APT

رفتن به کانال در Telegram

This channel discusses: — Offensive Security — RedTeam — Malware Research — OSINT — etc Disclaimer: t.me/APT_Notes/6 Chat Link: t.me/APT_Notes_PublicChat

نمایش بیشتر

روسيا45 631 فناوری و برنامه‌ها8 841...

📈 تحلیل کانال تلگرام APT

کانال APT (@apt_notes) در بخش زبانی انگلیسی بازیگری فعال است. در حال حاضر جامعه شامل 14 658 مشترک است و جایگاه 8 841 را در دسته فناوری و برنامه‌ها و رتبه 45 631 را در منطقه روسيا دارد.

📊 شاخص‌های مخاطب و پویایی

از زمان ایجاد در невідомо، پروژه رشد سریعی داشته و 14 658 مشترک جذب کرده است.

بر اساس آخرین داده‌ها در تاریخ 12 ژوئن, 2026، کانال فعالیت پایداری دارد. در ۳۰ روز گذشته تغییر اعضا برابر 406 و در ۲۴ ساعت گذشته برابر 7 بوده و همچنان دسترسی گسترده‌ای حفظ شده است.

وضعیت تأیید: تأیید نشده
نرخ تعامل (ER): میانگین تعامل مخاطب 49.89% است و در ۲۴ ساعت نخست پس از انتشار، محتوا معمولاً N/A% واکنش نسبت به کل مشترکان کسب می‌کند.
دسترسی پست‌ها: هر پست به طور میانگین 7 313 بازدید دریافت می‌کند. در اولین روز معمولاً 0 بازدید جمع‌آوری می‌شود.
واکنش‌ها و تعامل: مخاطبان به‌طور فعال حمایت می‌کنند؛ میانگین واکنش به هر پست 20 است.

📝 توضیح و سیاست محتوایی

نویسنده این فضا را محل بیان دیدگاه‌های شخصی توصیف می‌کند:
“This channel discusses: — Offensive Security — RedTeam — Malware Research — OSINT — etc Disclaimer: t.me/APT_Notes/6 Chat Link: t.me/APT_Notes_PublicChat”

به لطف به‌روزرسانی‌های پرتکرار (آخرین داده در تاریخ 13 ژوئن, 2026)، کانال همواره به‌روز و دارای دسترسی بالاست. تحلیل‌ها نشان می‌دهد مخاطبان به‌طور فعال با محتوا تعامل دارند و آن را به نقطه اثرگذاری مهم در دسته فناوری و برنامه‌ها تبدیل کرده‌اند.

14 658

مشترکین

+724 ساعت

+1007 روز

+40630 روز

7 313

نمایش های پست

اطلاعاتی وجود ندارد24 ساعت

اطلاعاتی وجود ندارد48 ساعت

49.89%

نرخ مشارکت

اطلاعاتی وجود ندارد

پست های در روز

Ads index

beta

آرشیو پست ها

14 668

S4fuckMe2selfAndUAndU2proxy — A low dive into Kerberos delegations If you still do not understand the intricacies of Kebreros delegation, you should read this article. This article covers details unconstrained delegation, constrained delegation, and resource-based constrained delegation, as well as recon and abuse techniques. https://luemmelsec.github.io/S4fuckMe2selfAndUAndU2proxy-A-low-dive-into-Kerberos-delegations/ #ad #kerberos #delegations #article

14 668

⚙️ No-Fix LPE Using KrbRelay with Shadow Credentials This article will explain how to separate the shadow credential method that KrbRelayUp uses into multiple different steps, giving you a bit more control regarding how each piece executes. For example, we can reflectively load some pieces, and execute others normally https://icyguider.github.io/2022/05/19/NoFix-LPE-Using-KrbRelay-With-Shadow-Credentials.html #ad #privesc #kerberos #relay

14 668

🥇 We are winner On May 18 and 19, The Standoff was held conjunction with the forum on practical information security Positive Hack Days. Hackers found vulnerabilities in corporate and industrial IT infrastructures, and cybersecurity specialists gained experience in preventing unacceptable events. Thousands of spectators. Unexpected decisions. Unforgettable emotions. Our Codeby team took first place! I want to sincerely thank each member of the team, you are the best. Also many thanks to the organizer of the forum for creating such a large-scale event.

14 668

🛠 API Unhooking with Perun's Fart An article about a new method of avoiding AV/EDR by creating a process in a suspended state and getting a copy of the ntdll from the new process before it is hijacked by AV/EDR. Research: https://dosxuz.gitlab.io/post/perunsfart/ PoC: https://github.com/dosxuz/PerunsFart #av #edr #evasion #api #unhooking #resarch

14 668

DNSHostName Spoofing combined with KrbRelayUp Domain user to domain admin without the requirement for adding/owning previously a computer account. Step-by-step write-up of the attack in a pure Windows environment. https://gist.github.com/tothi/f89a37127f2233352d74eef6c748ca25 #ad #adcs #privesc #ldap #relay #redteam

14 668

🔍 LDAP Search Reference A detailed reference for using ldapsearch for RedTeam operations. https://malicious.link/post/2022/ldapsearch-reference/ #ad #ldap #ldapsearch #redteam

14 668

🔐 Dumping LSASS with AV Sometimes Antivirus is attackers' best friend. Here is how you can use Avast AV to dump lsass memory Commands:

.\AvDump.exe --pid 704 --exception_ptr 0 --thread_id 0 --dump_level 1 --dump_file lsass.dmp

To bypass Microsoft Defender, remember to rename the AvDump.exe file. Also, don't use the name lsass.dmp (see screenshot). There's also Metasploit post exploitation module for this under

post/windows/gather/avast_memory_dump

AvDump.exe is located at C:\Program Files\Avast Software\Avast. You can also download AvDump.exe from this link. VirusTotal Details: https://www.virustotal.com/gui/file/52a57aca1d96aee6456d484a2e8459681f6a7a159dc31f62b38942884464f57b/details #ad #evasion #lsass #dump #avast #redteam

14 668

Repost from 1N73LL1G3NC3

Exploiting RBCD Using a Normal User Account* https://www.tiraniddo.dev/2022/05/exploiting-rbcd-using-normal-user.html

14 668

BloodHound via Proxychains For BloodHound.py ingestor to work through proxychains you need to use TCP instead of UDP for DNS queries by adding the --dns-tcp flag. #ad #bloodhound #proxy #tricks

14 668

💉 From Process Injection to Function Hijacking This post about FunctionHijacking, a "new" process injection technique built upon Module/Function Stomping, along with experiments to break behavioral based detection of other common process injection techniques. https://klezvirus.github.io/RedTeaming/AV_Evasion/FromInjectionToHijacking/ #av #evasion #maldev #redteam #research

14 668

📜 Abuse AD CS via dNSHostName Spoofing This blog covers the technical details of CVE-2022-26923. Active Directory Domain Services Elevation of Privilege Vulnerability via AD CS dNSHostName Spoofing. https://research.ifcr.dk/certifried-active-directory-domain-privilege-escalation-cve-2022-26923-9e098fe298f4 #ad #adcs #privesc #redteam

14 668

🛠️ Cobalt Strike and BloodHound Integration PyCobaltHound is an Aggressor script, an extension to CobaltStrike that allows you to integrate with BloodHound so that you can request and receive reports from the same interface. Features: — Automatically querying the BloodHound database to discover escalation paths opened up by newly collected credentials. — Automatically marking compromised users and computers as owned. — Allowing operators to quickly and easily investigate the escalation potential of beacon sessions and users. https://github.com/NVISOsecurity/pyCobaltHound #cobaltstrike #bloodhound #redteam

14 668

🛡️Defending the Three Headed Relay This blog discusses possible attack paths and various protections associated with Kerberos Relay activity. https://jsecurity101.medium.com/defending-the-three-headed-relay-17e1d6b6a339 #ad #kerberos #relay #mitigation #blueteam

14 668

Repost from SHADOW:Group

🧨 RCE в BIG-IP iControl REST (CVE-2022-1388) Эта уязвимость может позволить неаутентифицированному злоумышленнику с сетевым доступом к системе BIG-IP выполнять произвольные системные команды, создавать или удалять файлы или отключать службы (CVE-2022-1388) Дорк для Shodan: http.title:"BIG-IP®-+Redirect" +"Server" PoC представлен на изображении ниже или по ссылке. Ссылка на PoC #web #cve #rce

14 668

⏱ Scheduled Task Tampering In this post we will explore two approaches that can be used to achieve the same result: create or modify a scheduled task and execute it, without generating the relevant telemetry. First, we will explore how direct registry manipulation could be used to create or modify tasks and how this did not generate the usual entries in the eventlog. Finally, an alternative route based on tampering with the Task Scheduler ETW will be presented that will completely suppress most of logging related to the Task Scheduler. https://labs.f-secure.com/blog/scheduled-task-tampering/ #windows #schedule #task #redteam #blueteam

14 668

📒 Enabling ADCS Audit Auditing is not enabled by default in AD CS. For some mysterious reason, Microsoft has decided to not enable AD CS auditing OOB. To find the issue, run this command on every one of your CAs:

certutil -getreg CA\AuditFilter

To enable all auditing, do this:

certutil –setreg CA\AuditFilter 127
net stop certsvc
net start certsvc

You'll also need to enable the Certificate Service advanced auditing subcategories in a GPO linked to the OU containing your CA host objects (Figure 1). Lastly, enforce the advanced auditing subcategories! All of your previous work will be for naught if you don't enforce (Figure 2). #adcs #audit #recommendations #blueteam

14 668

SharpHound Cheat Sheet https://github.com/SadProcessor/HandsOnBloodHound/blob/master/BH21/BH4_SharpHound_Cheat_Dark.pdf #sharphound #bloodhound #cheatsheet

14 668

NTLMRelay2Self over HTTP Just a walkthrough of how to escalate privileges locally by forcing the system you landed initial access on to reflectively authenticate over HTTP to itself and forward the received connection to an HTTP listener (ntlmrelayx) configured to relay to DC servers over LDAP/LDAPs for either setting shadow credentials or configuring RBCD. https://github.com/med0x2e/NTLMRelay2Self #ad #ntlm #relay #rbcd #redteam

14 668

Repost from r0 Crew (Channel)

Convert curl commands to Python, JavaScript, PHP, R, Go, Rust, Elixir, Java, MATLAB, Dart, CFML, Ansible URI, Strest or JSON Web (Live Demo): https://curlconverter.com/ Project: https://github.com/curlconverter/curlconverter #tool #converter #curl #darw1n

14 668

KrbRelay with RBCD Privilege Escalation The short step-by-step writeup about how to do the LPE with KrbRelay + RBCD on a domain-joined machine using KrbRelay + Rubeus: https://gist.github.com/tothi/bf6c59d6de5d0c9710f23dae5750c4b9 #ad #kerberos #relay #rbcd #redteam