Olivia
Online
TNT
@TNTHKY
Founder of Hacking Group、White Hat Cybersecurity Group Limited,Initiator of DEFCON GROUP 86025
Joined May 2016
72 Following
307 Followers
216 Posts
【开源】PrivacyHound(哮天犬):Android 隐私实时监控工具
实时记录 App 调用摄像头、麦克风、GPS 的行为。所有日志本地存储,零网络权限,完全可审计。
Open-sourced: PrivacyHound – Android privacy monitor
Logs camera, microphone, and GPS access in real time. All logs stay local, zero network permission, fully auditable.
🔗 Apache 2.0
https://t.co/hX1bWyLKj8
#AndroidSecurity #OpenSource #PrivacyMatters #HackingGroup
12 new rewards just dropped in the WhiteHat points store!
From hacker tools to custom merch – your contributions now get you even more.
Check them out and redeem your points today 👉 https://t.co/96qDf35AlD
#WhiteHat #BugBounty #PointsStore #CommunityDriven
📢 Call for Papers is OPEN
XCon 2026 × Hacking Group joint forum returns!
Theme: “Offensive & Defensive Evolution Under AI Empowerment – A Paradigm Shift”
We’re looking for hardcore, original, non-commercial security research.
🔗 More details & submission: [email protected]
#XCon2026 #HackingGroup #InfoSec #AIsecurity #CallForPapers
🧠 Topics of interest include but not limited to:
• AI native security, RAG/vector DB attacks, deepfake defense
• Red team engineering, C2 stealth, physical / close‑in penetration
• Data privacy, leak detection, digital forensics
• Satellite / IoT / automotive / critical infrastructure security
• AI‑driven threat hunting & automated defense
Submit your proposal to [email protected] by May 31, 2026.
#XCon #HackingGroup #CyberSecurity #RedTeam #AI
Who to follow
freqy 🏳️🌈🏴☠️
@FreqyXin
Mostly organic radio dampener, Microsoft B-roll actress, Digital Space Pirate, Practitioner of thermonuclear anti-gender warfare, she/her
Adam Chester 🏴☠️
@_xpn_
Hacker for Hire at @SpecterOps | Blog at https://t.co/tjfTOlmau2 | Insta at https://t.co/PqR6CZQ48T
Andrew Thompson 
@ImposeCost
Posts are attributable to me—not my employer. Leadership, Security, and Intelligence at Google, Mandiant, and United States Marine Corps.
🎙️ This is the 3rd consecutive year for Hacking Group at XCon – a pure, grassroots, community‑driven stage.
No commercial KPI, no BS – just real techniques, real passion.
Join us and define the undefined.
#InfoSecCommunity #Hackers #XCon2026
🚨 Ekubo Protocol EVM Swap Router 安全事件提醒
@EkuboProtocol 官方确认:本次安全事件主要影响 EVM 链上的 Swap Router 合约,Starknet 主协议及流动性提供者暂未受影响。
⚠️攻击机制简述:
攻击者利用 Router 合约在 forward() 调用失败但未正确 revert 的情况下,通过 pay() 函数的 payCallback 机制,滥用用户此前授予的历史 ERC-20 Approval,直接执行 transferFrom 提取资金。
📍关键地址:
风险 Router 合约(建议立即撤销授权):
• Ethereum V2:0x8ccb1ffd5c2aa6bd926473425dea4c8c15de60fd
• Ethereum V3:0x4f168f17923435c999f5c8565acab52c2218edf2
• Arbitrum V3:0xc93c4ad185ca48d66fefe80f906a67ef859fc47d
攻击者地址:0xA911Ff351B143634Dbc5aF3E204EA074583A83e3
攻击合约地址:0x61b0dAD9628D3e644eB560a5c9B0F960430E3A75
本次事件已确认造成约 17 WBTC(价值约 140 万美元)损失。
攻击交易:
https://t.co/PVjwfCPhXo
Arisk 建议:
请所有 DeFi 用户立即检查并撤销对以上 Router 合约的老旧及无限授权。
#Ekubo #DeFiSecurity #CryptoSecurity #SmartContractAudit #WalletSecurity #AML #Arisk
A perfect end to the Malaysia trip. See you all next time! 🍵
吉隆坡见
WhiteHat in Kuala Lumpur – A Deep “Co-Building” Session
🚀 Quick Announcement
WhiteHat’s second batch of closed-beta invite codes will be released tomorrow, April 17 at 10:00 AM (UTC+8).
How to get it: Follow our WeChat public account and reply “内测” (first come, first served, limited quantity).
Beta portal: https://t.co/DMdllUwlAZ
Set your alarm if you haven’t joined yet.
A Journey Across Borders
Remember our promise from March?
We were a month late, but on April 7 we launched WhiteHat’s closed beta as promised.
During this month, while refining rules, we asked ourselves: besides code and vulnerabilities, what does a truly community-driven platform need?
The answer: human connections.
For that answer, we set out from Hong Kong and traveled across borders to Kuala Lumpur.
This is not just a geographical move – it’s WhiteHat’s determination to go from an online product to an offline community.
Why Kuala Lumpur?
On April 20, 2026, in Kuala Lumpur.
We chose not a grand launch event, but a quiet meeting room.
With security researchers from Southeast Asia. Unlimited conversation.
This is WhiteHat’s first offline closed-door gathering.
No one‑way presentations. Just a deep “co‑building” session.
No KPIs, no corporate speak. We’re bringing feedback from the closed beta, and our latest thoughts on rating disputes and process transparency.
What we look forward to most is hearing your real voice – the people who actually find vulnerabilities.
What will we talk about behind closed doors?
Three core dimensions:
Rule Co‑governance: Does the current vulnerability rating system feel “out of place” in Southeast Asia?
Process Transparency: How to eliminate the “black box” from submission to fix, so every report gets a response?
Capability Galaxy: Beyond bug hunting, how can WhiteHat become your career accelerator?
Our Vision
WhiteHat is not just a platform. It’s a proposition.
A proposition that values depth over breadth, collaboration over transaction, long‑term growth over short‑term gains.
This Kuala Lumpur gathering is our first step from a Hong Kong base toward a global community.
We hope WhiteHat’s footprint will reach more cities, connecting more white‑hat hackers like you.
Limited Seats – First Come, First Served
To ensure deep conversation, seats are limited.
If you are in Kuala Lumpur, and you have thoughts to share –
Let’s talk on April 22.
Deadline: April 20, 2026, 19:00 (UTC+8)
How to apply: Send your WhiteHat platform ID or a brief self‑introduction to [email protected] or DM @0_TNT on Discord
Selected participants will receive the exact location via email/DM.
The WhiteHat Team
Community‑Driven. Capability‑Centric. Global by Nature.
Discord: https://t.co/embHfbhj4G
X (Twitter): @WhiteHatHK
LinkedIn: @WhiteHatHK
#whitehat #bughunter #bugbounty #cybersecurity
🚨 Arisk 风险情报 | Inferno Drainer 恶意授权钓鱼再现!
近日,又有一用户因签署恶意 #Permit2 交易,被钓鱼者转走约 31.6万美元 USDC。
涉案核心钓鱼地址包括: 0xAfb2423F447D3e16931164C9970B9741aAb1723E
这正是我们3月25日深度链上追踪分析中重点标记的 Inferno Drainer 团伙核心授权地址!
Arisk 团队持续对该团伙保持动态监测。
2026年至今,Inferno Drainer 通过新建地址+恶意授权/离线签名手法,已造成数百万美元损失,资金路径多为 Swap 兑换 → 跨链桥洗钱 → 交易所变现。
⚠️ 安全提醒(必看):
🔍 签名前用 Arisk AML 工具检测 spender 地址风险
♻️ 定期批量检查并撤销可疑 Approve/Permit 授权
🚫 避免点击不明链接、不签不明交易
有类似授权/钓鱼线索?欢迎评论区交流
立即访问👉 https://t.co/4CuYq1iIRE 体验更多内容
#InfernoDrainer #恶意授权 #Permit2钓鱼 #Web3安全 #加密货币风险 #Arisk #链上追踪
We are preparing to customize a batch of WhiteHat T-shirts, which will be listed in the points store for redemption later
#whitehat #cybersecurity #bugbounty #pentest #bughunter
事件最新进展更新:
Drift Protocol 官方高度评估认为,此次 2.85 亿美元攻击系朝鲜关联黑客组织 UNC4736( Lazarus Group 分支)历时约6个月的社会工程学行动。🚨
攻击者长期伪装成专业量化交易团队,通过线下会议建立信任,最终诱导 Security Council 成员进行 durable nonce 预签名。🔍
完整攻击链路:
✅ 长期伪装(2025秋季起,持续6个月):在多个加密会议上接触 Drift 贡献者,假扮量化交易团队建立信任
✅ 准备阶段:创建虚假代币(类似 CVT )洗交易抬高oracle价格 + 提前设置 durable nonce 并诱导预签名
✅ 治理接管:利用预签名快速夺取 Security Council 权限(无 timelock )
✅ 执行清空:4月1日12分钟内31笔交易,抽干 JLP Delta Neutral、SOL/BTC Super Staking 等主要金库,总计约 2.85 亿美元
✅ 资金流向:通过 Circle CCTP 快速跨链至以太坊,目前处于积累待机状态
Arisk 此前链上分析与官方披露高度一致。
我们将继续密切监测关联地址动态。📈
#DriftHack #LazarusGroup #UNC4736 #SolanaDeFi #CryptoSecurity
🚨找人「代订买票」竟不知不觉成为洗钱工具人?
你是否在二手平台或社交软件刷到过这类广告?
“内部渠道机票5折起”
“特价代订,官网可查”
“接全网代付,转账给我我帮你出票”
……
小王在二手平台看到“内部渠道机票5折起,官网可查”,下单后确实能看到真实订单。本以为省了大钱,结果登机当天被拦下:购票资金来源异常,订单直接作废,还需配合调查。
这不是个案,而是一条成熟的黑灰产洗钱闭环
看似省钱的捷径,可能已将你卷入洗钱链条。你遇到过类似“内部特价”吗?欢迎评论分享。
#AML #反洗钱 #CryptoScam #代订 #链上追踪
结合最新公开情报和 Arisk 最新链上分析,此次 Drift Protocol 约 2.85亿美元 安全事件,攻击手法高度复杂且准备充分,存在指向朝鲜关联黑客组织(Lazarus Group / APT38)的显著特征。
我们已将相关地址及资金流向纳入重点动态监测。
DeFi 项目方请务必加强多签治理、预签名(durable nonce)监控与 oracle 资产上线审查,避免类似复合攻击重演。
#DriftHack #Solana #LazarusGroup #CryptoSecurity #AML #Arisk
🚀 WhiteHat closed beta is NOW LIVE!
A community-driven bug bounty platform, built by researchers, for researchers.
Earn points by finding vulnerabilities on WhiteHat itself, daily check-ins, referrals, and more. Redeem points for USB Ninja and other hacker tools.
Closed Beta Launch | Limited Invite Codes Available, Earn Points to Redeem USB Ninja
To all security researchers,
Today is the day.
WhiteHat — a bug bounty platform driven by grassroots cybersecurity communities, built by researchers for researchers — officially opens its closed beta registration this morning.
This is not a big corporation's commercial project, nor a short-term experiment by investors. Every rule and every iteration will be shaped together by the community.
Official Website: https://t.co/DMdllUwlAZ
Closed Beta Invite Code: Follow our WeChat official account and reply with “内测” to get a limited invite code (first come, first served, while supplies last)
Discord Community: Get real‑time technical support, rule discussions, and bug submission Q&A
During the closed beta, only researchers with an invite code can register. If you miss out, join our Discord – we will issue additional codes from time to time.
Why "Community‑Driven"?
· Co‑governance of Rules: Vulnerability ratings, dispute resolution, points system – all core rules are openly discussed in the community. Every suggestion you make could become part of the official rules.
· Grassroots DNA: No complex shareholder interests. The platform's direction is determined by the voices of researchers.
· Long‑term Commitment: We are not a “launch and leave” project. We stand with the community, iterating continuously.
This is not a “perfect” platform, but one that is willing to grow with you.
Closed Beta Points System (Summary)
Researchers earn points by finding vulnerabilities on the WhiteHat platform itself or by completing community growth tasks. Points can be redeemed in the store for hacker tools like USB Ninja, books, custom merchandise, and more.
I. Vulnerability Points (for https://t.co/dz6DKbWOlW platform itself)
Severity Base Points
Critical 20,000
High 8,000
Medium 2,000
Low 500
Quality bonus: Clear report + complete reproduction steps + reasonable fix suggestions = additional 10%~20%
II. Growth Points
· Registration Bonus: Complete registration → 100 points
· Daily Check‑in: 10 points/day; 7‑day streak +50; 30‑day streak +200; 100‑day streak +700
· Referral Rewards: Invite a friend to register → referrer gets +100, referee gets +50
· First Submission: First submission (valid or not) +100; first valid bug +200; first critical/high bug +300
· Community Contributions: Adopted suggestion +500; high‑quality article +300 (max 2 per month)
III. Points Validity & Redemption
· Closed beta points are valid for 2 years; unused points expire after that.
· Cheating (fake check‑ins, spam bugs, self‑referrals, etc.) will result in account ban.
Full rules are available in the "Closed Beta Points System" under the official announcements and events section: https://t.co/J82etS6KaS
The WhiteHat Team
Community‑Driven. Capability‑Centric. Global by Nature.
---
Discord: https://t.co/embHfbhj4G
Closed Beta Announcement | April 7 – A Community-Driven Bug Bounty Platform Opens Registration
During this extra month, we never stopped working. Instead, we dove deep into countless 'invisible details' – the kind of tedious but critical work that only those who have truly built an international platform would understand. Also, we have prepared a batch of hacker tools for everyone to redeem with your closed-beta points. See you this Tuesday 🦾
https://t.co/RfxNbaGYd9
兄弟们,好久不见|给所有还在坚守的兄弟们的一段心里话 🤟
Brothers, Long Time No See | A Message to Everyone Still Here
兄弟们,好久不见|给所有还在坚守的兄弟们的一段心里话 🤟
Brothers, Long Time No See | A Message to Everyone Still Here https://t.co/HL49uwbCTM 来自 @YouTube
#HackingGroup #cybersecurity #whitehat
还在担心🦞的安全风险问题?
基于安全的ApexPanda“功夫熊猫”上线🎉
一人轻松部署,多渠道打通,即使社交平台一键连接,自带 80 + 安全的实用技能。
👉项目地址
主程序:https://t.co/Fz5OaajFwy
节点客户端:https://t.co/k0N5Lu4bEE
感兴趣的小伙伴赶紧去试试~
Still worried about the security risks of 🦞?
Secure-based ApexPanda "Kung Fu Panda" is online 🎉
One-person easy deployment, multi-channel connectivity, even one-click connection to social platforms, with built-in 80+ safe and practical skills.
👉Project Address
Main Program: https://t.co/Fz5OaajFwy
Node Client: https://t.co/k0N5Lu4bEE
Interested friends, go try it out now~
#apexpanda #openclaw #AI
Wish you all a happy new year!
Wish you all a happy new year!
Last Seen Users on Sotwe
Gimp Alexxx
Seen from Germany
mom son incest
Seen from Pakistan
kristian
Seen from Germany
urstepbro
Seen from Malaysia
TopWhiskies
Seen from United States
türbanlı delisi
Seen from Turkey
魅惑英雄
Seen from Malaysia
suka tobrut
Seen from Indonesia
بوت حصريات الخليج
Seen from France
สาว2 กะเทยมี🐍
Seen from Thailand
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.6M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers