uz
Feedback
APT

APT

Kanalga Telegram’da o‘tish

This channel discusses: — Offensive Security — RedTeam — Malware Research — OSINT — etc Disclaimer: t.me/APT_Notes/6 Chat Link: t.me/APT_Notes_PublicChat

Ko'proq ko'rsatish

📈 Telegram kanali APT analitikasi

APT (@apt_notes) Ingliz til segmentidagi kanali faol ishtirokchi. Hozirda hamjamiyat 15 258 obunachidan iborat bo'lib, Texnologiyalar & Aralashmalar toifasida 8 429-o'rinni va Rossiya mintaqasida 43 509-o'rinni egallagan.

📊 Auditoriya ko‘rsatkichlari va dinamika

невідомо sanasidan buyon loyiha tez o‘sib, 15 258 obunachiga ega bo‘ldi.

11 Iyul, 2026 dagi oxirgi ma’lumotlarga ko‘ra kanal barqaror faollikka ega. Oxirgi 30 kunda obunachilar soni 597 ga, so‘nggi 24 soatda esa 28 ga o‘zgardi va umumiy qamrov yuqori darajada qolmoqda.

  • Tasdiqlash holati: Tasdiqlanmagan
  • Jalb etish (ER): Auditoriya o‘rtacha 41.59% darajada jalb etiladi. Nashrdan keyingi dastlabki 24 soatda kontent odatda umumiy obunachilar sonining 18.76% ini tashkil etuvchi reaksiyalarni to‘playdi.
  • Post qamrovi: Har bir post o‘rtacha 6 342 marta ko‘riladi; birinchi sutkada odatda 2 861 ta ko‘rish yig‘iladi.
  • Reaksiyalar va o‘zaro ta’sir: Auditoriya faol: har bir postga o‘rtacha 14 ta reaksiya keladi.

📝 Tavsif va kontent siyosati

Muallif resursni shaxsiy fikrni ifoda etish maydoni sifatida ta’riflaydi:
This channel discusses: — Offensive Security — RedTeam — Malware Research — OSINT — etc Disclaimer: t.me/APT_Notes/6 Chat Link: t.me/APT_Notes_PublicChat

Yuqori yangilanish chastotasi (oxirgi ma’lumot 12 Iyul, 2026 da olingan) sababli kanal doimo dolzarb va katta qamrovli bo‘lib qoladi. Analitika auditoriya kontent bilan faol hamkorlik qilishini, uni Texnologiyalar & Aralashmalar toifasidagi muhim ta’sir nuqtasiga aylantirishini ko‘rsatadi.

15 258
Obunachilar
+2824 soatlar
+1717 kunlar
+59730 kunlar
Postlar arxiv
APT
15 258
.

APT
15 258
Repost from vx-underground
How to fix the Crowdstrike thing: 1. Boot Windows into safe mode 2. Go to C:\Windows\System32\drivers\CrowdStrike 3. Delete C-00000291*.sys 4. Repeat for every host in your enterprise network including remote workers 5. If you're using BitLocker jump off a bridge

APT
15 258

APT
15 258
💻 Chrome Extension For Persistence How to silently install any Chrome extension and avoid common indicators of compromise (IOCs). The method avoids using CLI parameters or registry edits, and persists via the Secure Preferences file 🔗 Source: https://syntax-err0r.github.io/Silently_Install_Chrome_Extension.html #chrome #persistence #maldev #c2

APT
15 258
🖥 Introduction for to Windows kernel exploitation Explore the Windows Kernel with HEVD, a vulnerable driver. Dive into stack
🖥 Introduction for to Windows kernel exploitation Explore the Windows Kernel with HEVD, a vulnerable driver. Dive into stack overflow exploits and bypass SMEP/KPTI protections using the sysret approach. A detailed guide for Windows kernel explotation: — Part 0: Where do I start?Part 1: Will this driver ever crash?Part 2: Is there a way to bypass kASLR, SMEP and KVA Shadow?Part 3: Can we rop our way into triggering our shellcode?Part 4: How do we write a shellcode to elevate privileges and gracefully return to userland? #windows #kernel #driver #hevd #hacksys

APT
15 258
😎 Gigaproxy — One Proxy to Rule Them All If you’re looking for a powerful tool to help you bypass Web Application Firewalls (WAFs) during external penetration tests and bug bounty programs, you’re in the right place. Gigaproxy tool is designed to rotate IPs using mitmproxy, AWS API Gateway, and Lambda. Fireprox is great but has one major downside. You can only target a single host at a time. Gigaproxy solves this. 🔗 Research: https://www.sprocketsecurity.com/resources/gigaproxy 🔗 Source: https://github.com/Sprocket-Security/gigaproxy #ip #rotate #aws #api #gateway #proxy

APT
15 258
💻 BIOS bootloader from scratch in ASM Dive into building a BIOS bootloader from scratch to boot an x86 CPU into 64-bit mode.
💻 BIOS bootloader from scratch in ASM Dive into building a BIOS bootloader from scratch to boot an x86 CPU into 64-bit mode. From ASM basics to integrating with C, unravel the complexities step-by-step. 🔗 Research: https://thasso.xyz/2024/07/13/setting-up-an-x86-cpu.html 🔗 Code: https://github.com/thass0/blog-code/tree/main/2024-07-13-setting-up-an-x86-cpu #bios #loader #asm #clang

APT
15 258
Repost from RedTeam brazzers
Кросс-сессионная активация или захватываем сессию пользователя без RemotePotato0, TGSThief, mimikatz и Process Injection! Дав
Кросс-сессионная активация или захватываем сессию пользователя без RemotePotato0, TGSThief, mimikatz и Process Injection! Давным-давно я писал о способе злоупотребления интерфейсом IHxHelpPaneServer. Однако вы когда в последний раз использовали моникеры? И я давным-давно... Поэтому нужно было найти альтернативный способ исполнения кода в сессии другого пользователя, забыв про все техники внедрения. Если посмотреть на код RemotePotato0 или RemoteKrbRelay , то можно заметить использование недокументированных интерфейсов ISpecialSystemProperties и IStandartActivator. Причем не сказать, что их использование довольно редкое. Их можно встретить в любой программе, которая позволяет стащить учётные данные (имеет переключатель -session). Сами по себе, они позволяют контролировать сессию, в которой создавать COM-объект. Ранее мы ловили от них только аутентификацию, но что мешает соединить использование этих интерфейсов с описанным в SeMishaPrivilege COM-классом IHxHelpPaneServer? Конечно же ничего! И я написал небольшой POC, который выложил на GitHub . Если вам интересно подробно окунуться в принцип работы инструмента, то советую обратить внимание на нашу статью на medium :)

APT
15 258
⚙️ Remote Session Enumeration The blog post explores how to enumerate remote user sessions on Windows using undocumented Wind
⚙️ Remote Session Enumeration The blog post explores how to enumerate remote user sessions on Windows using undocumented Windows APIs, specifically focusing on the implementation and usage of the WinStation API. 🔗 Research: https://0xv1n.github.io/posts/sessionenumeration/ 🔗 Source: https://github.com/0xv1n/RemoteSessionEnum/blob/main/main.cpp #windows #qwinsta #session #winapi #cpp

APT
15 258
😈 dirDevil: Hiding Code and Content Within Folder Structures This article describes a method for hiding data within directory structures by using GUIDs in folder names to encode information. This approach bypasses antivirus and DLP systems since the data is stored in folder names rather than files, making it difficult to detect and analyze. 🔗 Research: https://trustedsec.com/blog/dirdevil-hiding-code-and-content-within-folder-structures 🔗 Source: https://github.com/nyxgeek/dirdevil #hide #code #folder #evasion

APT
15 258
🖥 Windows KASLR bypass using prefetch side-channel A proof-of-concept tool for bypassing KASLR (kernel ASLR) on Windows 11.
🖥 Windows KASLR bypass using prefetch side-channel A proof-of-concept tool for bypassing KASLR (kernel ASLR) on Windows 11. Inspired by EntryBleed for Linux. This tool was developed as part of an exploit targetting Windows 11 24H2. CPU Support: — Intel: Reliable ✅ — AMD: Flaky ⚠️ 🔗 Research: https://exploits.forsale/24h2-nt-exploit/ 🔗 Source: https://github.com/exploits-forsale/prefetch-tool #windows11 #aslr #kaslr #research

APT
15 258
🕷 ADSpider Tool for monitor Active Directory changes in real time without getting all objects. Instead of this it use replication metadata and Update Sequence Number (USN) to filter current properties of objects. 🔗 Research: https://habr.com/ru/companies/angarasecurity/articles/697938/ 🔗 Source: https://github.com/DrunkF0x/ADSpider ——— Наконец-то появилась на свет, а точнее в паблике, утилита ADSpider от моего горячо любимого @DrunkF0x. Ура-ура! 💃 #ad #windows #monitoring #tools

APT
15 258
🖼️ Microsoft SharePoint Server 20219 — RCE PoC for: — CVE-2024-38094CVE-2024-38024CVE-2024-38023 🔗 Source: https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC #sharepoint #poc #rce #cve

APT
15 258
Repost from SecuriXy.kz
+1
🆕Все читали в новостях шумную новость про новый rockyou 2024🆕 https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/ Мы его скачали, немного отфильтровали, а теперь делимся с Вами результатами 😎 ZIP-архив в 45 гигов в распакованном виде выдаёт текстовый файл размером 155 ГБ. При открытии с помощью less будет уведомление, что он выглядит как бинарный файл. В нём по какой-то причине добавлено приличное количество мусора... Вычистив его, получаем на выходе файл размером в 144 ГБ. Но даже в нём, достаточно бесполезных строк (Хотя если кому надо, можем выложить и его). Отфильтровали ещё немного, оставив только строки без пробелов длиной от 8 до 40 символов и вуаля - 25 гигабайт приемлемого вордлиста). Пользуйтесь 🔥

APT
15 258
🔑 Dumping LSA: a story about task decorrelation Discover the art of bypassing EDRs by decorrelating attack tool behavior. Th
🔑 Dumping LSA: a story about task decorrelation Discover the art of bypassing EDRs by decorrelating attack tool behavior. This post explains the process of remote LSA secrets dumping and reveals techniques to retrieve a Windows computer's BOOTKEY without EDR detection. 🔗 Source: https://sensepost.com/blog/2024/dumping-lsa-secrets-a-story-about-task-decorrelation/ #lsa #sam #dump #edr #bypass

APT
15 258
💻 VMware vCenter Server — Remote Code Execution (CVE-2024-22274) The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system as the "root" user. 🔗 Source: https://github.com/mbadanoiu/CVE-2024-22275 #vmware #vcenter #rce #cve

APT
15 258
💻 VMware vCenter Server — Multiple LPE (CVE-2024-37081) The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance. 🔗 Source: https://github.com/mbadanoiu/CVE-2024-37081 #vmware #vcenter #lpe #cve

APT
15 258
Repost from Похек
RockYou2024 Архив весит 45 гб Распакованный 156 гб Загрузил на свой S3. Скорость не лучшая, но точно не отвалиться загрузка https://s3.timeweb.cloud/fd51ce25-6f95e3f8-263a-4b13-92af-12bc265adb44/rockyou2024.zip В процессе Google Drive и Яндекс Диск

APT
15 258
🔑 RockYou2024: 10 billion passwords leaked in the largest compilation of all time Researchers discovered what appears to be
🔑 RockYou2024: 10 billion passwords leaked in the largest compilation of all time Researchers discovered what appears to be the largest password compilation with a staggering 9,948,575,739 unique plaintext password 🔗 Source: https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/ 🔗 Source archive: https://fastupload.io/1824d409732f30be #wordlist #rockyou #passwords

APT
15 258
📄 Evading ETW Based Detections In this post, Event Tracing for Windows (ETW) will be explored along with various evasion techniques used to evade detections based on this Windows event tracking and collection mechanism. 🔗 https://s4dbrd.com/evading-etw-based-detections/ #etw #bypass #windows