APT

Ir al canal en Telegram

This channel discusses: — Offensive Security — RedTeam — Malware Research — OSINT — etc Disclaimer: t.me/APT_Notes/6 Chat Link: t.me/APT_Notes_PublicChat

Rusia45 663 Tecnologías y Aplicaciones8 841...

📈 Análisis del canal de Telegram APT

El canal APT (@apt_notes) en el segmento lingüístico de Inglés es un actor destacado. Actualmente la comunidad reúne a 14 650 suscriptores, ocupando la posición 8 841 en la categoría Tecnologías y Aplicaciones y el puesto 45 663 en la región Rusia.

📊 Métricas de audiencia y dinámica

Desde su creación el невідомо, el proyecto ha mostrado un crecimiento acelerado, reuniendo a 14 650 suscriptores.

Según los últimos datos del 11 junio, 2026, el canal mantiene una actividad estable. En los últimos 30 días la variación de miembros fue de 406, y en las últimas 24 horas de 16, conservando un alto alcance.

Estado de verificación: No verificado
Tasa de interacción (ER): El promedio de interacción de la audiencia es 48.83%. Durante las primeras 24 horas tras publicar, el contenido suele obtener N/A% de reacciones respecto al total de suscriptores.
Alcance de las publicaciones: Cada publicación recibe en promedio 7 154 visualizaciones. En el primer día suele acumular 0 visualizaciones.
Reacciones e interacción: La audiencia responde de forma activa: el promedio de reacciones por publicación es 18.

📝 Descripción y política de contenido

El autor describe el recurso como un espacio para expresar opiniones subjetivas:
“This channel discusses: — Offensive Security — RedTeam — Malware Research — OSINT — etc Disclaimer: t.me/APT_Notes/6 Chat Link: t.me/APT_Notes_PublicChat”

Gracias a la alta frecuencia de actualizaciones (últimos datos recibidos el 12 junio, 2026), el canal mantiene la vigencia y un amplio alcance. La analítica demuestra que la audiencia interactúa activamente con el contenido, lo que lo convierte en un punto de referencia dentro de la categoría Tecnologías y Aplicaciones.

14 650

Suscriptores

+1624 horas

+1087 días

+40630 días

7 154

Visitas de la publicación

Sin datos24 horas

Sin datos48 horas

48.83%

Tasa de compromiso

Sin datos

Mensajes por día

Ads index

beta

Archivo de publicaciones

14 650

Repost from RedTeam brazzers

Всем доброго вторника! Помните, друзья, как круто было, когда вышел KrbRelay , a за ним KrbrelayUp? Казалось, что в тот день эксплуатация AD перевернулась с ног на голову. Или с головы на ноги.... :)) Не суть!) Недавно я выкладывал статью, в которой постарался максимально просто описать процесс ретрансляции керберос аутентификации. Но ещё раньше появились интересные атаки: CertifiedDCOM и SilverPotato . Была лишь одна проблема - нет POCов. А что делают студенты, когда нет POCов? Правильно! Их пишут :)) Поэтому хочу вам с радостью представить тулзу RemoteKrbRelay, которая не просто совмещает в себе и SilverPotato и CertifiedDCOM, а является полноценным фреймворком для обнаружения уязвимых DCOM-обьектов! Я добавил чекер, который выводит абсолютно всю информацию о DCOM-объектах системы в удобно читаемом виде (csv / xlsx). Помимо этого, присутствует встроенный функционал кросс-сессионной активации. Представляете? Есть два компьютера. На одном вы, а на втором ДА. И вы можете со своего компьютера триггерить керберос аутентификацию ДА, абсолютно удаленно!) 🙂 Что ж, отмечу, что это лишь minimal POC и ему ещё есть куда расти :) Например, я пока не допилил функционал по релею керберос аутентификации из OXID Initial Resolution Request (а там вообще-то RPC_C_IMP_LEVEL_IMPERSONATE🤫). Впрочем, я готов принимать PR :))

14 650

Repost from Offensive Xwitter

😈 [ Daniel @0x64616e ] Did you know curl on Windows can authenticate via SSPI? Proxy auth works as well. 🐥 [ tweet ]

14 650

👩‍💻Apache Kafka UI RCE (CVE-2023-52251, CVE-2024-32030) Kafka UI is affected by two remote code execution vulnerabilities. The first vulnerability in the message filtering component leads to execution of arbitrary unsandboxed groovy script. The second vulnerability can be exploited by abusing Kafka UI to connect to a malicious JMX server, which leads to RCE via unsafe deserialization. This is particularly dangerous, as Kafka UI does not have authentication enabled by default. 🔗 Source: https://securitylab.github.com/advisories/GHSL-2023-229_GHSL-2023-230_kafka-ui/ #apache #kafka #ui #rce

14 650

Repost from Offensive Xwitter

😈 [ X-C3LL @TheXC3LL ] You can find my slides for "Offensive VBA" talk here 🔗 https://github.com/X-C3LL/congresos-slides/blob/master/Offensive%20VBA.pdf 🐥 [ tweet ]

14 650

Repost from 1N73LL1G3NC3

LogHunter Opsec tool for finding user sessions by analyzing event log files through RPC (MS-EVEN) Youtube POC

14 650

🔥 VMware vCenter Server RCE + PrivEsc Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol. They could allow a bad actor with network access to vCenter Server to achieve remote code execution by sending a specially crafted network packet. — CVE-2024-37079: A heap-overflow vulnerability in the DCERPC protocol implementation of vCenter Server that allows a malicious actor with network access to send specially crafted packets, potentially leading to remote code execution. (CVSS v3.1 score: 9.8 "critical"); — CVE-2024-37080: Another heap overflow vulnerability in the DCERPC protocol of vCenter Server. Similar to CVE-2024-37079, it allows an attacker with network access to exploit heap overflow by sending crafted packets, potentially resulting in remote code execution. (CVSS v3.1 score: 9.8 "critical"); — CVE-2024-37081: This vulnerability arises from a misconfiguration of sudo in vCenter Server, permitting an authenticated local user to exploit this flaw to elevate their privileges to root on the vCenter Server Appliance. (CVSS v3.1 score: 7.8 "high"). Nuclei Template (PoC): 🔗 https://gist.github.com/tothi/0ff034b254aca527c3a1283ff854592a Nmap Script (PoC): 🔗 https://github.com/nmap/nmap/blob/4b28defac6e3eb8b8eb4704f506949806d784f73/scripts/vmware-version.nse Shodan

product:"VMware vCenter Server"

FOFA

app="vmware-vCenter"

#vmware #vcenter #rce #lpe #cve

14 650

Repost from Just Security

Дедлайн близко 😱 Продолжаем поиск самых выдающихся работ, относящихся к разным стадиям имитации хакерских атак. Браво, всем, кто уже прислал заявки: форма и содержание, креативная подача, мемные иллюстрации и точные метафоры — все это божественно прекрасно. Не зря мы твердим, что пентест самая творческая ИБ-профессия. Гордимся всеми участниками за ум, инициативность и смелость! Не упускайте шанс побороться за звание лучшего этичного хакера, получить призы и потусить с единомышленниками в камерной атмосфере на церемонии награждения. Делитесь своими наработками — https://award.awillix.ru/ #pentestaward

14 650

🌀Voidgate A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encrypted assembly instructions, thus rendering memory scanners useless for that specific memory page. 🔗 Source https://github.com/vxCrypt0r/Voidgate?tab=readme-ov-file #av #edr #evasion #hwbp #cpp

14 650

Repost from Offensive Xwitter

😈 [ Marc-André Moreau @awakecoding ] New blog post! 📰 Mac RDP Client: Kerberos and Protected Users Guide 🍎 Are you trying to harden your Active Directory environment by eliminating NTLM usage, but RDP from Macs stands in the way? Read this! ☀️💻👇 🔗 https://awakecoding.com/posts/mac-rdp-client-kerberos-and-protected-users-guide/ 🐥 [ tweet ]

14 650

Repost from 1N73LL1G3NC3

CVE-2024-28995: High-Severity Directory Traversal Vulnerability affecting SolarWinds Serv-U. SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. POC: https://github.com/rapid7/metasploit-framework/pull/19255 Query:

Hunter: protocol.banner="Serv-U FTP"
FOFA: app="SolarWinds-Serv-U-FTP"
SHODAN: product:"Serv-U ftpd"

14 650

🔑 RdpStrike The project aims to extract clear text passwords from mstsc.exe, and the shellcode uses Hardware Breakpoint to hook APIs. It is a complete positional independent code, and when the shellcode injects into the mstsc.exe process, it is going to put Hardware Breakpoint onto three different APIs, ultimately capturing any clear-text credentials and then saving them to a file. 🔗 Source: https://github.com/0xEr3bus/RdpStrike #rdp #creds #bof #cobaltstrike

14 650

🖥 Assembly for Hackers "Assembly Unleashed: A Hacker's Handbook" is a definitive resource tailored specifically for hackers and security researchers seeking to master the art of assembly programming language. Authored by seasoned practitioners in the field, this book offers a comprehensive journey into the depths of assembly, unraveling its complexities and exposing its potential for exploitation and defense. 🔗 Source: https://redteamrecipe.com/assembly-for-hackers #asm #syscalls #dll #apc #injection #redteam

14 650

🌐 DLHell DLHell is a tool for performing local and remote DCOM Windows DLL proxying. It can intercept DLLs on remote objects to execute arbitrary commands. The tool supports various authentication methods and provides capabilities for local and remote DLL proxying, as well as DCOM DLL proxying. 🔗 Source: https://github.com/synacktiv/DLHell #windows #dll #proxing #dcom

14 650

Repost from Ralf Hacker Channel

CVE-2024-26229: Windows LPE PATCHED: Apr 9, 2024 https://github.com/RalfHacker/CVE-2024-26229-exploit P.S. Чуть поправил оригинальный эксплоит #git #exploit #lpe #pentest #redteam

14 650

🖥 Veeam Enterprise Manager Authentication Bypass May 21st, Veeam published an advisory stating that all the versions BEFORE Veeam Backup Enterprise Manager 12.1.2.172 is affected by an authentication bypass allowing an unauthenticated attacker to bypass the authentication and log in to the Veeam Backup Enterprise Manager web interface as any user. , the CVSS for this vulnerability is 9.8. 🔗 Source: https://summoning.team/blog/veeam-enterprise-manager-cve-2024-29849-auth-bypass/ 🔗 PoC: https://github.com/sinsinology/CVE-2024-29849 #veeam #authentication #bypass #cve

14 650

Repost from Ralf Hacker Channel

CVE-2024-4577: PHP CGI Argument Injection (RCE)

on Windows PHP 8.3 < 8.3.8 PHP 8.2 < 8.2.20 PHP 8.1 < 8.1.29

PoC: https://github.com/watchtowrlabs/CVE-2024-4577 Blog: blog1 & blog2 #exploit #rce

14 650

🔐 Spray Passwords, Avoid Lockouts In this blog post, learn how to effectively use password spraying in Active Directory environments without triggering account lockouts. Dive into authentication mechanisms, password policies, GPO and PSOs. Research 🔗 https://en.hackndo.com/password-spraying-lockout/ Tool 🔗 https://github.com/login-securite/conpass #ad #spraying #passpol

14 650

Repost from Offensive Xwitter

😈 [ V❄️ @vincenzosantuc1 ] In-memory sleeping technique using threads created in suspended state and timers that work with the ResumeThread function in order to adapt SWAPPALA to the Reflective DLL context. 🔗 https://oldboy21.github.io/posts/2024/06/sleaping-issues-swappala-and-reflective-dll-friends-forever/ 🐥 [ tweet ]

14 650

🖥 smbclient-ng Fast and user friendly way to interact with SMB shares. 🔗https://github.com/p0dalirius/smbclient-ng #smb #smbclient #share #windows