uz
Feedback
APT

APT

Kanalga Telegram’da o‘tish

This channel discusses: — Offensive Security — RedTeam — Malware Research — OSINT — etc Disclaimer: t.me/APT_Notes/6 Chat Link: t.me/APT_Notes_PublicChat

Ko'proq ko'rsatish

📈 Telegram kanali APT analitikasi

APT (@apt_notes) Ingliz til segmentidagi kanali faol ishtirokchi. Hozirda hamjamiyat 15 159 obunachidan iborat bo'lib, Texnologiyalar & Aralashmalar toifasida 8 491-o'rinni va Rossiya mintaqasida 43 809-o'rinni egallagan.

📊 Auditoriya ko‘rsatkichlari va dinamika

невідомо sanasidan buyon loyiha tez o‘sib, 15 159 obunachiga ega bo‘ldi.

08 Iyul, 2026 dagi oxirgi ma’lumotlarga ko‘ra kanal barqaror faollikka ega. Oxirgi 30 kunda obunachilar soni 535 ga, so‘nggi 24 soatda esa 35 ga o‘zgardi va umumiy qamrov yuqori darajada qolmoqda.

  • Tasdiqlash holati: Tasdiqlanmagan
  • Jalb etish (ER): Auditoriya o‘rtacha 43.04% darajada jalb etiladi. Nashrdan keyingi dastlabki 24 soatda kontent odatda umumiy obunachilar sonining 14.50% ini tashkil etuvchi reaksiyalarni to‘playdi.
  • Post qamrovi: Har bir post o‘rtacha 6 520 marta ko‘riladi; birinchi sutkada odatda 2 197 ta ko‘rish yig‘iladi.
  • Reaksiyalar va o‘zaro ta’sir: Auditoriya faol: har bir postga o‘rtacha 17 ta reaksiya keladi.

📝 Tavsif va kontent siyosati

Muallif resursni shaxsiy fikrni ifoda etish maydoni sifatida ta’riflaydi:
This channel discusses: — Offensive Security — RedTeam — Malware Research — OSINT — etc Disclaimer: t.me/APT_Notes/6 Chat Link: t.me/APT_Notes_PublicChat

Yuqori yangilanish chastotasi (oxirgi ma’lumot 09 Iyul, 2026 da olingan) sababli kanal doimo dolzarb va katta qamrovli bo‘lib qoladi. Analitika auditoriya kontent bilan faol hamkorlik qilishini, uni Texnologiyalar & Aralashmalar toifasidagi muhim ta’sir nuqtasiga aylantirishini ko‘rsatadi.

15 159
Obunachilar
+3524 soatlar
+1067 kunlar
+53530 kunlar
Postlar arxiv
APT
15 159
📜 ADCS Attack Techniques Cheatsheet This is a handy table outlining the various methods of attack against Active Directory Certificate Services (ADCS) 🔗 Source: https://docs.google.com/spreadsheets/d/1E5SDC5cwXWz36rPP_TXhhAvTvqz2RGnMYXieu4ZHx64/edit?gid=0#gid=0 #ad #adcs #esc #cheatsheet

APT
15 159
🔑 PanGPA Extractor Tool to extract username and password of current user from PanGPA in plaintext under Windows. Palo Alto N
🔑 PanGPA Extractor Tool to extract username and password of current user from PanGPA in plaintext under Windows. Palo Alto Networks GlobalProtect client queries the GlobalProtect Service for your username and password everytime you log on or refresh the connection. 🔗 Research: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/ 🔗 Source: https://github.com/t3hbb/PanGP_Extractor #paloalto #globalprotect #credentials #dump

APT
15 159
Repost from Offensive Xwitter
😈 [ Synacktiv @Synacktiv ] Oh, you didn't know? Cool kids are now relaying Kerberos over SMB 😏 Check out our latest blogpost by @hugow_vincent to discover how to perform this attack: 🔗 https://www.synacktiv.com/publications/relaying-kerberos-over-smb-using-krbrelayx 🐥 [ tweet ]

APT
15 159
🛡️ Palo Alto PAN-OS Pre-Auth RCE Chain (CVE-2024-0012 & CVE-2024-9474) A critical vulnerability chain in Palo Alto PAN-OS, c
🛡️ Palo Alto PAN-OS Pre-Auth RCE Chain (CVE-2024-0012 & CVE-2024-9474) A critical vulnerability chain in Palo Alto PAN-OS, combining an authentication bypass (CVE-2024-0012) and a command injection flaw (CVE-2024-9474) in the management web interface, allows unauthenticated attackers to execute arbitrary code with root privileges. 🛠 Affected Versions: — PAN-OS 11.2 (up to and including 11.2.4-h1) — PAN-OS 11.1 (up to and including 11.1.5-h1) — PAN-OS 11.0 (up to and including 11.0.6-h1) — PAN-OS 10.2 (up to and including 10.2.12-h2) 🔗 Research: https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/ 🔗 PoC: https://github.com/watchtowrlabs/palo-alto-panos-cve-2024-0012 🔗 Exploit: https://github.com/Chocapikk/CVE-2024-9474 #paloalto #panos #sslvpn #unauth #rce

APT
15 159
💻 RustiveDump LSASS memory dumper using only NTAPIs, creating a minimal minidump, built in Rust with no_std and independent of the C runtime (CRT). It can be compiled as shellcode (PIC), supports XOR encryption, and remote file transmission. 🚀 Features: — NT System Calls for Everything — No-Std and CRT-Independent — Position Independent Code (PIC) — Indirect NT Syscalls — Lean Memory Dump — XOR Encryption 🔗 Source: https://github.com/safedv/RustiveDump #lsass #indirect #syscall #pic #rust

APT
15 159
🚨 Fortinet FortiManager Unauthenticated RCE (CVE-2024-47575) The remote code execution vulnerability in FortiManager allows
🚨 Fortinet FortiManager Unauthenticated RCE (CVE-2024-47575) The remote code execution vulnerability in FortiManager allows attackers to perform arbitrary operations by exploiting commands via the FGFM protocol, circumventing authentication. Referred to as FortiJump, this vulnerability provides unauthorized access to FortiManager, enabling control over FortiGate devices by taking advantage of insufficient security in command handling and device registration processes. 🛠 Affected Versions:
FortiManager 7.6.0
FortiManager 7.4.0 through 7.4.4
FortiManager 7.2.0 through 7.2.7
FortiManager 7.0.0 through 7.0.12
FortiManager 6.4.0 through 6.4.14
FortiManager 6.2.0 through 6.2.12
FortiManager Cloud 7.4.1 through 7.4.4
FortiManager Cloud 7.2.1 through 7.2.7
FortiManager Cloud 7.0.1 through 7.0.12
FortiManager Cloud 6.4
🔗 Research: https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/ 🔗 Source: https://github.com/watchtowrlabs/Fortijump-Exploit-CVE-2024-47575 #fortinet #fortimanager #fgfm #unauth #rce

APT
15 159
🌐 URLFinder URLFinder is a high-speed, passive URL discovery tool designed to simplify and accelerate web asset discovery, i
🌐 URLFinder URLFinder is a high-speed, passive URL discovery tool designed to simplify and accelerate web asset discovery, ideal for penetration testers, security researchers, and developers looking to gather URLs without active scanning. 🚀 Features: — Passive source discovery — JSON/file/stdout output — Optimized speed & efficiency 🔗 Source: https://github.com/projectdiscovery/urlfinder #url #domain #finder #osint

APT
15 159
⚙️ Citrix Virtual Apps and Desktops — Unauthenticated RCE This vulnerability in Citrix Virtual Apps and Desktops enables unauthorized users to achieve remote code execution through a misconfigured Microsoft Message Queuing (MSMQ) service accessible over HTTP. The issue stems from using an outdated BinaryFormatter for data deserialization, allowing attackers to run commands with SYSTEM privileges on the Citrix server. 🔗 Research: https://labs.watchtowr.com/visionaries-at-citrix-have-democratised-remote-network-access-citrix-virtual-apps-and-desktops-cve-unknown/ 🔗 Source: https://github.com/watchtowrlabs/Citrix-Virtual-Apps-XEN-Exploit #citrix #msmq #deserialization #unauth #rce

APT
15 159
✉️ Finding Email Addresses without Paywalls Every Pentester or Red Teamer has likely encountered situations where they need t
✉️ Finding Email Addresses without Paywalls Every Pentester or Red Teamer has likely encountered situations where they need to perform User Enumeration or Password Spraying, but where can you find a list of valid users? Snov.io, Hunter.io, and Phonebook.cz no longer provide easy access to email lists and instead hit you with a paywall. Here’s the solution — Prospeo! Just log in with Google SSO, enter the target domain, and get a list of email addresses with no strings attached. Source: https://app.prospeo.io/domain-search #user #email #enumeration #wordlist

APT
15 159
🧑‍💻Obsidian Web Clipper New extension that helps you highlight and capture the web in your browser. Anything you save is st
🧑‍💻Obsidian Web Clipper New extension that helps you highlight and capture the web in your browser. Anything you save is stored as durable Markdown files that you can read offline, and preserve for the long term. Source: https://obsidian.md/clipper #obsidian #markdown #extensions

APT
15 159
Repost from 1N73LL1G3NC3
BOFHound Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentine
BOFHound Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel. Blog Posts: • BOFHound: AD CS Integration • BOFHound: Session Integration • Granularize Your AD Recon Game Granularize Your AD Recon Game Part 2 P.S:
BOFHound can now parse Active Directory Certificate Services (AD CS) objects, manually queried from LDAP, for review and attack path mapping within BloodHound Community Edition (BHCE).

APT
15 159
Repost from 1N73LL1G3NC3
TypeLibWalker Hijack the TypeLib. New COM persistence technique So I decided to look for some new way of persistence. The obj
TypeLibWalker Hijack the TypeLib. New COM persistence technique So I decided to look for some new way of persistence. The object of study was the COM (Component Object Model) system. The choice was not made by chance, it is quite an old, not too simple and not too complex system that not many people understand. In this article, i will introduce TypeLib libraries, see the relationship between TypeLib and COM, and achieve persistent code execution using TypeLib.

APT
15 159
Repost from Offensive Xwitter
😈 [ Steph @w34kp455 ] Call it the biggest #NTLM #password database or monstrous #MD5 leak, but on, you can find precomputed
😈 [ Steph @w34kp455 ] Call it the biggest #NTLM #password database or monstrous #MD5 leak, but on, you can find precomputed datasets for various wordlists and different hashes - all free! FYI: all_in_one.latin.txt for NTLM contains 26.5 billion pairs of hash:password inside!🔥 🔗 http://weakpass.com 🐥 [ tweet ]

APT
15 159
🔔Call and Register — Relay Attack on WinReg RPC Client A critical vulnerability (CVE-2024-43532) has been identified in Micr
🔔Call and Register — Relay Attack on WinReg RPC Client A critical vulnerability (CVE-2024-43532) has been identified in Microsoft’s Remote Registry client. This flaw allows attackers to exploit insecure fallback mechanisms in the WinReg client, enabling them to relay authentication details and make unauthorized certificate requests through Active Directory Certificate Services (ADCS). 🔗 Research: https://www.akamai.com/blog/security-research/winreg-relay-vulnerability 🔗 RPC Visibility Tool: https://github.com/akamai/akamai-security-research/tree/main/rpc_toolkit/rpc_visibility 🔗 PoC: https://github.com/akamai/akamai-security-research/tree/main/PoCs/cve-2024-43532 #ad #adcs #rpc #ntlm #relay #etw #advapi

APT
15 159
💻 Exploiting Windows Kernel via Kernel Streaming Proxying An in-depth look at CVE-2024-30090, a vulnerability in Kernel Streaming, allowing privilege escalation via malformed IOCTL requests. By leveraging KS Event mishandling during 32-bit to 64-bit conversions, can exploit the bug pattern to gain arbitrary kernel mode access. 🔗 Research: Proxying to Kernel - Part I Proxying to Kernel - Part II 🔗 Source: https://github.com/Dor00tkit/CVE-2024-30090 #windows #streaming #kernel #cve #poc

APT
15 159
👻 Ghost: Shellcode Loader Ghost is a shellcode loader project designed to bypass multiple detection capabilities that are us
👻 Ghost: Shellcode Loader Ghost is a shellcode loader project designed to bypass multiple detection capabilities that are usually implemented by an EDR. 🚀 Feature: — Bypassing kernel callbacks with fiber threads — Stack spoofing (Return Address Spoofing and Function Hooking) — Hiding shellcode within large, randomized memory regions — Disabling ETW — Removing EDR function hooks with suspended processes — Custom API hashing for resolving functions 🔗 Source: https://github.com/cpu0x00/Ghost #edr #shellcode #kernel #memory #evasion

APT
15 159
Repost from 1N73LL1G3NC3
CVE-2024-9465: Palo Alto Expedition Unauthenticated SQL Injection Firing up the SQLMAP tool, and supplying it the endpoint an
CVE-2024-9465: Palo Alto Expedition Unauthenticated SQL Injection Firing up the SQLMAP tool, and supplying it the endpoint and parameter to inject and table to dump, it successfully dumps the entire users table:
python3 sqlmap.py -u "https://10.0.40.64/bin/configurations/parsers/Checkpoint/CHECKPOINT.php?action=im port&type=test&project=pandbRBAC&signatureid=1" -p signatureid -T users --dump
CVE-2024-5910: Expedition: Missing Authentication Leads to Admin Account Takeover for attackers with network access
curl -k 'https://10.0.40.64/0S/startup/restore/restoreAdmin.php'
CVE-2024-9464: Palo Alto Expedition Authenticated Command Injection Exploit CVE-2024-9466: Cleartext Credentials in Logs
/home/userSpace/devices/debug.txt
This world-readable file contained the raw request logs of the Expedition server when it exchanged cleartext credentials for API keys in the device integration process. The Expedition server only stores the API keys, and is not supposed to retain the cleartext credentials, but this log file showed all the credentials used in cleartext. This issue was reported and assigned CVE-2024-9466. Blog: https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/ Shodan dork:
html:"Expedition Project"

APT
15 159
Repost from 1N73LL1G3NC3
KrbRelay-SMBServer This krbrelay version acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP. Re
+1
KrbRelay-SMBServer This krbrelay version acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP.
Relaying SMB to HTTP (ADCS) with a modified version of krbrelay using DFSCoerce and PetitPotam - classic ESC8 attack with Kerberos, no DCOM involved ;)

APT
15 159
Repost from haxx
📖 Тем временем в NetExec (nxc) подвезли поддержку протокола NFS. Из функций сейчас доступен энум файловых шар (права и файлы
📖 Тем временем в NetExec (nxc) подвезли поддержку протокола NFS. Из функций сейчас доступен энум файловых шар (права и файлы рекурсивно), погрузка и разгрузка файлов. Базовый энум
NetExec nfs IP --shares
Рекурсивный энум
NetExec nfs IP --enum-shares
Забираем файл
NetExec nfs IP --get-file /home/user/Desktop/test/lolkekpohek.txt lolkekpohek.txt
Заливаем файл
NetExec nfs IP --put-file lolkekpohek.txt /home/user/Desktop/
🔗 Где почитать подробнее: Энум https://www.netexec.wiki/nfs-protocol/enumeration Льем/качаем файлы https://www.netexec.wiki/nfs-protocol/download-and-upload-files Исходники https://github.com/Pennyw0rth/NetExec/tree/main/nxc/protocols/nfs