Olivia
Online
Adonis Tarcio
@AdonisTarcio
Cybersecurity | CISSP | OSCP | CEH | CRTP | eJPT | LPIC-2 | AZ-500 | Sec+ | Cloud+ | Pentest+ | Cysa+ | CASP+
Joined February 2022
344 Following
105 Followers
806 Posts
A Chinese tracking device was discovered in 🇬🇧 Prime Minister's official car. The bug is believed to have been found in a sealed part of the vehicle imported from China.
Its discovery during a sweep first emerged in 2023, sparking fears that Beijing was aggressively spying on ministers in the then-Conservative government.
Now it has been revealed that the device was in fact found in the Prime Minister's car the previous year.
Charles Parton, of think-tank the Council on Geostrategy, told the Commons Business and Trade Committee: “The prime minister's car in 2022 was emanating data to China through the cellular module.”
This device is thought to have allowed it to communicate to others over mobile networks.
It is not clear which of the three Tory prime ministers that year — Boris Johnson, Liz Truss or Rishi Sunak — was being targeted.
Questioned by MPs about this, Parton — who served as a diplomat for almost 40 years, including more than 20 in China, Hong Kong and Taiwan – added: “A very senior member of the government who certainly knows whose car it was told me.”
The part of the car containing the geolocating device had been installed by the vehicle's manufacturer, reports at the time said.
Parton's claim came during a discussion about cellular modules, which he warned are 'in everything' including planes, cars and even smart doorbells.
“The Chinese aim to get a monopoly in the manufacture of cellular modules, and they're doing pretty well at that already,” he told MPs.
“If the Chinese wish to shut off all your vehicles, because they've all got cellular modules, it wouldn't be difficult.”
Security officials have since dismantled government vehicles used by ministers and diplomats while looking for tracking devices.
Electronic vehicle parts are said to be embedded with SIM cards before being sent to manufacturers as sealed units, with these capable of sending data back to state-owned suppliers in China.
It is understood the Prime Minister's car is run by the Metropolitan Police.
https://t.co/zqsk3m8RXd
Our statement on the UK government’s demand that all content on all devices sold or used in the country be scanned, on the presumption of nudity, using a dystopian combination of age verification and content scanning. This proposal will not safeguard children. It endangers us all.
https://t.co/VdWe9uhi8p
MSSQL has always been a favorite target. Now it ships its own egress channel.
@gershsec's latest research breaks down how SQL Server 2025's native AI features enable exfil, NTLM coercion, and C2 transport, all functioning as intended.
Read more 👇 https://t.co/ugDN4IcZXW
@thetimes Plumber
Who thinks otherwise are delusional
Two sides of the same coin
Microsoft: PowerShell is simple and easy to use.
Actual PowerShell command: Remove-MgIdentityAuthenticationEventFlowAsOnGraphAPretributeCollectionExternalUserSelfServiceSignUpAttributeIdentityUserFlowAttributeByRef
No, this isn't a joke. This was noted by @NathanMcNulty
Don’t let censorship masquerade as protection to become the norm.
Say 'NO' to censorship! ☠️
#cyber #sensorship #europe #europeanparliament
Windows Privilege Escalation
01: Initial Enumeration https://t.co/RwJyWY2A1l
02: Running through PrivEsc Paths from Zero https://t.co/81DbZ1UaNv
During pentests we often have to deal with tasks that can be automated. Some of the best tools for this are ADScan and ADPulse.
ADScan performs both enumeration and attack and is capable of analyzing BloodHound data to guide you through the pentest. It works with and without AD creds and can compromise some labs in just 3-5 minutes
https://t.co/r6qq1YRvOP
@three_cube @_aircorridor #pentesting #redteam
@SeanWrightSec Defence in depth
@ISC2 Will do
@stuart_smiles @ISC2 No, the issue is when trying to pay, it errors out straight away no matter what I put in the card payment
New NetExec module: mssql_cbt🔥
Relaying to MSSQL can be a hidden gem when you are out of options. The only protection against relaying to MSSQL is to enforce Channel Binding Tokens (CBT). Thanks to @Defte_, NetExec now has a module that checks whether this CBT is required.
🔴 File Upload Bypass Cheat Sheet (Extension Splitting)
Credit @therceman
If you're testing file upload functionality, this is pure gold 🔥
Attackers don’t just upload shell.php… they play with encoding, null bytes, separators, and edge-case parsing tricks to bypass filters.
💡 Common tricks:
• Double extensions (.php.png)
• Encoded characters (%0a, %00, %23)
• Unicode bypasses
• Special chars & separators
• Tabs / Newlines injection
🎯 Lesson:
If your validation relies ONLY on extension checks → it's already broken.
🧠 Think like an attacker. Validate like a defender.
#bugbounty #cybersecurity #pentesting #infosec #websecurity #ethicalhacking #redteam
Bypassing #EU #AgeVerification using their own infrastructure.
I've ported the Android app logic to a Chrome extension - stripping out the pesky step of handing over biometric data which they can leak... and pass verification instantly.
Step 1: Install the extension
Step 2: Register an identity (just once)
Step 3: Continue using the web as normal
The extension detects the QR code, generates a cryptographically identical payload and tells the verifier I'm over 18, which it "fully trusts".
This isn't a bug... it's a fundamental design flaw they can't solve without irrevocably tying a key to you personally; which then allows tracking/monitoring.
Of course, I could skip the enrolment process entirely and hard-code the credentials into the extension... and the verifier would never know.
Full account takeover via 2FA bypass 🚨
Watch how we chain a logic flaw to completely bypass 2FA and gain full control over Carlos’ account.
@HackingLZ Robot didn't even break a sweat..
Last Seen Users on Sotwe
Çılgın serseri
Seen from Turkey
kin ✮ 
Seen from France
ぶっかかー🚫🥛💦
Seen from Japan
Anal Brazil 🇧🇷
Lőcsei Rebeka
Seen from United States
ชอบเย็ดหีสาวๆ เย็ดฟรี
Seen from Thailand
حصري خليجي
Seen from Germany
Edwin
Seen from United States
🔞Horny Mood 🔥
Seen from Turkey
Her Asian Calves
Seen from United States
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.3M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.9M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.5M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers