APT

Kanalga Telegram’da o‘tish

This channel discusses: — Offensive Security — RedTeam — Malware Research — OSINT — etc Disclaimer: t.me/APT_Notes/6 Chat Link: t.me/APT_Notes_PublicChat

Ko'proq ko'rsatish

Rossiya45 631 Texnologiyalar & Aralashmalar8 841...

📈 Telegram kanali APT analitikasi

APT (@apt_notes) Ingliz til segmentidagi kanali faol ishtirokchi. Hozirda hamjamiyat 14 658 obunachidan iborat bo'lib, Texnologiyalar & Aralashmalar toifasida 8 841-o'rinni va Rossiya mintaqasida 45 631-o'rinni egallagan.

📊 Auditoriya ko‘rsatkichlari va dinamika

невідомо sanasidan buyon loyiha tez o‘sib, 14 658 obunachiga ega bo‘ldi.

12 Iyun, 2026 dagi oxirgi ma’lumotlarga ko‘ra kanal barqaror faollikka ega. Oxirgi 30 kunda obunachilar soni 406 ga, so‘nggi 24 soatda esa 7 ga o‘zgardi va umumiy qamrov yuqori darajada qolmoqda.

Tasdiqlash holati: Tasdiqlanmagan
Jalb etish (ER): Auditoriya o‘rtacha 49.89% darajada jalb etiladi. Nashrdan keyingi dastlabki 24 soatda kontent odatda umumiy obunachilar sonining N/A% ini tashkil etuvchi reaksiyalarni to‘playdi.
Post qamrovi: Har bir post o‘rtacha 7 313 marta ko‘riladi; birinchi sutkada odatda 0 ta ko‘rish yig‘iladi.
Reaksiyalar va o‘zaro ta’sir: Auditoriya faol: har bir postga o‘rtacha 20 ta reaksiya keladi.

📝 Tavsif va kontent siyosati

Muallif resursni shaxsiy fikrni ifoda etish maydoni sifatida ta’riflaydi:
“This channel discusses: — Offensive Security — RedTeam — Malware Research — OSINT — etc Disclaimer: t.me/APT_Notes/6 Chat Link: t.me/APT_Notes_PublicChat”

Yuqori yangilanish chastotasi (oxirgi ma’lumot 13 Iyun, 2026 da olingan) sababli kanal doimo dolzarb va katta qamrovli bo‘lib qoladi. Analitika auditoriya kontent bilan faol hamkorlik qilishini, uni Texnologiyalar & Aralashmalar toifasidagi muhim ta’sir nuqtasiga aylantirishini ko‘rsatadi.

14 658

Obunachilar

+724 soatlar

+1007 kunlar

+40630 kunlar

7 313

Post ko'rishlar

Ma'lumot yo'q24 soatlar

Ma'lumot yo'q48 soatlar

49.89%

Muloqot nisbati

Ma'lumot yo'q

Kuniga postlar

Ads index

beta

Postlar arxiv

14 663

⚙️ Determining AD domain name via NTLM Auth If you have nmap (http-ntlm-info) unable to determine the FQND of an Active Directory domain via OWA, for example due to Citrix NetScaler or other SSO solutions, do it manually!

1) curl -I -k -X POST -H 'Authorization: NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAKANc6AAAADw==' -H 'Content-Length: 0' https://autodiscover.exmaple.com/ews

2) echo 'TlRMTVNTUAACAAAADAAMAD...' | python2 ./ntlmdecoder.py

Source: ntlmdecoder.py #ntlm #auth #sso #tricks #pentest

14 663

🔑 Cobalt Strike Token Vault This Beacon Object File (BOF) creates in-memory storage for stolen/duplicated Windows access tokens allow you to: — Hot swap/re-use already stolen tokens without re-duplicating; — Store tokens for later use in case of a person log out. https://github.com/Henkru/cs-token-vault #ad #tokens #c2 #cobalt #redteam

14 663

💉ClipboardInject Abusing the clipboard to inject code into remote processes This PoC uses the clipboard to copy a payload into a remote process, eliminating the need for VirtualAllocEx/

WriteProcessMemory

https://www.x86matthew.com/view_post?id=clipboard_inject #maldev #injection #clipboard #redteam

14 663

🦮 BlueHound It is an open-source tool that helps blue teams pinpoint the security issues that actually matter. By combining information about user permissions, network access and unpatched vulnerabilities, BlueHound reveals the paths attackers would take if they were inside your network It is a fork of NeoDash, reimagined, to make it suitable for defensive security purposes. Blog: 🔗 https://zeronetworks.com/blog/bluehound-community-driven-resilience/ Tool: 🔗 https://github.com/zeronetworks/BlueHound #ad #sharphound #blueteam

14 663

🔔 TamperingSyscalls This is a 2 part novel project consisting of argument spoofing and syscall retrival which both abuse EH in order to subvert EDRs. This project consists of both of these projects in order to provide an alternative solution to direct syscalls. https://github.com/rad9800/TamperingSyscalls #edr #evasion #maldev #syscall #tampering

14 663

🛡 On Detection: Tactical to Functional The goal of this series is to facilitate a conversation about the more technical aspects of attacks and how a deeper understanding at the more foundational levels helps to provide a batter base to build assumptions from. 🔗 Part 1: Discovering API Function Usage through Source Code Review 🔗 Part 2: Operations #maldev #pinvoke #winapi #detection #blueteam #ttp

14 663

Certipy 4.0: ESC9 & ESC10, BloodHound GUI, New Authentication and Request Methods — and more! https://research.ifcr.dk/certipy-4-0-esc9-esc10-bloodhound-gui-new-authentication-and-request-methods-and-more-7237d88061f7 #ad #adcs #certypy #bloodhound

14 663

https://habr.com/ru/company/angarasecurity/blog/680138/

14 663

🔐 PPLDump RIPPL is a tool that abuses a usermode only exploit to manipulate PPL processes on Windows. https://github.com/last-byte/RIPPL #ad #ppl #lsass #tools

14 663

🐚 PSAsyncShell: Asynchronous Firewall Bypass PSAsyncShell is an Asynchronous TCP Reverse Shell written in pure PowerShell. Unlike other reverse shells, all the communication and execution flow is done asynchronously, allowing to bypass some firewalls and some countermeasures against this kind of remote connections. 🔗 Research: https://darkbyte.net/psasyncshell-bypasseando-firewalls-con-una-shell-tcp-asincrona/ 🔗 Source: https://github.com/JoelGMSec/PSAsyncShell #ad #powershell #reverse #shell

14 663

Repost from Offensive Xwitter

😈 [ mpgn_x64, mpgn ] Me after writing ONE vulnerablity out of 10 for the pentest report 🐥 [ tweet ] Жиза же ну

14 663

🔍 OSINT Tools Today I'm going to talk about two excellent resources for photo editing during OSINT/IMINT. Remini: The image unblurring/sharpening tool could help yield better reverse image search and facial recognition result. https://app.remini.ai/ Cleanup.Pictures: One of the best online photo object removal tools I've ever seen. https://cleanup.pictures/ #OSINT #IMINT #ImageAnalysis #tools

14 663

💉 Apache Spark RCE (CVE-2022-33891) Apache Spark could allow an attacker to execute arbitrary commands on the system, caused by improper input validation of code path in HttpSecurityFilter when ACSs are enabled. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1. PoC (Sleep 10): http://localhost:8080/?doAs=`echo%20%22c2xlZXAgMTAK%22%20|%20base64%20-d%20|%20bash` Exploits: https://github.com/HuskyHacks/cve-2022-33891 https://github.com/W01fh4cker/cve-2022-33891 https://github.com/west-wind/CVE-2022-33891 Shodan Dorks: http.favicon.hash:856048515 #apache #spark #rce #cve

14 663

🔓 Unprotect A project that is meant to provide Malware Analysts and Defenders with actionable insights and detection capabilities to shorten their response times. A catalog of over 200 tricks used by malware to bypass detection and protection tools. There are also rules for detecting these tricks. https://unprotect.it/ #maldev #evasion #redteam #blueteam

14 663

👨‍👩‍👦 Book Can Save A Life

I will be very happy if this book helps at least one person to gain knowledge and learn the science of cybersecurity. The book is mostly practice oriented. This book is dedicated to my wife, Laura, and my children, Yerzhan and Munira. Also, thanks to everyone who is helping me through these difficult times. The proceeds from the sale of this book will be used to treat Munira (my daughter), who is currently battling for her life at a hospital in Istanbul, Turkey.

The book is divided into three logical chapters: — Malware development tricks and techniques; — AV evasion tricks; — Persistence techniques. This book costs $16 but you can pay as much as you want. All money will go to the treatment of her daughter. https://cocomelonc.github.io/book/2022/07/16/mybook.html Channel author's preface: Dear cocomelonc (@abuyerzh) I wish you and your daughter health and well-being!

14 663

🪲 Abuse Cloudflare Zerotrust for C2 channels https://0xsp.com/offensive/red-ops-techniques/abuse-cloudflare-zerotrust-for-c2-channels/ #c2 #cloudflare #zerotrust #redteam

14 663

👀 PowerView.py This is an alternative for the awesome original PowerView script. Most of the modules used in PowerView are available in this project. https://github.com/aniqfakhrul/powerview.py #ad #powerview #python #tools

14 663

Repost from Caster

Моя статья по пост-эксплуатации взломанного оборудования Cisco вышла в свет. https://habr.com/ru/post/676942/ ᛝ

14 663

🎲 Abusing forgotten permissions on computer objects in Active Directory The post is a dive into permissions that are set when you pre-create computer accounts the wrong way, why BloodHound missed those and how to abuse, fix, or monitor for this. Resource: 🔗 https://dirkjanm.io/abusing-forgotten-permissions-on-precreated-computer-objects-in-active-directory/ 🔗 https://www.trustedsec.com/blog/diving-into-pre-created-computer-accounts/ #ad #permission #acl

14 663

🧦 Chisel Strike A .NET XOR encrypted cobalt strike aggressor implementation for chisel to utilize faster proxy and advanced socks5 capabilities. https://github.com/m3rcer/Chisel-Strike #cobaltstrike #socks #proxy #redteam