Google Chrome Tips & Trick

How to send a URL with a part of text highlighted in Chrome?

• Select the text that you want to link to.

• Right-click and choose “Copy Link to Selected Text” from the context menu.
• If the link creation succeeded, the selected text will be briefly highlighted.
• Paste your link wherever you want to share it.

Search your open tabs in Chrome

1. Open Chrome . 
2. Next to the address bar, select Tab search . 
3. Enter the name of a site or a related word. 
4. To go to the open tab or close the tab, select the name of the site.

Pin a tab on Google Chrome?

Arrange tabs

To pin a tab to the left, right-click the tab and select Pin. ...

To unpin a tab, right-click the tab and select Unpin.

To move a tab to a different window, right click on the tab and point to Move tab to another window, then select the window you want to move it to.

Group your tabs

1. Open Chrome browser.
2. Click New tab .
3. Choose an option:
• To add a tab to an existing group, drag the tab into the group.
• To add a tab to a new group:
1. Click New Tab right-click a tabselect Add Tab to New Group.
2. Enter a name for your group.
3. (Optional) You can also:
• Select a color for the tab.
• Add additional tabs to the group.
• Remove the group.

Top signs that someone is stealing data from your computer as well as some tips for how to avoid viruses.

 

Battery Drain

If your device is unknowingly running malicious software in the background, this will use your central processing power. This software may be spyware or viruses. If your battery life seems to be much shorter, it often is a sign that your device is infected with malware or that someone is crypto mining with your processor. In addition to your laptop discharging much faster than normal, it may also feel hot to touch.

Program Crashes

Hackers sometimes try to collect data by placing code into your apps so that it can steal your personal information. This malicious code can cause your apps to act up, run slower, and frequently crash. The best way to protect yourself is to try not to put your financial data, like credit cards, into apps and if you do have to, be sure to use a strong password and two-factor authentication.

Hackers are always looking for new ways to collect your data. They can put code into your apps to make them collect all the needed information. This can make an app run slower, act up, and crash a lot. To protect yourself, try not to put your financial data like your credit card numbers or codes into apps, and always create a complicated password.

If you have a new computer and it is suddenly running very slow, it may be infected with malware software like a worm or Trojan horse. Often this software is disguised as a legitimate download but once installed will consume a lot of your processor’s resources, causing your device to run much slower.

WebCam Recording

If your webcam suddenly starts recording, or the microphone turns on by itself, someone could be spying on you. In addition to stealing your data, they could be recording your voice and taking photos. It is recommended to frequently change passwords, cover your camera with tape and turn off your microphone when not in use.

Blinking Lights

If someone has taken control of your computer, the send and receive lights may be blinking when you are not using it. Spy malware and other viruses can cause data to be uploaded and downloaded in the background, without you even realizing it.

Frequent Pop-Ups

When surfing online, you may have accidentally clicked on a suspicious banner ad. These can inject your laptop with an advertising virus that sends constant pop up ads to your screen. While it is annoying, more concerning is that the virus can allow hackers to access your data.

Browser Redirect

When searching on Yahoo or Google, if you are being redirected to a suspicious website instead of being served search results, this is a sign of being hacked. A Trojan virus may be installed on your device. To verify, you can check the extensions of your browser to search for anything suspicious.

Restrict access to hard disk on Window

 

1. Log on to the computer with an Administrator account.
2. Click "Start," type "Control Panel" (without quotes) and then navigate to "Control Panel > User Accounts" (Control Panel\All Control Panel Items\User Accounts).
3. Click "Manage another account."
4. Click "Create a new account" or " Add a new user in PC settings" (in case of Windows 8/10) and fill in the required username, password etc.
   
   On Windows 8/10, the process to add a new user to PC is slightly different. Add a new user following the steps below: 
•  Navigate to Control Panel\All Control Panel Items\User Accounts
• Click on Manage Another Account
• Click on "Add a new user in PC settings"
• In the PC Settings > Family & Other People > Click "Add someone else to this PC"
• Windows will attempt to let you enter Windows / Outlook account details of the person you want to add. If you have, well and good. Otherwise, click on " I don't have this person's sign-in information".
• Windows will then tell you to create an account for the user. If you want Windows / Microsoft account, go ahead. Otherwise, click on "Add a user without Microsoft Account"
• Fill in Username, Password and Password Hint if required.
• Then click on next and proceed as per the instructions.
5. If the user account already exists or you have created a new user account, then open Windows Explorer. 
6. Right-click the name of the hard drive or hard drive partition you want to restrict access to and then click "Properties."
7. Click the "Security tab" in the "Properties" window that opened. Click "Edit..." and "Add..." in the "Select Users or Groups" window that opened.
8. Type the name of the user account on your computer with which other users will login with (existing account or the one newly created). 
9. Click "OK." Uncheck the boxes against ALLOW of any options that you DO NOT want available to the user. Also check the "DENY" boxes for "Full control". It should be disabled or unchecked.
10. Click "OK," "Yes" and "OK." Close any open windows. 
11. Log off the administrator account that is signed in currently and then log on as the other user to test the settings applied.
12. After you are logged in as the other user account, open Windows Explorer.
13. Double-click the name of the hard drive or hard drive partition you restricted access to. A window indicating that "Access is denied" is shown. The user is denied access to the hard drive or hard drive partition henceforth.

The steps above will successfully restrict or deny access to a hard drive or hard drive partition from other users.

Excel - Getting List from Other Spreadsheet for Display with Data Validation List

You can create your own pull-down list or combo box by using the data validation feature in Excel but the main problem is the list has to be in the same spreadsheet as the combo box that you want to use. What most of us will do is just create a list somewhere else in the same spreadsheet and then hide it either by hiding the columns or rows of the list or change the font colour to white so it is invisible.

You can actually make use of the range name for the list that is in other sheet tabs and there is no need to copy it to the spreadsheet that you want to put the combo box.

Here's how...

1. Select the list that you want to use (it could also be from the table array you use for VLookup or HLookup. If it is, just select the list excluding the header which is the column one for VLookup table array or row one for HLookup table array). It is best if you can first sort your list in ascending order because the list taken in data validation will follow your actual list without sorting them for you.
   
2. With the list selected, click in the name box located to the left of the formula bar and type a name (the name has to be unique and shouldn't be separated if it consists of more than one word) and then press Enter.

1. Return to the other spreadsheet and select the cell(s) you want to create combo box.
2. With the cell(s) selected, go to Data tab and select Data Validation from Data Tools group (for Excel 2003 or earlier, go to Data menu and select Validation...).

1. On the Data Validation dialog box, go to Settings tab.
2. Select List from Allow combo box.

1. Type the name you have given for the list in step 2, starting with the equal sign (=) in the Source field (I used FruitList for my example).

Click OK or you can continue setting the Input Message and/or Error Alert tab if you want to.

You can combine the usage of this combo box with any lookup function or use it alone.

Create Email Template-Outlook

Sometimes, you may find that you will be sending emails of the same content again and again (maybe to send monthly report, etc...) and you'll find that you have to type same sentences for these emails again and again.

Try saving the email message as a template and later you can reuse it.

1. Compose new email as you usually do with normal emails. Put in the subject and if you are going to always send to the same recipient, you can put the recipient email addresses in the To, CC or BCC field.
2. Once complete, click the Office Button and select Save As

1. In the Save As dialog box, change the Save as type: to Outlook Template.
2. Name the file and select your file location if you want to save it in different location or just leave it in the default template location as it is.

For earlier version users, you must first disable the Use Microsoft Office Word 2003 to edit e-mail messages feature found in Tools > Options menu under the Mail Format tab of the Options dialog box.

Follow the steps 2 to 4 as stated above (slight difference in step 2 where you should click File menu instead of Office Button).

To use the template (same process for Outlook 2007 or earlier):

1. From Tools menu, go to Forms and select Choose Form... .

In the Choose Form dialog box, select User Templates in File System from Look In: combo box.

1. Select the template listed or click the Browse button if the template is in other location.
2. Click Open.

Now you can continue to add attachment(s) or amend the template as required.

Build your own Artificial Assistant

Virtual assistants are Artificial Intelligent based programs. They are a smart computer program that understands human natural languages through voice commands or text and performs tasks for the user.

Visual Studio Code is an integrated development platform for computer programming, with an emphasis on the Python programming language.

Step-1
Launch the application (VsCode) and click on the file menu, then select new project.
For this little script we are using python libraries:
SpeechRecognition is a library for performing speech recognition, with support for several engines and APIs, online and offline.
PyAudio provides Python bindings for PortAudio, the cross-platform audio I/O library. With PyAudio, you can easily use Python to play and record audio on a variety of platforms.
Pyttsx3 is a text-to-speech conversion library in Python. 
For the robot to listen to our voice/speech
`pip install speechRecognition`

For Python bindings for PortAudio

'pip install pyaudio'
To speak out, or text to speech
`pip install pyttsx3`
For advance control on browser
`pip install pywhatkit`
To get wikipedia data
`pip install wikipedia`
To get funny jokes
`pip install pyjokes`

Step-2

Paste the below Code:

--------------------------------

import speech_recognition as sr

import pyttsx3

import pywhatkit

import datetime

import wikipedia

import pyjokes

listener = sr.Recognizer()

engine = pyttsx3.init()

voices = engine.getProperty('voices')

engine.setProperty('voice', voices[1].id)

def talk(text):

    engine.say(text)

    engine.runAndWait()

def take_command():

    try:

        with sr.Microphone() as source:

            print('listening...')

            voice = listener.listen(source)

            command = listener.recognize_google(voice)

            command = command.lower()

            if 'Shainee' in command:

                command = command.replace('Shainee', '')

                print(command)

    except:

        pass

    return command

def run_Alexa():

    command = take_command()

    print(command)

    if 'play' in command:

        song = command.replace('play', '')

        talk('playing ' + song)

        pywhatkit.playonyt(song)

    elif 'time' in command:

        time = datetime.datetime.now().strftime('%I:%M %p')

        talk('Current time is ' + time)

    elif 'tell me about' in command:

        person = command.replace('tell me about', '')

        info = wikipedia.summary(person, 1)

        print(info)

        talk(info)

    elif 'date' in command:

        talk('sorry, I have a headache')

    elif 'are you single' in command:

        talk('I am in a relationship with wifi')

    elif 'joke' in command:

        talk(pyjokes.get_joke())

    else:

        talk('Please say the command again.')

while True:

    run_Alexa()

Step-3

Click Play Button

How to set up confidential mode and schedule emails in Gmail?

How to set up confidential mode and schedule emails in Gmail?

Gmail has introduced schedule  & Enable Confidential mode an email. This feature was very much needed. Email scheduling feature allows us to send emails later such as if you are composing an email on a Saturday evening because you would forget but want to send only during business hours on Sunday.

Steps:-

* Click on  Schedule Send

* Schedule Date & Time

Turn Confidential Mode On

* Click on Turn confidential mode on / off

* SET EXPIRATION (You can also send Google-generated passcodes via SMS for certain countries)

Secure Your Smartphone

 

Secure Your Smartphone

1)Lock your phone

Sure, it's a lot easier to keep your phone unlocked all the time because you can get to your email, camera, texts and other features more quickly.

But simply assume however you'd feel if a interloper or stranger found your phone tap on your email or contacts or banking app or photos.

To prevent that from happening, always engage the four- or six-digit passcode – or set up a longer alphanumeric code – so that if you ever lose track of your phone, it won't open your entire business to a stranger.

Touch ID or Face ID (depending on your handset) can get you into your Phone without entering the password. Android users have a choice of setting up a PIN or a pattern screen lock.

Also, make sure to watchword defend all mobile apps that contain personal knowledge, like banking, email and your Amazon account.

2)Lock your apps

A few smartphone brands now offer this feature. You can individually lock installed apps with a passcode or with fingerprint scan.

This adds an additional layer of security for your knowledge and content, particularly if you've got bimanual over your phone to somebody to point out one thing.

In case your phone doesn't have it, you'll be able to get this feature by putting in third party apps like AppLock or Norton AppLock.

3)Only use trusted apps

Google includes a department dedicated to review of apps being supplementary to the play store for users.

This removes majority of harmful apps before they reach the users.

However, there are various other sources from where you can download apps for Android and there are no checks if the apps are safe or malicious.

So, to air the safer facet, it's suggested to disable installation of apps from unknown sources.

Go to settings > security on your android smartphone and you'll see an choice of ‘Install apps from Unknown Sources’, make sure that is switched off.

4)Update your OS and apps promptly

Did your phone provide you with a warning that there's an OS or app update – and you unnoticed that notification?

Software updates will typically appear troubled, but they are critical in protecting your phone's security.

Many hackers exploit vulnerabilities that companies strive to fix before the disaster of stolen information or fraud takes place. The longer you wait to update, the more vulnerable your system becomes.

5)Plan ahead for emergencies

Even if your phone gets lost or taken, you can contain the damage by making sure none of your precious secrets can be accessed by thieves or strangers.

Both Apple and Google provide notice Device services like notice My iPhone and android Device Manager that may find your phone on a map and mechanically disable it.

These services may also create your phone ring, either alarming the thief or just locating a phone you have temporarily lost track of.

You can even arrange for the phone to delete all information after five to 10 false passcode tries.

6)Strengthen permissions

Check the apps on your phone to determine whether they have more privileges than they need to get the job done.

You can grant permissions to applications like access to the camera, the microphone, your contacts and your location.

Keep track of which permissions you've given to which apps, and revoke permissions that are not needed.

For iPhones, go to Settings and tap on Privacy, where you'll see a list of all permissions and the apps you've granted them to.

Android users will notice app permissions within the Application Manager underneath Device > Application in some android versions.

7)Use two-factor authentication wherever possible

Two-factor authentication (2FA) is one of the least favorite security options around because you need to receive and type in an additional code beyond your password to get into your apps.

However, it offers another solid barrier to access your personal info.

If you use an iPhone, be sure to also enable 2FA on your Apple ID because your Apple ID hooks into all your devices and can access your iCloud account. That means entering a password plus a six-digit authorization code when logging in to a device from a new machine.

8)Back up your data

Bad stuff happens, but don't compound the problem by not being prepared. Always back up your data.

This is general sensible apply and protects your necessary documents and pictures just in case of any smartphone loss.

For an Android phone,, make sure "Back up my data" and "Automatic restore" are enabled in the settings and then sync your data with Google.

Network Security VAPT Checklist

 

Network Security VAPT Checklist

Single machine can have 65535 ports open. Any single port can deploy any service software from the world.

·         Identify live hosts

o   Ping

o   Hping

o   Nmap

·         Identify OS type

o   Nmap

o   Xprobe2

o   Banner grabbing using telnet, nc (netcat)

·         Port scan

o   Nmap full SYN scan with verbose mode and service detection and disabling ping scan. Export normal and greppable output for future use.

§  nmap -Pn -p- -sV X.X.X.X -v -sS -oG nmap_grepable_SYN -oN nmap_normal_SYN

o   Nmap top 1000 UDP scan with verbose mode and service detection and disabling ping scan. Export normal and greppable output for future use.

§  nmap -Pn -top-ports=1000 -sV X.X.X.X -v -sS -oG nmap_grepable_UDP -oN nmap_normal_UDP

·         VA (Vulnerability Assessment)

o   Use nessus with below profile

§  DoS disabled

§  Web scan enabled

§  SSL scan on every ports instead of known ports

§  Enable TCP and UDP scan

§  Only give open ports’ list in the configuration that were found by nmap including TCP and UDP rather than full ports in order to save time particularly number of IPs are more and less time for audit and report.

o   Use Nexpose

o   Use OpenVAS

o   Use nmap scanner on specific open ports using below command.

§  For example port 22 (SSH) is open and you want to run all scripts pertaining to SSH then use below command:

Nmap -Pn -sS -p22 --script ssh* -v

In case if you are not sure about exact script name you can use * in order to run all scripts that starts with the ‘ssh’ keyword.

·         Audit SSL

o   Use openssl, sslyze tools to find below issues within SSL.

§  Self-signed certificate

§  SSL version 2 and 3 detection

§  Weak hashing algorithm

§  Use of RC4 and CBC ciphers

§  Logjam issue

§  Sweet32 issue

§  Certificate expiry

§  Openssl ChangeCipherSec issue

§  POODLE vulnerability

§  Openssl heartbleed issue

·         Check for default passwords in server/device/service documentation

o   Lets say during your port scan or VA you found some services running on the server for example: cisco, brocad fabric OS, sonicwall firewall, apache tomcat manager. Then for these services Google what are the default configuration administrative username and password. Try those in your login and check your luck.

·         Hunting some common ports

o   DNS (53) UDP

§  Examine domain name system (DNS) using dnsenum, nslookup, dig and fierce tool

§  Check for zone transfer

§  Bruteforce subdomain using fierce tool

§  Run all nmap scripts using following command: nmap -Pn -sU -p53 --script dns* -v

§  Banner grabbing and finding publicly known exploits

§  Check for DNS amplification attack

o   SMTP (25) TCP

§  Check for SMTP open relay

§  Check for email spoofing

§  Check for username enumeration using VRFY command

§  Banner grabbing and finding publicly known exploits

§  Send modified cryptors and check if SMTP gateway is enable to detect and block it?

§  Run all nmap script using following command: nmap -Pn -sS -p25 --script smtp* -v

o   SNMP (161) UDP

§  Check for default community strings ‘public’ & ‘private’ using snmpwalk and snmpenum.pl script.

§  Banner grabbing and finding publicly known exploits

§  Perform MIG enumeration.

·         .1.3.6.1.2.1.1.5 Hostnames

·         .1.3.6.1.4.1.77.1.4.2 Domain Name

·         .1.3.6.1.4.1.77.1.2.25 Usernames

·         .1.3.6.1.4.1.77.1.2.3.1.1 Running Services

·         .1.3.6.1.4.1.77.1.2.27 Share Information

o   SSH (22) TCP

§  Banner grabbing and finding publicly known exploits

§  Check if that supports sshv1 or not.

§  Bruteforce password using hydra and medusa

§  Check if it supports weak CBC ciphers and hmac algorithms using ssh2-enum-algos.nse nmap script.

§  Run all nmap scripts using following command: nmap -Pn -sS -p22 --script ssh* -v

o   Cisco VPN (500) UDP

§  Check for aggressive and main mode enable using ikescan tool.

§  Enumeration using ikeprobe tool

§  Check for VPN group and try to crack PSK in order to get credentials to login into the VPN service through web panel.

o   SMB (445,137,139) TCP

§  Check SAMBA service using metasploit use auxiliary/scanner/smb/smb_version

§  Get reverse shell using meterpreter reverse tcp module.

§  Check for SMB related vulnerability using ‘smb-check-vulns’ nmap script.

§  Reference: https://myexploit.wordpress.com/control-smb-445-137-139/

o   FTP (21) TCP

§  Run all nmap script using following command: nmap -Pn -sS -p21 --script ftp* -v

§  Check for cleartext password submission for ftp login

§  Check for anonymous access using username and password as anonymous:anonymous

§  Banner grabbing and finding publicly known exploits

§  Bruteforce FTP password using hydra and medusa

o   Telnet (23) TCP

§  Banner grabbing and finding publicly known exploits

§  Bruteforce telnet password

§  Run following nmap scripts

·         telnet-brute.nse

·         telnet-encryption.nse

·         telnet-ntlm-info.nse

o   TFTP (69) UDP

§  TFTP Enumeration

·         tftp ip_address PUT local_file

·         tftp ip_address GET conf.txt (or other files)

·         tftp – i GET /etc/passwd (old Solaris)

§  Bruteforce TFTP using TFTP bruteforcer tool

§  Run tftp-enum.nse nmap script

§  Banner grabbing and finding publicly known exploits

o   RPC (111) TCP/UDP

§  Banner grabbing and finding publicly known exploits

§  Run following nmap scripts

·         bitcoinrpc-info.nse

·         metasploit-msgrpc-brute.nse

·         metasploit-xmlrpc-brute.nse

·         msrpc-enum.nse

·         nessus-xmlrpc-brute.nse

·         rpcap-brute.nse

·         rpcap-info.nse

·         rpc-grind.nse

·         rpcinfo.nse

·         xmlrpc-methods.nse

§  Perform RPC enumeration using rcpinfo tool

§  Check for the NFS folders so that data could be exported using showmount -e command.

o   NTP (123) UDP

§  Perform NTP enumeration using below commands:

·         ntpdc -c monlist IP_ADDRESS

·         ntpdc -c sysinfo IP_ADDRESS

§  Run all nmap scripts using nmap -Pn -sS -p21 --script ntp* -v

o   HTTP/HTTPs (443,80,8080,8443) TCP

§  Banner grabbing using burp response

§  Run Nikto and dirb

§  Run all nmap scripts using following command nmap -Pn -sS -p21 --script http* -v

§  Banner grabbing and finding publicly known exploits

o   SQL Server (1433,1434, 3306) TCP

§  Banner grabbing and finding publicly known exploits

§  Bruteforce and perform other operation using following tools:

·         Piggy

·         SQLping

·         SQLpoke

·         SQLrecon

·         SQLver

§  Run following nmap scripts:

·         ms-sql-brute.nse

·         ms-sql-config.nse

·         ms-sql-dac.nse

·         ms-sql-dump-hashes.nse

·         ms-sql-empty-password.nse

·         ms-sql-hasdbaccess.nse

·         ms-sql-info.nse

·         ms-sql-ntlm-info.nse

·         ms-sql-query.nse

·         ms-sql-tables.nse

·         ms-sql-xp-cmdshell.nse

·         pgsql-brute.nse

§  For MYSQL default username is root and password is

o   Oracle (1521) TCP

§  Enumeration using following tools

·         Tnsver [host] [port]

·         Tnscmd

o   perl tnscmd.pl -h ip_address

o   perl tnscmd.pl version -h ip_address

o   perl tnscmd.pl status -h ip_address

§  Enumeration & Bruteforce using below nmap scripts:

·         oracle-brute.nse

·         oracle-brute-stealth.nse

·         oracle-enum-users.nse

·         oracle-sid-brute.nse

·         oracle-tns-version.nse

o   RDP (3389) TCP

§  Perform enumeration via connecting and checking login screen. Gather all active user’s name and domain/group name.

§  Perform RDP cryptography check using RDP-sec-check.pl script.

§  Run following nmap script:

·         rdp-enum-encryption.nse

·         rdp-vuln-ms12-020.nse

o   SIP (5060)

§  Enumeration through following commands:

·         Sipflanker - python sipflanker.py 192.168.1-254

·         Sipscan - Smap - smap -l IP_Address