APT ANALYSIS
@aptanalysis
1.76K subscribers
171 photos
2 videos
6 files
176 links
Анализ APT с фокусом на моделирование, обнаружение и управление сложными атаками. Предоставление точных данных и решений для прогнозирования угроз с реальным опытом в области безопасности.
https://t.me/addlist/7MAZa-vnZclhYzAx
Download Telegram
About
Blog
Apps
Platform
Join
APT ANALYSIS
1.76K subscribers
APT ANALYSIS
This media is not supported in your browser
VIEW IN TELEGRAM
FileJacking – Initial Access with File System API
https://print3m.github.io/blog/filejacking-initial-access-with-file-system-api

⭐️@APTANALYSIS
903 views
APT ANALYSIS
♣️Fortinet FortiSIEM Pre-Auth Command Injection (CVE-2025-25256)
🐺Blog : https://labs.watchtowr.com/should-security-solutions-be-secure-maybe-were-all-wrong-fortinet-fortisiem-pre-auth-command-injection-cve-2025-25256
⭐️@APTANALYSIS
Please open Telegram to view this post
VIEW IN TELEGRAM
945 views
APT ANALYSIS
What is KawaLocker ransomware?
https://www.huntress.com/blog/kawalocker-ransomware-deployed
⭐️@APTANALYSIS
928 views
APT ANALYSIS
Netexec Workshop Active Directory Lab Writeup
Blog: https://blog.anh4ckin.ch/posts/netexec-workshop2k25/
⭐️@APTANALYSIS
867 views
APT ANALYSIS
CrossC2 framework
generate CobaltStrike's cross-platform payload:
https://github.com/gloxec/CrossC2.git

Hackers Found Using CrossC2 to Expand Cobalt Strike Beacon's Reach to Linux and macOS
https://thehackernews.com/2025/08/researchers-warn-crossc2-expands-cobalt.html?m=1
⭐️@APTANALYSIS
1.03K viewsedited  
APT ANALYSIS
Dissecting PipeMagic: Inside the architecture of a modular backdoor framework
https://www.microsoft.com/en-us/security/blog/2025/08/18/dissecting-pipemagic-inside-the-architecture-of-a-modular-backdoor-framework/
⭐️@APTANALYSIS
1.03K viewsedited  
APT ANALYSIS
♣️Pay2Keys Resurgence
👁‍🗨PDF : https://engage.morphisec.com/hubfs/Pay2Key_Iranian_Cyber_Warfare_Targets_the_West_Whitepaper.pdf
⭐️@APTANALYSIS
Please open Telegram to view this post
VIEW IN TELEGRAM
913 views
APT ANALYSIS
♣️Salty 2FA: Undetected PhaaS from Storm-1575 Hitting US and EU Industries
👁‍🗨Blog : https://any.run/cybersecurity-blog/salty2fa-technical-analysis/
♣️Crypto24 Ransomware Group Blends Legitimate Tools with Custom Malware for Stealth Attacks
👁‍🗨Blog : https://www.trendmicro.com/en_no/research/25/h/crypto24-ransomware-stealth-attacks.html
⭐️@APTANALYSIS
Please open Telegram to view this post
VIEW IN TELEGRAM
900 views
APT ANALYSIS
Bring your own vulnerable driver’ attack technique is becoming popular among threat actors
https://cybernews.com/security/bring-your-own-vulnerable-driver-attack/

To practice Bring Your Own Vulnerable Driver (BYOVD) techniques from the CETP course, I set out to develop a toolkit leveraging a kernel-level read/write primitive to bypass security mechanisms such as LSASS’s RunasPPL protection and to enumerate and remove EDR telemetry via kernel callback manipulation. For the vulnerable driver, I used the well-known RTCore64.sys from MSI Afterburner.


⭐️@APTANALYSIS
1.14K views
APT ANALYSIS
APT ANALYSIS
Bring your own vulnerable driver’ attack technique is becoming popular among threat actors https://cybernews.com/security/bring-your-own-vulnerable-driver-attack/ To practice Bring Your Own Vulnerable Driver (BYOVD) techniques from the CETP course, I set…
Bypassing Enrollment Restrictions to Break BYOD Barriers in Intune
Blog: https://temp43487580.github.io/intune/bypass-enrollment-restictions-to-break-byod-barriers-in-intune/

⭐️@APTANALYSIS
temp43487580.github.io
Bypassing Enrollment Restrictions to Break BYOD Barriers in Intune
Ways of device ownership spoofing and more for persistent access to Intune
989 views
APT ANALYSIS
♣️Warlock: From SharePoint Vulnerability Exploit to Enterprise Ransomware
🌟Blog : https://www.trendmicro.com/en_us/research/25/h/warlock-ransomware.html
♣️Investigation Report: APT36 Malware Campaign Using Desktop Entry Files and Google Drive Payload Delivery
🌟Blog : https://www.cloudsek.com/blog/investigation-report-apt36-malware-campaign-using-desktop-entry-files-and-google-drive-payload-delivery
♣️APT MuddyWater Deploys Multi-Stage Phishing to Target CFOs
🌟Blog : https://hunt.io/blog/apt-muddywater-deploys-multi-stage-phishing-to-target-cfos
♣️Phantom Pains: A Massive Cyber Espionage Campaign and Possible Split of the PhantomCore APT Group
🌟Blog : https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/phantom-pains-a-large-scale-cyber-espionage-campaign-and-a-possible-split-of-the-apt-group-phantomcore/#id1
♣️Think before you Click(Fix): Analyzing the ClickFix social engineering technique
🌟Blog : https://www.microsoft.com/en-us/security/blog/2025/08/21/think-before-you-clickfix-analyzing-the-clickfix-social-engineering-technique/
♣️A Cereal Offender: Analyzing the CORNFLAKE.V3 Backdoor
🌟Blog : https://cloud.google.com/blog/topics/threat-intelligence/analyzing-cornflake-v3-backdoor/
♣️Examining the tactics of BQTLOCK Ransomware & its variants
🌟Blog : https://labs.k7computing.com/index.php/examining-the-tactics-of-bqtlock-ransomware-its-variants/
⭐️@APTANALYSIS
Please open Telegram to view this post
VIEW IN TELEGRAM
1.25K views
APT ANALYSIS
♣️Operating Outside the Box: NTLM Relaying Low-Privilege HTTP Auth to LDAP
Blog : https://specterops.io/blog/2025/08/22/operating-outside-the-box-ntlm-relaying-low-privilege-http-auth-to-ldap
⭐️@APTANALYSIS
Please open Telegram to view this post
VIEW IN TELEGRAM
1.14K views
APT ANALYSIS
Machine Account Takeover with LsaStorePrivateData()
Blog: https://pentest.party/posts/2025/ksetup-machine-password/
⭐️@APTANALYSIS
1.17K views
APT ANALYSIS
This media is not supported in your browser
VIEW IN TELEGRAM
Finding Malware: DIRTYBULK and Friends - USB Infections To Fuel Cybercriminal Coinmining Operations
Blog: https://security.googlecloudcommunity.com/community-blog-42/finding-malware-dirtybulk-and-friends-usb-infections-to-fuel-cybercriminal-coinmining-operations-5552
⭐️@APTANALYSIS
1.43K views
APT ANALYSIS
AppSuite PDF Editor Backdoor: A Detailed Technical Analysis
Blog: https://www.gdatasoftware.com/blog/2025/08/38257-appsuite-pdf-editor-backdoor-analysis
⭐️@APTANALYSIS
1.71K views
APT ANALYSIS
Three Lazarus RATs coming for your cheese
Blog:https://blog.fox-it.com/2025/09/01/three-lazarus-rats-coming-for-your-cheese/
⭐️@APTANALYSIS
1.46K views
APT ANALYSIS
The One-Man APT, Part I: A Picture That Can Execute Code on the Target
Blog:https://hackers-arise.com/the-one-man-apt-part-i-a-picture-that-can-execute-code-on-the-target/
⭐️@APTANALYSIS
1.93K views
APT ANALYSIS
♣️Blurring the Lines: Intrusion Shows Connection With Three Major Ransomware Gangs
Blog :https://thedfirreport.com/2025/09/08/blurring-the-lines-intrusion-shows-connection-with-three-major-ransomware-gangs/
⭐️@APTANALYSIS
Please open Telegram to view this post
VIEW IN TELEGRAM
2.02K views
APT ANALYSIS
An analysis of the Gentlemen ransomware group, which employs advanced, adaptive tactics, techniques, and procedure to target critical industries worldwide.
Blog: https://www.trendmicro.com/en_us/research/25/i/unmasking-the-gentlemen-ransomware.html
⭐️@APTANALYSIS
2.46K views
APT ANALYSIS
Remote DLL Injection with Timer-based Shellcode Execution
https://github.com/andreisss/Remote-DLL-Injection-with-Timer-based-Shellcode-Execution
⭐️@APTANALYSIS
2.59K views
APT ANALYSIS
♣️Threat Intelligence Report: APT35 Internal Leak of Hacking Campaigns Against Lebanon, Kuwait, Turkey, Saudi Arabia, Korea, and Domestic Iranian Targets
🐈‍⬛Blog : https://dti.domaintools.com/threat-intelligence-report-apt35-internal-leak-of-hacking-campaigns-against-lebanon-kuwait-turkey-saudi-arabia-korea-and-domestic-iranian-targets
⭐️@APTANALYSIS
Please open Telegram to view this post
VIEW IN TELEGRAM
1.71K views