Manu's Code & Hacking Port

Boot a Debian VM using KVM on Android

If you’re into Android virtualization, you may have come across pKVM. This special version of the Kernel-based Virtual Machine (KVM), known as *protected KVM* or simply **pKVM**, is designed to enhance security on Android devices while improving OS-level virtualization. pKVM is an extension of KVM that strengthens isolation between virtual machines (VMs), ensuring each VM runs independently without having access to Android’s core system data. It does this by assigning hardware resources more strictly, protecting both the Android host system …

Verifying Bluetooth encryption key size with Raspberry Pi

When you are working on cybersecurity as evaluator (analyst, penetration tester, and so on); sometimes you will be in front of test cases that they have not been performed before. These tests are always challenges for us; and what is more gratifying for a ethical hacker that a hacking challenge.This specific case is relative to a Security Functional Requirement (SFR) of a NIAP protection profile about Bluetooth.* Same tests for LE.In a previous post, additional information and some differences about …

Understanding Bluetooth security I

Recenlty I have been working with the Bluetooth protocol. I had knwoledge about bluetooth for a Master Degree I studied (Master en Telematica y redes de telecomunicaciones of University of Malaga). Obviously, It was a lot of years ago, so to remember this time, I got the Bluetooth Core Specification and; this time it will not be only teorical because I should to perform some tests like this:These kind of tests are very complex since mostly of tools implement correctly …

Añadir reCAPTCHA v2 en Django

Llevaba tiempo que queria poner comentarios en el blog, a pesar de tenerlo implementado desde una de las primeras versiones de la página, nunca lo puse en activo. Sobretodo porque para responder las dudas que pudiesen surgir en alguno de los post, si alguien estuviese realmente interesado siempre podría (y puede) enviar un email a correo que se encuentra en la seccion "Whoami". En este post pretendo explicar como se implementa un captcha para un formulario, reCAPTCHA v2 invisble en …

Certificate revocation lists (CRL) and Android

Doing some tests about how works the CRL in different browsers and devices, it has been observed that some of them that are very used, like Android does not check the CRL, thus, Android (and Chrome/Chromium) does not check the certificate validity through the CRL.A CRL (Certificate Revocation List), as its name implies, it is a list of certificates that they are not valid anymore and any application/device should trust them. It is defined in the RFC 5280 "Internet X.509 …