APT

رفتن به کانال در Telegram

This channel discusses: — Offensive Security — RedTeam — Malware Research — OSINT — etc Disclaimer: t.me/APT_Notes/6 Chat Link: t.me/APT_Notes_PublicChat

نمایش بیشتر

روسيا45 631 فناوری و برنامه‌ها8 841...

📈 تحلیل کانال تلگرام APT

کانال APT (@apt_notes) در بخش زبانی انگلیسی بازیگری فعال است. در حال حاضر جامعه شامل 14 674 مشترک است و جایگاه 8 841 را در دسته فناوری و برنامه‌ها و رتبه 45 631 را در منطقه روسيا دارد.

📊 شاخص‌های مخاطب و پویایی

از زمان ایجاد در невідомо، پروژه رشد سریعی داشته و 14 674 مشترک جذب کرده است.

بر اساس آخرین داده‌ها در تاریخ 12 ژوئن, 2026، کانال فعالیت پایداری دارد. در ۳۰ روز گذشته تغییر اعضا برابر 406 و در ۲۴ ساعت گذشته برابر 7 بوده و همچنان دسترسی گسترده‌ای حفظ شده است.

وضعیت تأیید: تأیید نشده
نرخ تعامل (ER): میانگین تعامل مخاطب 49.89% است و در ۲۴ ساعت نخست پس از انتشار، محتوا معمولاً N/A% واکنش نسبت به کل مشترکان کسب می‌کند.
دسترسی پست‌ها: هر پست به طور میانگین 7 313 بازدید دریافت می‌کند. در اولین روز معمولاً 0 بازدید جمع‌آوری می‌شود.
واکنش‌ها و تعامل: مخاطبان به‌طور فعال حمایت می‌کنند؛ میانگین واکنش به هر پست 20 است.

📝 توضیح و سیاست محتوایی

نویسنده این فضا را محل بیان دیدگاه‌های شخصی توصیف می‌کند:
“This channel discusses: — Offensive Security — RedTeam — Malware Research — OSINT — etc Disclaimer: t.me/APT_Notes/6 Chat Link: t.me/APT_Notes_PublicChat”

به لطف به‌روزرسانی‌های پرتکرار (آخرین داده در تاریخ 13 ژوئن, 2026)، کانال همواره به‌روز و دارای دسترسی بالاست. تحلیل‌ها نشان می‌دهد مخاطبان به‌طور فعال با محتوا تعامل دارند و آن را به نقطه اثرگذاری مهم در دسته فناوری و برنامه‌ها تبدیل کرده‌اند.

14 674

مشترکین

+724 ساعت

+1007 روز

+40630 روز

7 313

نمایش های پست

اطلاعاتی وجود ندارد24 ساعت

اطلاعاتی وجود ندارد48 ساعت

49.89%

نرخ مشارکت

اطلاعاتی وجود ندارد

پست های در روز

Ads index

beta

آرشیو پست ها

14 675

Early Bird Catches the Wormhole: Observations from the StellarParticle Campaign StellarParticle, an adversary campaign associated with COZY BEAR, was active throughout 2021 leveraging novel tactics and techniques in supply chain attacks observed by CrowdStrike incident responders https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/ #threatintel #dfir #blueteam #malware

14 675

Windows Win32k — Local Privilege Escalation (CVE-2022-21882) https://github.com/KaLendsi/CVE-2022-21882 #windows #lpe #cve

14 675

FunctionStomping This is a brand-new technique for shellcode injection to evade AVs and EDRs. This technique is inspired by Module Stomping and has some similarities.The big advantage of this technique is that it isn't overwritting an entire module or PE, just one function and the target process can still use any other function from the target module. https://github.com/Idov31/FunctionStomping #edr #evasion #stomping #maldev #cpp

14 675

SMBeagle This is fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. https://github.com/punk-security/SMBeagle #ad #share #enum #tools

14 675

List of Vulnerable Functions for Different Languages This list contains signatures for potentially vulnerable functions for numerous languages in a format suitable for use. https://rules.sonarsource.com/ https://github.com/wireghoul/graudit #appsec #vulnerable #function #source

14 675

Cobalt Strike, a Defender’s Guide In this research, exposes adversarial Tactics, Techniques and Procedures (TTPs) as well as the tools use to execute mission objectives. In most of cases, the threat actors utilizing Cobalt Strike. Therefore, defenders should know how to detect Cobalt Strike in various stages of its execution. The primary purpose of this articles is to expose the most common techniques from the intrusions track and provide detections. Having said that, not all of Cobalt Strike’s features will be discussed. # https://thedfirreport.com/2021/08/29/cobalt-strike-a-defenders-guide/ # https://thedfirreport.com/2022/01/24/cobalt-strike-a-defenders-guide-part-2/ #cobaltstrike #research #blueteam

14 675

PwnKit: Local Privilege Escalation Vulnerability in Polkit’s Pkexec (CVE-2021-4034) The Qualys Research Team has discovered a memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration. Research: https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034 PoC: https://github.com/arthepsy/CVE-2021-4034 Exploit: https://github.com/berdav/CVE-2021-4034 #linux #lpe #polkit #cve

14 675

Linux Root PrivEsc and Escaping Containers (CVE-2022-0185) Research: https://www.willsroot.io/2022/01/cve-2022-0185.html Exploit: https://github.com/Crusaders-of-Rust/CVE-2022-0185 #linux #kernel #lpe #escape #container #0day

14 675

SonicWall SMA-100 Unauth RCE Bad Blood is an exploit for CVE-2021-20038, a stack-based buffer overflow in the httpd binary of SMA-100 series systems using firmware versions 10.2.1.x. The exploit, as written, will open up a telnet bind shell on port 1270. An attacker that connects to the shell will achieve execution as nobody. Research: https://attackerkb.com/topics/QyXRC1wbvC/cve-2021-20038/rapid7-analysis Exploit: https://github.com/jbaines-r7/badblood #sonicwall #exploit #rce #cve

14 675

RefleXXion RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array. https://github.com/hlldz/RefleXXion #edr #evasion #cpp #redteam

14 675

Create a Hidden Account in Windows A tool for creating hidden accounts using the registry. In addition to adding hidden accounts, the tool also adds functions to check hidden accounts and delete hidden accounts, so that both the red team and the blue team can use this tool. https://github.com/wgpsec/CreateHiddenAccount #ad #windows #hidden #account

14 675

CRLF OneLiner A simple Bash one liner with aim to automate CRLF vulnerability scanning. This is an extremely helpful and practical One liner for Bug Hunters, which helps you find CRLF missconfiguration in every possible method. Simply replace the links in subdomains.txt with the URL you want to target. This will help you scan for CRLF vulnerability without the need of an external tool. What you have to do is to copy-and-paste the commands into your terminal and finger crossed for any possible CRLF. Bash OneLiner:

input='CRLF-one-liner/subdomains.txt';while IFS= read -r targets; do cat CRLF-one-liner/crlf_payloads.txt |xargs -I % sh -c "curl -vs --max-time 9 $targets/% 2>&1 |grep -q '< Set-Cookie: ?crlf'&& echo $targets '[+] is vulnerable with payload: '%>>crlf_results.txt||echo '[-] Not vulnerable: '$targets";done<$input

crlf_payloads.txt: https://raw.githubusercontent.com/kleiton0x00/CRLF-one-liner/master/crlf_payloads.txt #crlf #bash #oneliner #bugbounty

14 675

Log4j — WAF and Patches Bypass Tricks https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words #log4j #waf #bypass #bugbounty

14 675

Anti-Spam Bypass A script that helps you understand why your E-Mail ended up in Spam https://github.com/mgeeky/decode-spam-headers #phishing #anispam #bypass

14 675

Custom Previews For Malicious Attachments A phishing technique that allows attackers to create fake previews for their malicious attachment with Google Mail. https://mrd0x.com/phishing-google-users-by-spoofing-previews/ #phishing #gmail #attachments

14 675

Finding Sensitive Files for BugBounty —

/proc/self/cwd/index.php

—

/proc/self/cwd/main.py

—

/etc/motd

—

/proc/net/udp

—

/proc/net/arp

—

/proc/self/environ

—

/var/run/secrets/kubernetes.io/serviceaccount

—

/proc/cmdline

—

/proc/mounts

—

/etc/motd

—

/etc/mysql/my.cnf

—

/proc/sched_debug

—

/home/ user/.bash_history

—

/home/user/.ssh/id_rsa

#sensitive #files #bugbounty #bugbountytips

14 675

aesKrbKeyGen Script to calculate Active Directory Kerberos keys (AES256 and AES128) for an account, using its plaintext password. Either of the resulting keys can be utilized with Impacket's getTGT.py to obtain a TGT for the account, provided it is configured to support AES encryption. https://github.com/Tw1sm/AesKrbKeyGen #ad #kerbeos #tgt #tools

14 675

Process Ghosting This article describes a new executable image tampering attack similar to, but distinct from, Doppelgänging and Herpaderping. With this technique, an attacker can write a piece of malware to disk in such a way that it’s difficult to scan or delete it — and where it then executes the deleted malware as though it were a regular file on disk. This technique does not involve code injection, process hollowing, or Transactional NTFS (TxF). Research: https://www.elastic.co/blog/process-ghosting-a-new-executable-image-tampering-attack C# Code Snippet: https://github.com/Wra7h/SharpGhosting #edr #evasion #process #ghosting #csharp

14 675

Adding DCSync Permissions from Linux https://www.n00py.io/2022/01/adding-dcsync-permissions-from-linux/ #ad #dcsync #linux

14 675

LDAP Relay Scan A tool to check Domain Controllers for LDAP server protections regarding the relay of NTLM authentication. https://github.com/zyn3rgy/LdapRelayScan #ad #ldap #scan #tools