fa
Feedback
APT

APT

رفتن به کانال در Telegram

This channel discusses: — Offensive Security — RedTeam — Malware Research — OSINT — etc Disclaimer: t.me/APT_Notes/6 Chat Link: t.me/APT_Notes_PublicChat

نمایش بیشتر
روسيا45 631فناوری و برنامه‌ها8 841

📈 تحلیل کانال تلگرام APT

کانال APT (@apt_notes) در بخش زبانی انگلیسی بازیگری فعال است. در حال حاضر جامعه شامل 14 658 مشترک است و جایگاه 8 841 را در دسته فناوری و برنامه‌ها و رتبه 45 631 را در منطقه روسيا دارد.

📊 شاخص‌های مخاطب و پویایی

از زمان ایجاد در невідомо، پروژه رشد سریعی داشته و 14 658 مشترک جذب کرده است.

بر اساس آخرین داده‌ها در تاریخ 12 ژوئن, 2026، کانال فعالیت پایداری دارد. در ۳۰ روز گذشته تغییر اعضا برابر 406 و در ۲۴ ساعت گذشته برابر 7 بوده و همچنان دسترسی گسترده‌ای حفظ شده است.

  • وضعیت تأیید: تأیید نشده
  • نرخ تعامل (ER): میانگین تعامل مخاطب 49.89% است و در ۲۴ ساعت نخست پس از انتشار، محتوا معمولاً N/A% واکنش نسبت به کل مشترکان کسب می‌کند.
  • دسترسی پست‌ها: هر پست به طور میانگین 7 313 بازدید دریافت می‌کند. در اولین روز معمولاً 0 بازدید جمع‌آوری می‌شود.
  • واکنش‌ها و تعامل: مخاطبان به‌طور فعال حمایت می‌کنند؛ میانگین واکنش به هر پست 20 است.

📝 توضیح و سیاست محتوایی

نویسنده این فضا را محل بیان دیدگاه‌های شخصی توصیف می‌کند:
This channel discusses: — Offensive Security — RedTeam — Malware Research — OSINT — etc Disclaimer: t.me/APT_Notes/6 Chat Link: t.me/APT_Notes_PublicChat

به لطف به‌روزرسانی‌های پرتکرار (آخرین داده در تاریخ 13 ژوئن, 2026)، کانال همواره به‌روز و دارای دسترسی بالاست. تحلیل‌ها نشان می‌دهد مخاطبان به‌طور فعال با محتوا تعامل دارند و آن را به نقطه اثرگذاری مهم در دسته فناوری و برنامه‌ها تبدیل کرده‌اند.

14 658
مشترکین
+724 ساعت
+1007 روز
+40630 روز
آرشیو پست ها
APT
APT
14 668
Wordlists Dictionaries of attack patterns and primitives for black-box application fault injection and resource discovery. https://github.com/fuzzdb-project/fuzzdb https://github.com/Karanxa/Bug-Bounty-Wordlists https://github.com/orwagodfather/WordList https://wordlists.assetnote.io/ #wordlist #fuzzing #bugbounty

APT
APT
14 668
NTLM Relay This article is not meant to be a tutorial to be followed in order to carry out a successful attack, but it will allow the reader to understand in detail the technical details of this attack, its limitations, and can be a basis to start developing his own tools, or understand how current tools work. https://en.hackndo.com/ntlm-relay/ #ad #relay #ntlm #ntlmrelay

APT
APT
14 668
Repost from 1N73LL1G3NC3

APT
APT
14 668
KrbRelayUp Universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the
KrbRelayUp Universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings) https://github.com/Dec0ne/KrbRelayUp #ad #privesc #kerberos #ldap #relay

APT
APT
14 668
Repost from 1N73LL1G3NC3
Windows Event logs Cheat Sheet

APT
APT
14 668
Hashcat Cheat Sheet https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/HashcatCheatSheet.v2018.1b.pdf #hashcat #che

APT
APT
14 668
Abusing LNK "Features" for Initial Access and Persistence https://v3ded.github.io/redteam/abusing-lnk-features-for-initial-access-and-persistence #windows #lnk #persistence #redteam

APT
APT
14 668
Invoke-SocksProxy The reverse proxy creates a tcp tunnel by initiating outbond SSL connections that can go through the system's proxy. The tunnel can then be used as a socks proxy on the remote host to pivot into the local host's network. https://github.com/p3nt4/Invoke-SocksProxy #powershell #socks #proxy #tools

APT
APT
14 668
WSO2 RCE (CVE-2022-29464) Critical vulnerability on WSO2 discovered by Orange Tsai. the vulnerability is an unauthenticated unrestricted arbitrary file upload which which allows unauthenticated attackers to gain RCE on WSO2 servers via uploading malicious JSP files. Google Dorks: 
inurl:"/carbon/admin/login.jsp"
inurl:"/authenticationendpoint/login.do"
inurl:"devportal/apis"
intitle:"API Publisher- Login"
intitle:"WSO2 Management Console"
https://github.com/hakivvi/CVE-2022-29464 #wso2 #rce #exploit

APT
APT
14 668
KernelCallbackTable Injection KernelCallbackTable which could be abused to inject shellcode in a remote process. This method of process injection was used by FinFisher/FinSpy and Lazarus. https://captmeelo.com/redteam/maldev/2022/04/21/kernelcallbacktable-injection.html #edr #bypass #injection #cpp #maldev

APT
APT
14 668
A blueprint for evading industry leading endpoint protection in 2022 In this post, I’d like to lay out a collection of techni
A blueprint for evading industry leading endpoint protection in 2022 In this post, I’d like to lay out a collection of techniques that together can be used to bypassed industry leading enterprise endpoint protection solutions. This is purely for educational purposes for (ethical) red teamers and alike, so I’ve decided not to publicly release the source code. The aim for this post is to be accessible to a wide audience in the security industry, but not to drill down to the nitty gritty details of every technique. Instead, I will refer to writeups of others that deep dive better than I can: https://vanmieghem.io/blueprint-for-evading-edr-in-2022/ #av #edr #evasion #research

APT
APT
14 668
In-Process Patchless AMSI Bypass https://ethicalchaos.dev/2022/04/17/in-process-patchless-amsi-bypass/ #amsi #bypass #av #evasion

APT
APT
14 668
Repost from 1N73LL1G3NC3
CVE-2022-29072 7-Zip 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area (0-day) https://github.com/kagancapar/CVE-2022-29072

APT
APT
14 668
ShadowMove Pivot Technique ShadowMove is a novel technique to hijack sockets from non-cooperative processes. It is described
ShadowMove Pivot Technique ShadowMove is a novel technique to hijack sockets from non-cooperative processes. It is described in the paper ShadowMove: A Stealthy Lateral Movement Strategy presented at USENIX ‘20. This technique takes advantage of the fact that AFD (Ancillary Function Driver) file handles are treated as socket handles by Windows APIs, so it is possible to duplicate them with WSADuplicateSocket(). https://adepts.of0x.cc/shadowmove-hijack-socket/ #shadowmove #hijacking #socket #redteam

APT
APT
14 668
Pass-the-Hash in 1C Enterprise To gain access to 1C Enterprise, you need a username and password. In case 1C works with LDAP
Pass-the-Hash in 1C Enterprise To gain access to 1C Enterprise, you need a username and password. In case 1C works with LDAP authentication and you only have the user's NTLM hash, you can use Rubeus to launch 1C using the Pass-the-Hash attack. Thus, you can access 1C Enterprise without having a password in the plaintext. 
Invoke-Rubeus -Command "asktgt /user:i.ivanov /domain:APTNOTES.LOCAL /rc4:A87F3A337D73085C45F9416BE5787D86 /createnetonly:C:\1cestart.exe /show"
Bonus: If the compromised user has permissions to run "External data processors", you can get a reverse shell of the 1C server. https://github.com/KraudSecurity/1C-Exploit-Kit/tree/master/1C-Shell #1c #pth #rubeus #ad

APT
APT
14 668
Red Teaming Toolkit A collection of open source and commercial tools that aid in red team operations. This post will help you
Red Teaming Toolkit A collection of open source and commercial tools that aid in red team operations. This post will help you during red team engagement. Contents — Reconnaissance — Weaponization — Delivery — Command and Control — Lateral Movement — Establish Foothold — Escalate Privileges — Data Exfiltration — Misc — References https://renatoborbolla.medium.com/red-teaming-adversary-simulation-toolkit-da89b20cb5ea #redteam #toolkit #powershell #c2

APT
APT
14 668
Microsoft Sharepoint RCE (CVE-2022-22005) https://hnd3884.github.io/posts/cve-2022-22005-microsoft-sharepoint-RCE/ #sharepoint #rce #cve #research

APT
APT
14 668
SID filter as security boundary between domains? Microsoft states that "the forest (not the domain) is the security boundary in an Active Directory implementation", meaning that Domain Admins of a child domain is essentially as privileged as Enterprise Admins in a root domain and will have administrative rights in all domains of the forest. Why? We guessed that the default trust between domains inside a forest enables any child domain to trick the root domain to treat child domain users as Enterprise Admins by abusing the SID history (ExtraSids) functionality – this attack/technique is known as "Access Token Manipulation: SID-History Injection" and is explained in a later part of this series. Kerberos authentication explained (Part 1) Known AD attacks - from child to parent (Part 2) SID filtering explained (Part 3) Bypass SID filtering research (Part 4) Golden GMSA trust attack - from child to parent (Part 5) Schema change trust attack - from child to parent (Part 6) Trust account attack - from trusting to trusted (Part 7) #ad #trust #kerberus #research

APT
APT
14 668
Red Team Tips To get rid of Microsoft Defender "behaviour based" amsi detection in case of opening a https C2 channel, it can
Red Team Tips To get rid of Microsoft Defender "behaviour based" amsi detection in case of opening a https C2 channel, it can help, to play with the parameter UserAgent. For example, try a Windows Update User Agent. #redteam #tips #defender #bypass

APT
APT
14 668
Critical Remote Code Execution Vulnerabilities in Windows RPC Runtime (CVE-2022-26809) https://www.akamai.com/blog/security/c
Critical Remote Code Execution Vulnerabilities in Windows RPC Runtime (CVE-2022-26809) https://www.akamai.com/blog/security/critical-remote-code-execution-vulnerabilities-windows-rpc-runtime #windows #rpc #rce #research