Change DNS Server (Windows)


A lot of companies have their own DNS Servers which are open to society. So if we have difficulties with the DNS services provided by the ISPs like slow DNS resolving. We can change the DNS server for faster results and security.

  • Go to Control Panel and then select Network and Internet.
  • Click on Network and Sharing Center

  • Click Change adapter settings on the left side.

  • Right-Click on the Adapter, you are using (in our case it's Wi-Fi as shown above) and go to Properties
  • Double-click on Internet Protocol Version 4 (TCP/IPv4).


  • Click on OK and you are done.

To know more about DNS Servers, Click Here

Video Tutorial - Coming Soon...


We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

A lot of companies have their own DNS Servers which are open to society. So if we have difficulties with the DNS services provide...

DNS Servers, Explained!


We all know how the basic functionality of the Internet works! We request a page like www.hackhunt.in and the browser displays the webpage. Well, it's not that simple, there is another entity involved, and understanding this entity can help you protect your privacy and security and even speed up.

DNS, short for Domain Name System which is nothing but an analogy of our phonebook or contacts. Like phonebooks and contacts applications store mobile numbers of different persons with their names. Similarly, IPs are stored with their domain name (or website). This helps in accessing the website as on the internet, websites are accessed using their IPs only. 


Earlier there were fewer websites so it was easy to remember the IPs of those websites. But as the internet grew, the number of websites and IPs corresponding to them increased too. Hence, it was impossible for the human brain to remember all the IPs. Therefore,  DNS was formed, which stores the IPs of websites (domain name) and helps us to access them easily.


What is a DNS Server?

A server is a device or program used to provide services to other programs known as “clients”. Similarly, DNS Server is used to retrieve the IP of the website that was entered in the user's browser (Application Layer Service) which ultimately helps the user to connect to the website.


A lot of companies have their own DNS Servers which are open to society. So if we have difficulties with the DNS services provided by the ISPs like slow DNS resolving. We can change the DNS server for faster results and security. 


Why change DNS Server?

  • Change in DNS server may increase the speed of resolving DNS queries. 
  • The DNS server you are using may not be secure to DNS-related attacks which may cause you to delay in DNS resolving whereas using a secure DNS service like Googles' may result in faster resolving of the DNS query. The resolving speed depends upon the location as Google's DNS server IPs are anycast which means your query will be sent to the nearest server depending on your location. 
  • Sometimes you may face an issue of a particular website not responding only on your internet or in your country whereas it's working for others or in different countries, it might be due to the blocking of the website by your ISP's DNS server or by the Government.
  • If you change your DNS server then you can access those websites. 

List of DNS Servers

Google DNS (good speed and security, but no privacy)
    Primary 8.8.8.8
    Alternate 8.8.4.4

Open DNS (good speed and security, privacy can be a concern)
    Primary 208.67.222.222
    Alternate 208.67.220.220

Comodo DNS (good speed and security, privacy can be a concern)
    Primary 8.26.56.26
    Alternate 8.20.247.20

Cloudflare DNS (good speed and security, privacy can be a concern)
    Primary 1.1.1.1
    Alternate 1.0.0.1

    Primary 172.104.136.243
    Alternate 192.71.245.208


We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

We all know how the basic functionality of the Internet works! We request a page like www.hackhunt.in  and the browser displays t...

HTTP Request Methods

Headers are basically the metadata that is sent by the client and server while communicating with each other. It contains 

  • HTTP Method,
  • Connection type, 
  • User-Agent, 
  • HTTP Version, 
  • Content-Encoding, 
  • Host, and etc.

Request and Response both contain headers that may differ. For example, Content-Length, while requesting it may be less or null (might not be even present) in the request header while in the response header the content length parameter is present.

The first line in the request headers contains the HTTP Method, Host, HTTP Version which is sent to the server for processing, after processing the server responds with the response header and the content.

Types of HTTP Method

There are 8 types of methods GET, POST, HEAD, PUT, DELETE, OPTIONS, CONNECT, and TRACE

  • GET: The GET method is used to retrieve data from a given server using a URI (Uniform Resource Identifier).  Requests using the GET method only retrieves data and have no other effect on the data. A GET request retrieves data by specifying the parameters in the URL portion of the request. The length of the URL remains limited in GET method. It is used when data does not require security as in the GET method the parameters passed are visible in the URL.
Requests Header for URI: www.example.com

  • POST: The POST method is used to send or upload a file to a server. It is also used in HTML form submission. The parameters passed in POST is sent via headers instead of passing it in the URL thus the parameters are not visible in the URL. Furthermore, the method is not efficient because the method is non-idempotent (idempotence is a property that applied multiple times to give the same result). 


Difference between GET and POST methods:

GET POST
Used to receive data or information using URL. Used to send or upload data on the server using URL.
Parameters passed are visible in the URL. Parameters are not visible as they are part of headers.
GET request is often cacheable. POST requests can hardly be cacheable.
More efficient due to idempotence property. Less efficient due to non-idempotence.
Helps to send non-sensitive data. Helps to send sensitive data.

  • HEAD: HEAD is similar to GET but it is used to obtain the information regarding the document, not the document itself i.e. its aim is to get the metadata in response like filetype, the Content-Length, the Content-Encoding, and other header parameters.
Requests Header for URL: www.example.com

Response Header for the Request

  • PUT: Replaces all current representations of the target resource with the uploaded content.
  • DELETE: Removes all current representations of the target resource given by a URI. The Server will DELETE the file that was passed in the request method.
  • CONNECT: Establishes a tunnel to the server identified by the URL passed.
  • OPTIONS: This method helps us to know about all the methods that we can use or have permission to perform on a particular URL.
  • TRACE: This method is used to echo the contents of an HTTP request back to the requester which can be used for debugging purposes at the time of development.

We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

Headers are basically the metadata that is sent by the client and server while communicating with each other. It contains  HT...

Online Antivirus

Online Antivirus can also be used as a Second Opinion Antivirus. Everyone generally misinterprets Online Antivirus. Online Antivirus are of two types, 

FIRST TYPE

There are websites available where you can upload a file and check if the file is a malware or not. These websites do not repair or fix the issue. Websites like this scan the file and then check the signature of the file with their database and some even check the database with over 70 different antivirus company and gives you results according to each company's database. These websites share the results of the file with the community if they detect any virus or malware to update their database and make the world a bit more secure. 
 

SECOND TYPE

These Antivirus or websites are also known as Cloud-Based Antivirus (to know more about cloud antivirus check the link at the bottom of the page called What is Antivirus). For this antivirus to work you need to install a tool that will connect and give access to your system's files. In other words, the tool will scan the system and send the result to the company and they will check the signatures online. So, we do not need to download the whole antivirus and also do not need to update the database. The best part of this kind of antivirus is it can be installed apart from the Antivirus you have.

If you are interested in any topic, CLICK HERE:
  • What is Antivirus 
  • Free Antivirus 
  • Best Antivirus in terms of OS 
  • Next-Generation Antivirus 
  • Why Antivirus is Joke/Dangerous

We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

Online Antivirus can also be used as a Second Opinion Antivirus. Everyone generally misinterprets Online Antivirus. Online Antivir...

Best Antivirus Available [June 2020]

An antivirus is software that protects our system from malware like viruses, trojans, backdoors, etc. To prevent our computers from this malware, antiviruses are installed. This also protects our data from getting leaked, provides email protection, browsing protection, and much more.  
 
We heard one antivirus name and think it is best for every platform. But is it the case? No. Check below which antivirus is best on which platform. (All the listed below are best in terms of protection, there is no order)

Links are provided with the name; you can choose any one of these antiviruses as per your need.
 
If you are interested in any topic, CLICK HERE
  • Free Antivirus
  • What is Antivirus 
  • Next-Generation Antivirus 
  • Online Antivirus 
  • Why Antivirus is Joke/Dangerous 

We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

An antivirus is software that protects our system from malware like viruses, trojans, backdoors, etc. To prevent our computers fro...

Introduction to Google Dorking

Generally, people use Google Search to find images, videos, news, specific information, etc. However, Google has special operators know as Dork that can be used to search specifically. Hackers use this technique to get information for a specific target which can help them to get sensitive information like usernames and passwords.


Google Dorking is a technique that uses Google's search and other applications to find security holes in the configuration and the coding techniques used by the website. Advanced operators can be used inside the search engine to locate specific strings of text within search results.

Google Dork is a search string criterion in which the search engine returns the results according to the requested dork.

This goes without saying that Google knows who you are when you perform activities like this. Only use this information for legal purposes. If the information is available on the Internet does not mean it can be used to harm others. Any illegal activities will result in cybercrime charges.

Operators:

  • site: Search only one website. site operator limits the search, below example will show the results of hacks on website hackhunt.in
hacks site:hackhunt.in 
  • intitle: Searches for the string in the title of the HTML page. The below example will show the results which have python in the page title.
intitle:python
  • inurl: Searches for the string in URL. The below example shows the result of websites that have login.php in the URL.
inurl:login.php
  • intext: Searches for the string in the content of the page. This command is similar to a normal google search. The below example shows the result of the websites which has programming word in it.
intext:programming

Or can be combined with other operators like suppose we need results containing hacks from hackhunt.in website. So,

site:hackhunt.in intext:hacks
  • filetype: Searches for the string as a file type. The below example will show PDFs available on the internet.
filetype:pdf

Or if you want a presentation on the topic Python.

python filetyle:ppt | filetype:pptx

Note: | can be used as a Logical OR.

  • cache: This will show you the cached version of the site. Google always takes a snapshot of the website which later becomes a part of Google's Cache. If the website is down these cached websites are helpful. The below an example will show the cached version of facebook.com.
cache:facebook.com
  • link: Displays all the pages linked to the specified URL. The below example will show the linked pages to hackhunt.in
link:hackhunt.in
  • *: This can be used as anything in that place. The below example will show the results for how to be on/create/post a poll/... Facebook etc. Or you want all the subdomains of  facebook.com.
how to * facebook
site:*.facebook.com

You can get more of this on Google Hacking Database which is also known as GHDB where many dorks are published by Cybersecurity researchers, penetration testers which can be used, and also can be modified to ease our work.  


If you would like to perform basic RECON on a website or know what files are exposed to the Internet. Go to Pentest-Tools, type the name of the website, and click the options mentioned below and check the results.


We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

Generally, people use Google Search to find images, videos, news, specific information, etc. However, Google has special operators...

Nmap - Working and Basic Commands


Nmap is the most used port scanning tool on the Internet and it is reasonable too as it is extremely powerful. With these Nmap basic commands, you can gather information on a target by running port scanning and fingerprinting. 

The basic and default SYN scan will scan 1000 TCP ports on the target specified.

  • Syntax: nmap <IP>
  • Example: nmap 192.168.0.105
If non-root user add sudo, in the beginning, sudo nmap <IP>
 
**NOTE - If you are interested in what these 1000 ports are, check the file nmap-services in the directory /usr/share/nmap/nmap-services. To read the file type in the terminal

nano /usr/share/nmap/nmap-services

If you run the Nmap with root access, Nmap will do a so-called privileged scan which is a RAW SYN Stealth Scan. But if you run Nmap as a non-root access, it will do a so-called unprivileged scan which is TCP Connect Scan which is apparently slower and can be detectable. 

So, with the root privileges, the Nmap is able to send an SYN packet and then SYN-ACK that comes back is enough to know if there is an actual open port.

But, with the non-root privileges, the Nmap cannot send Raw TCP/IP packets. So, it has to call the Operating System to do a full connect which makes it slower and more probable to get recorded in system logs as it does a full TCP Connect to obtain the port information.

Not sure about SYN or SYN-ACK or TCP Connect? 



All in all, with root access it is an SYN Scan, without root it is a full connect scan.

If you want to know what is going on during the scan. Add the -v command, which is for verbosity. It has three levels: -v, -vv, -vvv. More v's means more verbose. If you chose one level of verbose you can press in the middle of the scan to increase the verbosity.

Similarly, -d command, which is for debugging. It has 9 levels and can be defined as -d1 till -d9. That is the highest effective level and will produce thousands of lines unless you run a very simple scan with very few ports and targets.

To know the percentage of completion, you can press any key in the middle of the scan and it will display the percentage.

We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

Nmap is the most used port scanning tool on the Internet and it is reasonable too as it is extremely powerful. With these Nmap basic c...

Nmap - Explained

Nmap, short for Network Mapper is a free and open-source command-line (CLI) tool for network discovery and security assessment. Many systems and network administrators, penetration testers, hackers, and anyone who is interested and wants to understand more about the devices on the given network finds Nmap useful. 

Nmap uses raw IP packet in a unique way to determine:

  • What devices and/or hosts available on the network.
  • What services like application name and version are running on the host. 
  • What operating system and OS version they are running.
  • What type of firewalls are in use.
  • What type of packet filtering are in use.

Basically, Nmap was designed to rapidly scan large networks. but also works fine with a single host. Nmap runs on all major operating systems, and official binary packages are available for Linux, Windows, and Mac OS X to name a few.

In addition to the classic command-line tool, it has an advanced GUI and results viewer named Zenmap

All in all, Nmap is a huge security scanner and from an IP Range, it can discover open ports, running services, OS, connected host to the network, and much more.

Similar Applications

  • For Large IP Ranges: 
    • Nmap
    • Zmap
    • Masscan
  • For Small IP Ranges: 
    • Nmap
    • WhatWeb
    • BlindElephant

We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

Nmap, short for Network Mapper is a free and open-source command-line (CLI) tool for network discovery and security assessment. Many ...

Block Access to Websites for your PC

 
One of the backbones of the Internet is the DNS system that translates easily to remember (and type) names such as www.google.com into equivalent IP addresses (8.8.8.8). While you use DNS servers to get to websites, your computer also has something called a HOSTS file which can have this information stored locally. This can be used to disable access to unwanted websites.
  • Browse C:\WINDOWS\system32\drivers\etc 
  • Find the file named "HOSTS"
  • Right-click and open with notepad
  • Under "127.0.0.1 localhost" Add 127.0.0.2 siteyouwanttoblock.com
  • Now close the hosts file and click Save
  • Reboot your computer for the changes to take effect and you'll find that all those websites are now blocked. 

**NOTE - If you have trouble saving the file, check the video. 

    Video Tutorial



    We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

      One of the backbones of the Internet is the DNS system that translates easily to remember (and ty...

    Antivirus




    An antivirus is software that protects our system from malware like viruses, trojans, backdoors, etc. To prevent our computers from this malware, antiviruses are installed. This also protects our data from getting leaked, provides email protection, browsing protection, and much more.

    There are many Antivirus, but the most powerful Antivirus are:
    • ESET NOD32 Antivirus
    • Norton Antivirus
    • Avast Antivirus
    • Kaspersky Antivirus
    • F-secure Antivirus

    How Antivirus detects Malware?

    Every file has a signature, it tells how the file works and behaves. Antivirus scans that signature and checks in their database which contains a huge database of malware signatures. If the Antivirus has that signature on its database, then it will detect the malware and remove it from the computer.

    But what if this is a new malware and the database does not have a signature? Then Antivirus will send the sample of the file to its lab or run directly in a Virtual Environment to check the behavior of the file and if there is something suspicious or wrong the file’s signature will be added to their database and it will be detected as a virus. That is why it is necessary to update the Antivirus daily.

    If we download a file and scan it with our antivirus and if it is undetected, does that mean it is safe? No, it does not mean that the file is malware-free as it might be the case that signature of the file is not in the antivirus database. Antivirus can be bypassed with many techniques. So, to overcome these issues you can use an online virus scanner that scans the file using more than 70 antivirus’ databases.

    To know more about Online AntivirusClick Here

    Antivirus is based on the following methods:

    • Signature-based Detection: It detects malware based on its signature and if the signature matches with its database then the file is deleted and if it does not finds the file’s signature in its the database then takes the signature of that file and sends it to their labs for testing so that they can identify whether it is a malware or not.
    • Cloud Detection: It is based on a cloud server and it detects malware with the help of the server. You need to install only a small client program that will connect to the security service provider's Web Service. On the bright side, this drastically reduces the processing amount needed to keep a system safe. But on the other hand, there can be connection issues and secondly, there is some concern about uploading user data to the server, which can question your security.
    • Heuristic Detection: Detecting Viruses by examining code for suspicious properties. Antivirus de-compiles and examine the source code of the program. This code is then compared with viruses (already known) and in a heuristic database. If the particular percentage of code matches with the heuristic database, the code is flagged as a possible threat.
    • Sandbox Detection: This type of detection is done via an isolated environment like VMs, and the file is tested in VMs to detect any suspicious behavior. It is a good practice to run files in VMs or inside sandboxing tools before running on your main system. Heuristic Detection can also be based on this method. Sandbox detection can be of two types, Standalone and Integrated.
    • Behavior Detection – It detects malware based on its behavior. Example: If a program is using a larger percentage of memory or if the file tries to make a connection which is also known as a reverse connection to an unknown destination then the antivirus will detect and will delete the file.
    • Reputation Based: Reputation-based security is a security mechanism that classifies a file as safe or unsafe based on its worldwide reputation. It works by collecting and tracking several attributes of a file, such as age, source, signature, and overall usage statistics across thousands of users consuming that file. The data is then analyzed within a reputation engine using algorithms and statistical analysis.

    If interested in any topic, CLICK HERE:
    • Free Antivirus 
    • Best Antivirus in terms of OS
    • Next-Generation Antivirus
    • Online Antivirus
    • Why Antivirus is Joke/Dangerous
    We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

    An antivirus is software that protects our system from malware like viruses, trojans, backdoors, etc. To prevent our computers f...

    Default Credential for Routers

    Generally, a network/security administrator makes the mistake of leaving the default credentials of the router. While performing VAPT, trying to login with the default username and password for the router can help you get access to the router and the internal network. Default credentials can be found in multiple ways. 

    The credentials can be obtained from the router hardware itself as they are written on the backside of the router provided you have physical access.
    Secondly, you can use the Router Passwords website to find the default password. Passwords can vary with the model number of the router with respect to the company. But some common ones are mentioned below.

     
    Router Brand Username Password IP Address
    BenQ admin admin 192.168.1.1
    D-Link admin admin 192.168.0.1
    Digicom admin michelangelo 192.168.1.254
    Netgear admin password 192.168.0.1
    Asus admin admin 192.168.1.1
    Dell admin password 192.168.1.1
    Netcomm admin password 192.168.0.1
    Netstar admin admin 192.168.0.1
    Samsung admin password 192.168.0.1
    Sigma admin admin 192.168.0.1
    SUN admin admin 192.168.0.1
    Telco Systems telco telco 192.168.0.1
    Tenda admin admin 192.168.0.1
    ZTE admin admin 192.168.0.1
    3Com admin admin 192.168.1.1

    We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

    Generally, a network/security administrator makes the mistake of leaving the default credentials of the router. While performing V...

    De-Authentication Attack




    Disconnects any client from any network.
    • Works on encrypted networks (WEP, WPA, WPA2)
    • No need to know the network key/password/passphrase.
    • No need to connect to the network.
    You can find a detailed explanation for Deauth Attacks form here Concept of De-authentication Attack.

      Requirements:

      • Need Kali Linux installed as a host or as a virtual machine. We generally use Kali Linux as a Virtual Machine. Check this link for how to Install Kali Linux in Virtual Machine.
      • Get the MAC Address/BSSID for the router/access point. Check the section How to scan nearby wireless networks of the post Wireless Network Sniffing.
      • If want to attack a person get the MAC Address/BSSID of the target. Check the section How to scan a specific network of the post Wireless Network Sniffing to get the MAC of a particular person.
      • Wireless Adapter which supports Monitor Mode. We are using ALPHA AWUS036NHA which has an Atheros AR9271 chipset.
      • Your wireless adapter should be in Monitor Mode. Check this link for how to Enable Monitor Mode for Wireless Adapter.
      • It's good practice to change your MAC Address before scanning. Check this link for how to Change MAC Address in Kali Linux.

      Deauth Attacks

      How to deauth everyone from a network

      In terminal, type:
      • Syntax
      aireplay --deauth <no._of_packets> -a <AP_MAC> <adapter_name> 
        • --deauth: to tell it's a de-authentication attack. Instead of --deauth you can type -0.
        • <no._of_packets>: specifies how many numbers of packets you want to send for deauth. 0 (Zero) means infinite or send packet continuously.
        • -a: is an option where you need to specify Target's router MAC Address.
        • <adpater_name>: type the adapter which is in monitor mode.
        • Example: 
                aireplay --deauth 0 -a e2:33:44:55:66:77 wlan0
          • Sending infinite packets to the router's mac address (e2:33:44:55:66:77) using the wireless adapter (wlan0) which is in monitor mode.

          How to deauth specific device from a network

          In terminal, type:
          • Syntax: 
          aireplay -0 <no._of_packets> -a <AP_MAC> -c <target's_mac> <adapter_name>
            • -0: is the short version of writing --deauth.
            • -c: is option where you need to specify Target's Device's MAC Address.
            • Example: 
            aireplay -0 0 -a e2:33:44:55:66:77 -c e2:22:33:44:55:66 wlan0  
              • Sending infinite packets to Target's Device (e2:22:33:44:55:66) which is connected to the router (e2:33:44:55:66:77) using the wireless adapter (wlan0) which is in monitor mode.

              Video Tutorial 


              We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

              Disconnects any client from any network. Works on encrypted networks (WEP, WPA, WPA2) No need to know the network ke...

              TCP/IP 3-WAY Handshake


              When we meet someone the first thing we do is a Handshake to connect with the person (which also tells how strong the bond is or is the person interested in talking). In the same way, the client and the server also need to establish a connection between them before sending/receiving data. Thus a handshake takes place called TCP/IP 3-WAY Handshake.

              TCP/IP handshake is designed in such a way that it helps both the client and the server to initiate, negotiate, and confirms the transmission of packets.
              It is also referred to as SYN, SYN-ACK, ACK. As the above picture states, The client first SYNchronizes its sequence number with the server. The server then ACKnowledges the client's sequence number and SYNchronizes with its sequence number. The client then ACKnowledges the server's sequence number. Three message takes place to complete a handshake using TCP/IP protocol. Thus, TCP/IP Three-way Handshake. (After everything is done there is FIN message to terminate the connection)

              TCP Three-way Handshake Process


              Step 1: The client establishes a connection with the server by sending a segment number with SYN and informs the server. Basically, the client says, "Hi, let's connect. I will number my messages starting from 420."

              Step 2: The server responds to the client's request with an SYN-ACK packet. Well, it should be ACK-SYN as server ACKnowledges the number, and then SYNchronizes its number with the client. Basically, the server replies, "All right, I am ready for message 421 and I will number my messages starting from 786."

              Step 3: The client ACKnowledges the response and establishes a stable connection. Basically, the client replies, "Noted, I am ready for message 787."

              Why is this sequence number important?

              If a message did not receive by the other end because of network traffic the packet got dropped or one message was sent multiple times this would help to rectify this mistake.
              • Detects when messages are duplicate. (Hey, I got multiple copies of message 787. Well I will ignore the others since I already have one.)
              • Detects if the packets are missing. (Hey, I got 787, 788, 790. I did not receive 789.)


              Recap

              Type of Message Description
              SYN Used to initiate, establish the connection, and to synchronize the number. 
              SYN-ACK SYN message is from the local device and ACK is replying to the previous message.
              ACK Confirms to the sending entity that is has received SYN.
              FIN Use to terminate the message.

              We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

              When we meet someone the first thing we do is a Handshake to connect with the person (which also tells how strong the bond is or ...

              Intel Processor: Letters and Numbers Explained

               
              Did you ever think about the Chip-set's name? You might think that these letters and numbers are given to the product just to make them appealing. No, this is not the case. Every letter and number of the processor make sense and have some meaning. 

              These numbers are important to understand while choosing Desktop or Laptop. Generally, we care about the memory, type of hard disk, storage, or the version of the processor but we always miss the letters and numbers which come along the version of the processor. 

              They are some laptops that are considered as gaming laptops, but the processor used in those laptops is for Ultra-Low Power use. One of the examples is HP Pavilion 16-AU627TX. It has,
              • Intel Core i7 (7th Generation)
              • 16 GB DDR4 RAM
              • 2 TB HDD
              • NVIDIA GeForce 940MX with 4GB memory

              With all these specs this laptop costs around approx. $1200 (90k INR), but still does not have good performance. Because of the processor. Let us explain to you in detail.

              Processor of above-mentioned Laptop

              Intel® Core™ Processor Suffixes

              Suffix

              Meaning

              G1 – G7

              Graphics level (processors with new integrated graphics technology only)

              E

              Embedded

              F

              Requires discrete graphics (needs to add a graphic card)

              G

              Includes discrete graphics on package

              H

              High performance optimized for laptops (Recommended for Gaming)

              HK

              High performance optimized for laptops, unlocked

              HQ

              High performance optimized for mobile, Quad-core

              K

              Unlocked

              S

              Special edition

              T

              Power-optimized lifestyle (Consumes low power)

              U

              Power-efficient or Ultra-Low Power

              Y

              Extremely low power 

              The above-mentioned version has U which means ultra-low performance, which is not good for gaming and/or high-performance work but still because of other specifications this laptop seems appealing.

              Next time when you buy a Desktop/Laptop, do not forget to check these numbers as well and buy according to your need. 

              DO NOT LET OTHER FOOL YOU!!

              We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

                Did you ever think about the Chip-set's name? You might think that these letters and numbers are given to the product just...

              Hack Sleep: Sleepwell or Sleepless

               
              You might be thinking about there cannot be a thing like Sleep Hack, right? But wouldn't be great if we can control or 'hack' our sleep.
               
              According to the scientist, eight hours of sleep is considered as healthy sleep and a human being need at least six hours of sleep. 

              Sleep is a naturally recurring state of mind and body, characterized by altered consciousness, relatively inhibited sensory activity, reduced muscle activity and inhibition of nearly all voluntary muscles during rapid eye movement sleep, and reduced interactions with surroundings according to Wikipedia. In short, sleep gives you relaxation. 

              But at some point, we had trouble sleeping or we do not want to sleep but our the body gives upon us. 

              SLEEPWELL LIKE KOALA

              • Power down before going to bed: Dim the light like an hour before your sleep time. Reduce the use of smartphones, television, and keep your room dark. If you are using smartphones, laptops try to use Blue Light Filter or Night Light Mode ON. 
              • Exercise Regularly: The National Sleep Foundation of America did a survey in 2013. It says, adding a bit of physical exercise in your daily schedule will help you in your rest. Just try not to do exercise close to your bedtime.
              • Avoid heavy meals: Avoid heavy meals when it's late. Our body isn't meant to digest during our sleep. 
              • Make sure your mattress is comfortable.
              • Avoid drinking too many fluids: Drinking less before sleep will save you from midnight trips to pee. But do not dehydrate yourself before sleep.  
              • Less Caffeine: Quit Smoking and/or consumption of coffee/tea at night.

              SLEEPLESS LIKE ELEPHANT

              • Coffee: Caffeine can help you awake but do not drink if you are feeling sleepy, in that condition, you will sleep faster.
              • Light: Let the light shine on you. Do not have dim lights. 
              • Eat a good breakfast
              • Take a nap during the day.
              • Get some exercise at night, something like walking for 10-15 minutes.

              This method might help you or might not. This all is based on surveys and reports. This can vary from person to person.

              We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

                You might be thinking about there cannot be a thing like Sleep Hack , right? But wouldn't be great if we can control or ...

              OWASP Top 10 - 2017

              The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop and maintain applications and APIs that can be trusted. All OWASP tools, documents, videos, presentations, and chapters are free and open-source to anyone interested in improving application security.  

              OWASP is a new kind of organization. Their freedom from commercial pressures allows them to provide unbiased, practical, and cost-effective information about application security. 

              The OWASP Top 10 focuses on identifying the most serious web application security risks for a broad array of organizations. 

              A1:2017 - Injection

              Injection flaws, such as SQL, NoSQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker's hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.

              A2:2017 - Broken Authentication

              Application functions related to authentication and session management are often implemented incorrectly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users' identities temporarily or permanently.

              A3:2017 - Sensitive Data Exposure

              Many web applications and APIs do not properly protect sensitive data, such as financial, healthcare, and PII. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data may be compromised without extra protection, such as encryption at rest or in transit, and requires special precautions when exchanged with the browser.

              A4:2017 - XML External Entities (XXE)

              Many older or poorly configured XM processors evaluate external entity references with XML documents. External entities can be used to disclose internal files using the file URI handler, internal file shares, internal port scanning, remote code execution, and denial of service attacks.

              A5:2017 - Broken Access Control 

              Restrictions on what authenticated users are allowed to do are often not properly enforced. Attackers can exploit these flaws to access unauthorized functionality and/or data, such as access to other users' accounts, view sensitive files, modify other users' data, change access rights, etc.

              A6:2017 - Security Misconfiguration

              Security Misconfiguration is the most commonly seen issue. This is commonly a result of insecure default configurations, incomplete or ad hoc configurations, open cloud storage, misconfigured HTTP headers, and verbose error messages containing sensitive information. Not only must all operating systems, frameworks, libraries, and applications be securely configured, but they must be patched and upgraded in a timely fashion.

              A7:2017 - Cross-Site Scripting (XSS)

              XSS flaws occur whenever an application includes untrusted data in a new web page without proper validation or escaping, or updates an existing web page with user-supplied data using a browser API that can create HTML or JavaScript. XSS allows attackers to execute scripts in the victim's browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.

              A8:2017 - Insecure Deserialization

              Insecure deserialization often leads to remote code execution. Even if deserialization flaws do not result in remote code execution, they can be used to perform attacks, including replay attacks, injection attacks, and privilege escalation attacks.

              A9:2017 - Using Components with known Vulnerabilities

              Components, such as libraries, frameworks, and other software modules, run with the same privileges as the application. If a vulnerable component is exploited, such an attack can facilitate serious data loss or server takeover. Applications and APIs using components with known vulnerabilities may undermine application defenses and enable various attacks and impacts.

              A10:2017 - Insufficient Logging and Monitoring

              Insufficient logging and monitoring, coupled with missing or ineffective integration with incident response, allows attackers to further attack systems, maintain persistence, pivot to more systems, and tamper, extract, or destroy data. Most breach studies show time to detect a breach is over 200 days, typically detected by external parties rather than internal processes or monitoring. 
                
              If you want to read more Download the official OWASP Report.
               The information mentioned is being taken from the 6th page of the above-mentioned PDF.
              We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

              The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop and maintai...