening #benchmarks
14 721
ADCS: Playing with ESC4
Enumeration and abuse of Linux-based ADCS ESC4
Research:
https://www.fortalicesolutions.com/posts/adcs-playing-with-esc4
Source:
https://github.com/fortalice/modifyCertTemplate
#adcs #abuse #pentest #tools
14 721
Docem
A utility to embed XXE and XSS payloads in docx, odt, pptx, etc - any documents that is a zip archive with bunch of xml files inside.
https://github.com/whitel1st/docem
#xxe #xss #doc #file #upload
14 721
Invoke-WinSATBypass
This script will create a mock directory of "
C:\Windows\System32" and copy a legitimate application of Windows (WinSAT.exe) into it.
It will after try to download a DLL called version.dll, which is loaded by default by WinSAT.exe, in order to perform a UAC Bypass by doing some DLL Hijacking.
https://github.com/b4keSn4ke/Invoke-WinSATBypass
#uac #bypass #winsat #tools14 721
#tools
CVE Trends
One cool guy made this tool to monitor CVE trends in twitter. He shared this tool in his russian channel.
https://cvetrends.com/
14 721
mssqlproxy
Toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse. The client requires impacket and sysadmin privileges on the SQL server.
https://github.com/blackarrowsec/mssqlproxy
#mssql #proxy #pentest #tools
14 721
RogueAssemblyHunter
Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.
https://github.com/bohops/RogueAssemblyHunter
#dotnet #blueteam #threadhunting
