Manu's Code & Hacking Port

Java deserialization vulnerability with Burp Suite

These days I have been practicing with Burp Suite Academy and I wanted to write a post about some of the vulnerabilities they have to practice. That is a very good platform if you want to learn about web vulnerabilities and exploitation. Moreover, they offer a certification about their software "Burp Suite" which is a very good tool and well know for web hacking in the community.In this post I am going to focus in Java deserialization vulnerability and how …

Personalización de KDE Plasma

Realmente podría haber escrito este post en inglés, pero dado que hay mucha más informacion de cómo realizar esto en inglés, he decidido escribirlo en español, también porque apenas veo ricers en español (aunque muchos seran solo porque no conocen este concepto, pero vaya). Además así me sirve a modo de diario, ya que cada vez que tengo que modificar algo de esto, luego tengo que buscar de nuevo como se hacia... Bueno, al lio. En los escritorios con plasma …

Setup VPN IPSec in Debian

It could be appear the typical post for filling content of a blog... But currently I am working in a project with VPNs and I would like to have a diary about how a VPN IPSec works and how to configure it in Linux (at least one configuration). It is not the first time I am working with a VPN IPSec, and now that I am re-reading all of the RFCs I am getting a better vision about that. TL;DR …

DIY Twitter API: Developing Your Own Using Web Scraping and Python

Nowadays we are looking how the social networks have been turning into toxic environments. One of the problems on my point of view are the fake news. In this context, Twitter is the platform that thanks to the pseudo-anonimity is being the platform with more fake news spreaders (at least in Spain). Obviously Facebook also have the fake news spreaders but it is a different platform and you should  follow/add these spreader to your contacts.One of the faster solution that …

Common AV bypass techniques on Windows systems

These days I have been trying to collect the latest (and older) techniques that are available in the Internet for AV bypass. I will not cover the shellcoding, which in my opinion is the best way to bypass an AV, since meterpreter is detected by almost AV even you have it encrypted or encoded. Obviously these techniques that are using the shellcode "meterpreter" once they are in memory, if the AV is checking the memory in real time, it will …