Monday, 17 September 2018

Chrome vs Chromium . || techtalksgroup ||

theprogrammer.harshit  September 17, 2018    No comments

Chrome is a massively popular web browser that is developed and released by Google, and Chromium is a niche open-source browser that has far fewer users. However, Chrome and Chromium have a lot more similarities than differences. In fact, Chrome uses the same source code as Chromium, just with extra features that Google adds on top.

What is Chromium?

Chromium is an open-source web browser that's developed and maintained by the Chromium Project. Since it's open source, anyone is free to take and modify the source code as the please. However, only trusted members of the Chromium Project development community can actually contribute their own code.


Regular users are able to download a frequently updated version of Chromium, all compiled and ready to use, from download-chromium.appspot.com.

What is Chrome?

Chrome is a proprietary web browser that is developed, maintained, and released by Google. Since it's proprietary, you are free to download and use it, but you can't decompile, reverse engineer, or use the source code to build your own project.

Chrome is built on Chromium, which means that Google developers take the open-source Chromium source code and add their own proprietary code. For instance, Chrome has an automatic update feature, is capable of tracking your browsing data, and includes native support for Flash that Chromium lacks.

Chrome is available directly from Google.

The Biggest Differences Between Chromium and Chrome

Since both browsers are built on the same source code, there are two major differences between Chromium and Chrome: Chromium is updated far more frequently, and Google adds in a whole lot of extra stuff that you may or may not want.


Within those two broad categories, here are the seven most important specific examples where Chromium and Chrome are different from each other:


  • Chromium updates more frequently - Since Chromium is compiled directly from the Chromium Project source code, it changes constantly. Chrome has several release channels, but even the bleeding edge Canary channel updates less frequently than Chromium. If you want to get your hands on the absolute latest code that the Chromium Project has to offer, you need to use Chromium.
  • Chrome updates automatically - Chromium lacks an automatic update feature. So even though it updates more frequently, you need to update it manually. Since Chrome has an automatic update feature, it is capable of downloading and installing updates on its own. If you ever get too far out of date, it will even let you know.
  • Chrome tracks your web browsing - Chromium doesn't track your information, and Chrome does. If you don't want to provide Google with any information about your browsing habits on the internet, but you like Chrome, then Chromium may be an option.
  • Chrome locks you into the Google Play Store - By default, Chrome on Windows and Mac only lets you install extensions that you download from the Google Play Store, while Chromium allows outside extensions. If you want the same freedom in Chrome, you need to enable developer mode.
  • Chrome has native support for Adobe Flash - Flash isn't as widespread as it used to be, but there are still sites that don't work right if you don't have it. Since Flash isn't open source, Chromium doesn't support it natively. So if you want to use Flash in Chromium, and you aren't an expert, you may be in for a headache.
  • Chromium doesn't include closed-source media codecs - Chrome also includes licensed media codecs like AAC, H.264, and MP3 that Chromium doesn't. Without these codecs, media won't play in Chromium. So if you want to stream video on sites like Netflix and YouTube, you need to either use Chrome or install these codecs manually.
  • Chromium doesn't always have the security sandbox enabled by default - Both Chrome and Chromium have a security sandbox mode, but Chromium has it turned off by default in some cases.

Chromium vs. Chrome: Which One Wins?

Since Chromium and Chrome are so similar, and each one has benefits, it's difficult to say which one actually wins in a head to head fight. For most regular users, Chrome is the better choice, but for more advanced users, those who place an especially high value on privacy, and some Linux users, Chromium may be the way to go.

Who Should Use Chrome?

Anyone who wants to download a web browser and have it just work, right out of the box, should use Chrome instead of Chromium. This is especially true if you use either Windows or Mac.

Chrome is extremely easy to download and install, doesn't require any configuration, and you can use it to view movies and listen to music on the internet, and even view websites that use Flash, without a lot of extra headaches.

Who Should Use Chromium?

Chromium is a better choice for more advanced users who don't care about getting their hands a little dirty, and anyone who likes Chrome but doesn't want to be tracked by Google. It's also a viable choice for users of some Linux distributions that offer a modified version of Chromium that comes a lot closer to matching Chrome in terms of features.

So that's it. Hope you guys like it. If yes then please .. comment down below and do not forget to like follow and share our social media platforms. 

Facebook Page:- https://www.facebook.com/theprogrammer.harshit/
Google Plus:-https://plus.google.com/u/0/communiti…/117296242526461886479
Blog:- https://www.techtalksgroup.blogspot.com
Instagram:- https://www.instagram.com/theprogrammer.harshit
Read More

Saturday, 15 September 2018

Pure Blood v2.0 - A Penetration Testing Framework Created For Hackers / Pentester / Bug Hunter ||techtalksgroup||

  September 15, 2018    1 comment

A Penetration Testing Framework created for Hackers / Pentester / Bug Hunter.

Web Pentest / Information Gathering:
  • Banner Grab
  • Whois
  • Traceroute
  • DNS Record
  • Reverse DNS Lookup
  • Zone Transfer Lookup
  • Port Scan
  • Admin Panel Scan
  • Subdomain Scan
  • CMS Identify
  • Reverse IP Lookup
  • Subnet Lookup
  • Extract Page Links
  • Directory Fuzz (NEW)
  • File Fuzz (NEW)
  • Shodan Search (NEW)
  • Shodan Host Lookup (NEW)

 Web Application Attack: (NEW)
  • Wordpress 
  • | WPScan 
  • | WPScan Bruteforce 
  • | Wordpress Plugin Vulnerability Checker 
Features: // I will add more soon. 
  • | WordPress Woocommerce - Directory Craversal 
  • | Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting 
  • | WordPress Plugin WP with Spritz 1.0 - Remote File Inclusion 
  • | WordPress Plugin Events Calendar - 'event_id' SQL Injection

Auto SQL Injection


Features:
  • | Union Based 
  • | (Error Output = False) Detection 
  • | Tested on 100+ Websites

Generator:
  • Deface Page
  • Password Generator // NEW
  • Text To Hash //NEW


Installation
git  clone  https://github.com/cr4shcod3/pureblood
cd pureblood
pip install -r requirements.txt

--------------------DOWNLOAD PUREBLOOD-----------------------

So that's it. Hope you guys like it. If yes then please .. comment down below and do not forget to like follow and share our social media platforms.

Facebook Page:- https://www.facebook.com/theprogrammer.harshit/
Google Plus:-https://plus.google.com/u/0/communiti…/117296242526461886479
Blog:- https://www.techtalksgroup.blogspot.com
Instagram:- https://www.instagram.com/theprogrammer.harshit
Read More

Thursday, 13 September 2018

Top 5 Kali Linux Tools Every Hacker Should Know All About |techtalksgroup|

  September 13, 2018    No comments

Top Kali Linux Tools:-
Now let’s get started with the list of my favorite tools and a lot of other hackers favorite tools too.

1. Metasploit:-

Metasploit is a framework for developing exploits, shellcodes, fuzzing tool, payloads etc. And it has a very vast collection of exploits and exploitation tools bundled into this single framework. It is available for all major Operating Sytems out there Windows, OS X, and Linux and comes pre-installed in Kali Linux. It is an offensive tool and to attack your own or your company’s infrastructure to check for security loopholes and to fix them before an actual attacker can break in.
It can also be used to target web applications, networks, and servers etc. You get both GUI and command line interface. There are to products for Metasploit a Free Community version and a paid Metasploit Pro.

2. Nmap (Network Mapper):-

Nmap is used to scan whole networks for open ports and for mapping networks and a lot more things. It is mainly used for scanning networks and discover the online PC’s and for security auditing. Most of the network admins use Nmap to discover online computer’s, open ports and manage services running. It uses raw IP packets in such a creative way to know what hosts are available on the network and what ports are open which services (applications name and version) are running on those systems.
It comes into version GUI and Command Line. Zenmap is the GUI version what I recommend is that first learn the command line and then move on to the GUI if you feel confident.

3. Armitage:-

Armitage is a graphical cyber attack management tool and it provides a GUI interface for all Metasploit features and makes it easier to understand and use. If you really want to understand and grow into the advanced features then Armitage is a great choice for you.

Armitage organizes Metasploit’s capabilities around the hacking process. There are features for discovery, access, post-exploitation, and maneuver.

And if you are working in a team then it can be a real help to share information with your team:
  • Use the same sessions.
  • Share victim hosts, capture data, download files etc.
  • Communicate using a shared event log.
  • Run bots to automate the tasks.

4. John The Ripper (JTR):-

John The Ripper is a very popular tool for password cracking it is also known as JTR and also it has the coolest name of all the tools. Mostly it is simply referred as ‘Jhon’ it is the most commonly used tool for password cracking and to perform dictionary attacks. John The Ripper takes text files, referred as a ‘wordlist’, which contains the list of commonly used passwords or real passwords cracked before, and it encrypts the password in the wordlist in the same way as the password which is being cracked. And then compare the output string with the encrypted string of the provided password.

This tool can be used to perform different types of dictionary attacks. If you are confused between Jhon The Ripper and THC Hydra then the most simple way to explain it is that THC Hydra is used to crack a password for online services and Jhon The Ripper is used for offline password cracking.

5. Wireshark:-

Wireshark is an open source tool for network analysis and profiling network traffic and packets and this kind of tools are referred to as Network Sniffers.

Wireshark, previously known as Ethereal, is used to monitor network traffic and analyze the packets that are sent out. Wireshark can intercept network traffic ranging from connection level information to bits of the information which make up a signal packet. All of this is done in real time and show to the user in a readable format. There are a lot of developments made in the tool (platform) over the years and it includes filters, color-coding the packets depending on their information and these features really help the penetration testers to dig deeper in the network traffic and inspect the packets in detail.

Note: If you are really interested in Network administration and penetration testing then knowing how to use Wireshark is a required skill. There are a lot of resources available online from where you can learn about using Wireshark in depth.

So that's it. Hope you guys like it. If yes then please .. comment down below and do not forget to like follow and share our social media platforms.

Facebook Page:- https://www.facebook.com/theprogrammer.harshit/
Google Plus:-https://plus.google.com/u/0/communiti…/117296242526461886479
Blog:- https://www.techtalksgroup.blogspot.com
Instagram:- https://www.instagram.com/theprogrammer.harshit
Read More

Wednesday, 12 September 2018

Download The Free Kali Linux Book || tech talks group ||

  September 12, 2018    No comments

Whether you are new to infosec, or a seasoned security veteran, the free "Kali Linux Revealed" online course has something to teach you. the saying "You can't build a great building on a weak foundation" rings true in the information security field as well , and if you use (or want to learn to use) kali in a professional way, you should familiarise yourself as best as you can with the internals of the penetration testing distribution - and that's what this training is all about - turning you into a Kali Linux professional user.

 DOWNLOAD PDF - https://kali.training/downloads/Kali-Linux-Revealed-1st-edition.pdf

Learning how to master a kali gives you the freedom to create kali Linux recipes like the Kali ISO of Doom, or the kali Evil Ap. you'll be able to build optimize and custom kali kernels, host them on your own repositories and create your own custom Kali Appliances - and there's so much more.

After Reading This Book You Will Be Able To --

  • Use the Kali OS proficiently.
  • Automate, customize and pre-seed Kali Linux Installs.
  • Create kali appliances such as the Kali ISO of  Doom.
  • Build, modify and host kali packages and repositories.
  • Create, fork and modify simple kali packages.
  • Customize and rebuild your kernel.
  • Deploy Kali over the network.
  • Manage and orchestrate multiple installations of kali.
  • Build and customize Kali ARM images.
  • Create custom pentesting devices. 
So that's it. Hope you guys like it. If yes then please .. comment down below and do not forget to like follow and share our social media platforms. 

Facebook Page:- https://www.facebook.com/theprogrammer.harshit/
Google Plus:- https://plus.google.com/u/0/communiti…/117296242526461886479
Blog:- https://www.techtalksgroup.blogspot.com
Instagram:- https://www.instagram.com/theprogrammer.harshit
Read More

Tuesday, 11 September 2018

FREE AND UNLIMITED FAST SPEED WITH -VPN HUB |TechTalksGroup|

  September 11, 2018    No comments


VPN HUB - Free and unlimited fast speed on your mobile

UNBLOCK the Internet and Browse Securely with VPN HUB for Android. Get it Free on the Google Play Store.

                                                  LINK

                     https://www.vpnhub.com/

So that's it. Hope you guys like it. If yes then please .. comment down below and do not forget to like follow and share our social media platforms. 

Facebook Page:- https://www.facebook.com/theprogrammer.harshit/
Google Plus:https://plus.google.com/u/0/communiti…/117296242526461886479
Blog:- https://www.techtalksgroup.blogspot.com
Instagram:- https://www.instagram.com/theprogrammer.har
Read More

Layers of OSI Model Explained .....|| tech talks group ||

theprogrammer.harshit  September 11, 2018    No comments


The Open Systems Interconnection (OSI) model defines a networking framework to implement protocols in layers, with control passed from one layer to the next. It is primarily used today as a teaching tool. It conceptually divides computer network architecture into 7 layers in a logical progression. The lower layers deal with electrical signals, chunks of binary data, and routing of these data across networks. Higher levels cover network requests and responses, representation of data, and network protocols as seen from a user's point of view.

The OSI model was originally conceived as a standard architecture for building network systems and indeed, many popular network technologies today reflect the layered design of OSI.

1. Physical Layer 

At Layer 1, the Physical layer of the OSI model is responsible for ultimate transmission of digital data bits from the Physical layer of the sending (source) device over network communications media to the Physical layer of the receiving (destination) device. Examples of Layer 1 technologies include Ethernet cables and Token Ring networks. Additionally, hubs and other repeaters are standard network devices that function at the Physical layer, as are cable connectors.

At the Physical layer, data are transmitted using the type of signaling supported by the physical medium: electric voltages, radio frequencies, or pulses of infrared or ordinary light.

2.  Data Link Layer

When obtaining data from the Physical layer, the Data Link layer checks for physical transmission errors and packages bits into data "frames". The Data Link layer also manages physical addressing schemes such as MAC addresses for Ethernet networks, controlling access of any various network devices to the physical medium. Because the Data Link layer is the single most complex layer in the OSI model, it is often divided into two parts, the "Media Access Control" sublayer and the "Logical Link Control" sublayer.

3.  Network Layer

The Network layer adds the concept of routing above the Data Link layer. When data arrives at the Network layer, the source and destination addresses contained inside each frame are examined to determine if the data has reached its final destination. If the data has reached the final destination, this Layer 3 formats the data into packets delivered up to the Transport layer. Otherwise, the Network layer updates the destination address and pushes the frame back down to the lower layers.

4.  Transport Layer

The Transport Layer delivers data across network connections. TCP is the most common example of a Transport Layer 4 network protocol. Different transport protocols may support a range of optional capabilities including error recovery, flow control, and support for re-transmission.

5.  Session Layer

The Session Layer manages the sequence and flow of events that initiate and tear down network connections. At Layer 5, it is built to support multiple types of connections that can be created dynamically and run over individual networks.

6.  Presentation Layer

The Presentation layer is the simplest in function of any piece of the OSI model. At Layer 6, it handles syntax processing of message data such as format conversions and encryption / decryption needed to support the Application layer above it.

7.  Application Layer

The Application layer supplies network services to end-user applications. Network services are typically protocols that work with user's data. For example, in a Web browser application, the Application layer protocol HTTP packages the data needed to send and receive Web page content. This Layer 7 provides data to (and obtains data from) the Presentation layer.
So thats it. Hope you guys like it. If yes then please .. comment down below and do not forgot to like follow and share our social media platforms. 

Facebook Page:- https://www.facebook.com/theprogrammer.harshit/
Read More

Monday, 10 September 2018

UK’s Critical Infrastructure Vulnerable To DDoS Attacks ||tech talks group||

  September 10, 2018    No comments

According to data revealed under the Freedom of Information Act by Corero Network Security, over one-third of critical infrastructure organizations in the UK are vulnerable to DDoS attacks. As per Corero, 39 percent of companies have ignored the risk of attacks on their network, leaving themselves vulnerable to data breaches, malware, and ransomware.

In a statement issued today, Sean Newman, director of product management at Corero, comments: “Cyber-attacks against national infrastructure have the potential to inflict significant, real-life disruption and prevent access to critical services that are vital to the functioning of our economy and society. These findings suggest that many such organizations are not as cyber resilient as they should be, in the face of growing and sophisticated cyber threats.”

Newman adds, “By not detecting and investigating these short, surgical, DDoS attacks on their networks, infrastructure organizations could also be leaving their doors wide-open for malware or ransomware attacks, data theft or more serious cyber attacks.”

Under the UK government’s proposals to implement the EU’s Network and Information Systems (NIS) directive, these organizations could be liable for fines of up to £17 million, or four percent of global turnover.

David Emm, the principal security researcher at Kaspersky Lab said, “The world isn’t ready for cyber-threats against critical infrastructure – but criminals are clearly ready and able to launch attacks on these facilities. We’ve seen attempts on power grids, oil refineries, steel plants, financial infrastructure, seaports and hospitals – and these are cases where organizations have spotted attacks and acknowledged them. However, many more companies do neither, and the lack of reporting these incidents hampers risk assessment and response to the threat.”

Edgard Capdevielle, CEO of Nozomi Networks, also commented: “This report emphasizes the impact of DDoS attacks and how they are often used as a cover to distract security teams while infecting systems with malware or stealing data. Such initiatives are often the first step in “low and slow”. He further added that “In light of this information, CNI organizations should give a high priority to re-assessing their cyber-security programs, evaluate where they are in relation to government recommendations, and inform themselves about current technologies available for protection….The right approach is to both shore up defenses and be able to quickly respond when attacks do occur.”

Targeting CNI, Eldon Sprickerhoff, founder and chief security strategist at entire said, “Although cyber-security regulations will require significant effort for the companies that are affected, this new legislation by the UK government demonstrates that they understand the severity of cyber-threats in today’s digital world and the destruction they can cause, if undeterred. Even if you’re not a CNI, cyber-threats should concern you. With cyber-criminals constantly adjusting their tactics, it is imperative that companies never stop defending themselves by constantly improving and expanding their cyber-security practices. Managed detection and response and incident response planning are common ways companies can stay ahead of their attackers.”

Here are five tips to help you can stay ahead of cybercriminals: 
  • Encryption – store sensitive data that is only readable with a digital key
  • Integrity checks – regularly check for any changes to system files
  • Network monitoring – use tools to help you detect for suspicious behavior
  • Penetration testing – conduct controlled cyber-attacks on systems to test their defenses and identify vulnerabilities
  • Education – train your employees in cyber-security awareness and tightly manage access to any confidential information


 That's it. Hope you guys like it. If yes then please .. comment down below and to not forget to like follow and share our social media platforms. 
Read More