Security Attacks

security.md

Modern Security Attacks

1. What is a CSRF attack? How does it use HTTP requests? And why do we call it the one-click attack?

2. What is an XSS attack? And what is the connection between it and cookies/sessions? What are the two main categories of XSS?

3. What is a phishing attack? How do attackers typically execute phishing attacks, and what are their primary goals?

4. What is a man-in-the-middle (MITM) attack? How do attackers perform MITM attacks, and what can be the consequences for victims?

5. What is End-to-End encryption (E2EE)? Provide an example of a well-known app using E2EE, and explain how that app uses it.

@Hophneylen
@thewesss
@mpilomthiyane97

1. A Cross-Site Request Forgery (CSRF) attack is a type of malicious exploit where unauthorized commands are transmitted from a user that the web application trusts. CSRF attacks rely on the fact that web browsers automatically include session cookies and other relevant credentials like tokens with every HTTP request sent to a web application. The term "one-click attack" comes from the simplicity and minimal interaction required from the user to trigger the malicious action. Often, the user needs to do nothing more than click a link or visit a webpage.

2. An XSS (Cross-Site Scripting) attack is a security vulnerability where an attacker injects malicious scripts into web pages, which are then executed in users' browsers.

Connection between XSS Attacks and Cookies/Sessions:
XSS attacks can steal cookies and session tokens, allowing attackers to hijack user sessions and impersonate users. This is dangerous as cookies and session tokens often store authentication and sensitive information.

Two Main Categories of XSS a)Stored XSS (Persistent XSS):
Definition: Malicious scripts are permanently stored on the server (e.g., in a database). When users access the data, the script runs in their browsers.
Example: An attacker posts a script in a comment; every viewer of the comment executes the script. b) Reflected XSS (Non-Persistent XSS):
Definition: The script is reflected off a web server (e.g., via a URL or input) and executed immediately in the user's browser.
Example: An attacker sends a malicious link. When clicked, the script runs in the user's browser.

3. A phishing attack is a cyberattack where attackers deceive individuals into providing sensitive information, like passwords or credit card details, by pretending to be trustworthy entities.
   Execution Methods: a)Email Phishing: Sending deceptive emails with links to fake websites. a)Spear Phishing: Targeted emails personalized with specific details about the victim. c)Smishing: Fraudulent text messages with links to fake sites. d)Vishing: Phone calls pretending to be from legitimate organizations. e)Clone Phishing: Duplicating legitimate emails and replacing links with malicious ones. f) Pharming: Redirecting users to fake websites through DNS spoofing.
   Primary Goals:
   Steal sensitive information (e.g., login credentials, financial data).
   Install malware.
   Exploit personal information for financial gain or identity theft.

4. A Man-in-the-Middle (MITM) attack is a type of cyber attack where an attacker secretly intercepts and relays messages between two parties who believe they are directly communicating with each other. This allows the attacker to eavesdrop, manipulate, and potentially steal sensitive information without either party knowing.
   How MITM Attacks are Performed:

Interception:
Network Sniffing: Attackers use tools to intercept and capture data packets as they travel over a network. This is often done on unsecured Wi-Fi networks.
Session Hijacking: Attackers steal session cookies or tokens to take over a user's session with a service or website.

Decryption:
SSL Stripping: The attacker downgrades an HTTPS connection to HTTP, allowing them to intercept and read the data in plaintext.
SSL/TLS Interception: Attackers may use forged certificates to establish a secure connection with both parties and decrypt the data.

Consequences for Victims:
Data Theft: Sensitive information such as login credentials, credit card numbers, and personal details can be stolen.
Financial Loss: Attackers can perform unauthorized transactions, leading to financial loss.
Privacy Breach: Private communications can be exposed, leading to a loss of confidentiality.
Identity Theft: Stolen personal information can be used to impersonate the victim.
Malware Installation: Attackers can inject malware or malicious code into intercepted communications.

5. End-to-End Encryption (E2EE) is a method of communication where data is encrypted on the sender's device and only decrypted on the recipient's device. This means that only the communicating users can read the messages, and no intermediaries, including service providers, can access the encrypted data.
   Example: WhatsApp
   WhatsApp is a well-known application that uses E2EE. Here's how WhatsApp implements E2EE:

Encryption Process:
When a user sends a message on WhatsApp, the message is encrypted using a cryptographic key that is unique to the conversation and known only to the communicating devices.
The encryption key is generated on the user's device and is not stored on any server.

Transmission:
The encrypted message is sent over the network to WhatsApp's servers, but since it is already encrypted, WhatsApp servers cannot read its content.
The encrypted message is then forwarded to the recipient.

Decryption Process:
Upon receiving the message, the recipient's device uses the corresponding cryptographic key to decrypt the message.
The decrypted message is then displayed to the recipient.

Sharon Matjila
Lindokuhle Skosana
Angela King
Sakhile Motha

1. A CSRF (Cross-Site Request Forgery) attack is a type of malicious exploit where unauthorized commands are transmitted from a user that the web application trusts.
   Use of HTTP Requests:

CSRF attacks utilize HTTP requests (GET or POST) to execute the forged actions. These requests are crafted to mimic legitimate requests that the web application expects from the user. Because the user is authenticated, the web application might not distinguish between legitimate requests initiated by the user and forged requests initiated by the attacker via the user's browser.

The term "one-click attack" refers to how easily a CSRF attack can be executed once the user visits the malicious website. From the user's perspective, it often takes just one click on a link or button on the malicious site for the attack to be triggered. The attack does not require the user to download or execute any files; it leverages the trust relationship between the user's browser and the legitimate web application they are authenticated with.

2. An XSS attack is a type of security vulnerability where an attacker injects malicious scripts into a website, which are then executed by the user's browser. This allows the attacker to steal sensitive information, such as cookies and session data, or even take control of the user's session.

The connection between XSS and cookies/sessions is that an attacker can use XSS to access and manipulate a user's cookies and session data, potentially leading to unauthorized access to sensitive information.

There are two main categories of XSS, Stored XSS and reflected XSS. Stored XSS involves injecting malicious code into a website's database, which is then stored and executed by other users. Reflected XSS involves injecting malicious code into a website through user input (e.g., form fields), which is then reflected back to the user in the form of a modified web page.

3. A phishing attack is a fraudulent attempt to obtain sensitive information by disguising as a trustworthy entity in electronic communications. Attackers typically execute phishing attacks through deceptive emails, messages, or websites that trick victims into revealing personal data, such as passwords or credit card numbers. Their primary goals are to steal personal information, financial data, and login credentials, often leading to unauthorized access, financial loss, and identity theft for the victims.

4. A Man-in-the-Middle (MITM) attack is a cybersecurity breach where an attacker secretly intercepts and relays communication between two parties who believe they are directly communicating with each other. Attackers perform MITM attacks by exploiting insecure network connections, using techniques like packet sniffing, session hijacking, or DNS spoofing to insert themselves into the communication. The consequences for victims can be severe, including data theft, unauthorized transactions, compromised login credentials, and loss of sensitive information, leading to potential financial loss and identity theft.

5. End-to-End Encryption is a method of secure communication where only the communicating parties can read the messages. It ensures that data remains confidential and cannot be intercepted or accessed by anyone else, including the service provider.

A well-known app that uses E2EE is WhatsApp. WhatsApp uses the Signal Protocol, which was developed by Open Whisper Systems, to implement E2EE in their messaging service.

Here's how WhatsApp uses E2EE:

Key Exchange: When two users initiate a conversation, their devices exchange public keys to establish a shared secret key.
Encryption: Messages are encrypted with the shared secret key using the Advanced Encryption Standard (AES).
Secure Communication: Encrypted messages are sent to the recipient's device, where they can only be decrypted with the corresponding private key.
WhatsApp's E2EE ensures that only the sender and recipient can read the messages, making it a secure and private communication platform.

Phamela Mhlaba
Sinethemba Zulu
Letago Makhubela

1. A CSRF attack tricks a user's browser into making unwanted actions on a trusted website where the user is logged in. It uses HTTP Requests by using hidden links or forms that send HTTP requests from the user's browser to the targeted website without the user's knowledge. It's called a one-click attack because a single click on a malicious link can trigger these unwanted actions.

2. An XSS (Cross-Site Scripting) attack involves an attacker injecting malicious scripts into web pages viewed by other users.

Connection Between XSS and Cookies/Sessions
XSS can steal cookies and session information, which are used to identify and authenticate users. By accessing these, attackers can impersonate users and gain unauthorized access to their accounts.

Two Main Categories of XSS

1. Stored XSS: Malicious script is stored on the server and served to users. Example: A comment with harmful code.

2. Reflected XSS: Malicious script is reflected off a web server, often via a URL. Example: A harmful link sent via email.

3. Phishing attack:

   • Social engineering technique to trick users into revealing sensitive information (login creds, financial data).
   • Typically executed via email, phone, or text message, pretending to be a trusted entity.
   • Primary goals: Steal sensitive info, install malware, or gain access to systems.

4. An MITM attack is when an attacker secretly intercepts and alters communication between two parties without their knowledge.

How Do Attackers Perform MITM Attacks?
Attackers perform MITM attacks by intercepting network traffic, often using techniques like spoofing Wi-Fi networks, DNS spoofing, or using malware to eavesdrop on communications.

Victims of MITM attacks can have their sensitive information stolen, such as login credentials, personal data, and financial details, leading to identity theft, financial loss, and unauthorized access to their accounts.

5. End-to-end encryption (E2EE) ensures that data is encrypted on the sender's device and only decrypted on the recipient's device, preventing any intermediaries, including service providers, from accessing the unencrypted data.

WhatsApp is a well-known app that uses E2EE. When a user installs WhatsApp, a unique pair of cryptographic keys is generated: a public key stored on WhatsApp's servers and a private key kept on the user's device. Messages are encrypted with the recipient's public key and can only be decrypted by the recipient's private key, ensuring that only the intended recipient can read the messages, providing robust privacy and security for users.

@Pumlanikewana
@NokulungaM
@samuelthis

1. A malicious website vulnerability known as a CSRF (Cross-Site Request Forgery) attack occurs when a web application trusts a user to send unauthorised commands. The way web browsers and web servers process HTTP requests—in particular, the way browsers automatically include cookies and other authentication tokens when making requests—is exploited by cross-site scripting (CSRF) attacks. The phrase "one-click attack" refers to a type of Cross-Site Request Forgery (CSRF) attack that may be carried out with little to no user intervention, typically requiring only one click.

2. An XSS (Cross-Site Scripting) attack is a security vulnerability in web applications that allows attackers to inject malicious scripts into web pages. These scripts can then run in users' browsers, potentially stealing sensitive data like cookies and session tokens. XSS (Cross-Site Scripting) attacks are often used to steal cookies and session tokens, which are crucial for maintaining user sessions. By injecting malicious scripts, attackers can access these cookies and tokens, allowing them to impersonate users, hijack sessions, and gain unauthorised access to user accounts and data.

The two main categories of XSS are:

• Stored XSS: The malicious script is stored on the server (e.g., in a database) and is served to users when they load the affected page.
• Reflected XSS: The malicious script is reflected off a web server, often through user input that is included in the server's response (e.g., in a URL or form submission).

3. A phishing attack is a type of cyber attack where malicious actors attempt to deceive individuals into revealing sensitive information, such as usernames, passwords, credit card numbers, or personal data. Attackers create deceptive messages or websites imitating trusted sources, then send them out through email, text, or social media. The messages often contain urgent or tempting prompts to trick victims into clicking harmful links or giving up personal information. The attacker steals the data for malicious purposes like identity theft, financial fraud, or installing malware.

4. A Man-in-the-Middle (MITM)
   c) DNS Spoofing:
   Attackers alter DNS (Domain Name System) responses to redirect victims to malicious websites.
   Users think they are visiting legitimate sites but are instead interacting with attacker-controlled sites.

d) SSL Stripping:
Attackers downgrade secure HTTPS connections to insecure HTTP connections.
This allows them to intercept and read data that would otherwise be encrypted.

e) Session Hijacking:
Attackers steal session tokens from users, often through methods like XSS or network interception.
With the session token, attackers can impersonate the user on a website.

Consequences for Victims:
Data Theft:
Attackers can capture sensitive information such as login credentials, financial data, and personal information.
This information can be used for identity theft or sold on the black market.

Account Compromise:
By stealing session tokens or login credentials, attackers can gain unauthorized access to user accounts.
This can lead to unauthorized transactions, data loss, or further compromise of the victim's contacts and networks.
Financial Loss:
Victims may suffer direct financial loss through unauthorized transactions or indirect loss through fraud and identity theft.

Privacy Violation:
Personal and sensitive information can be exposed, leading to a breach of privacy and potential misuse of the data.

Malware Injection:

Attackers can inject malware into the data stream, infecting the victim's device.
This can lead to further compromise, data loss, and network breaches.

5. End-to-end encryption (E2EE) is a security method where only the communicating users can read the messages. It scrambles data so that even if it is intercepted, it remains unreadable to anyone except the sender and receiver, ensuring privacy and confidentiality.

Example: WhatsApp uses end-to-end encryption. When you send a message, it's scrambled into unreadable code on your phone before being sent. Only the person you're sending it to has the special key to unlock and read it, ensuring that no one else, even WhatsApp itself, can see your messages.

Team Ntandoyenkosi & Emihle

1. CSRF (Cross-Site Request Forgery) is a cunning attack that leverages the fundamental trust a website places in a user's browser. This trust is a cornerstone of web interactions; when you're logged into a website, your browser sends authentication credentials (like cookies) with every request to that site, confirming your identity.
   HTTP requests: The attacker crafts a malicious link or image that, when clicked by the user, sends a forged HTTP request to the target website. This request often mimics legitimate user actions, like transferring funds, changing passwords, or purchasing items.
   One-click attack: The term "one-click attack" refers to how easily a user can be tricked into performing the malicious action with a single click on a link or image.

2. Cross-site scripting (XSS) is an exploit where an attacker injects malicious code into a legitimate website, which then executes when a victim loads the site. Attackers often use XSS to steal cookies, enabling them to impersonate the victim. They can send the stolen cookie to their own server through various methods.
   Two Main Categories of XSS
   Stored XSS: Malicious script is stored on the server and displayed to users.
   Reflected XSS: Malicious script is reflected off a web application to the victim's browser via a URL or form submission.

3. Phishing attacks involve sending deceptive communications that seem to originate from a trusted source, typically via email or messages that appear to be from legitimate sources, tricking victims into clicking on malicios links or downloading attachments. The objective is to steal sensitive information, such as credit card details and login credentials, or to install malware on the victim’s device.

4. A man-in-the-middle (MITM) attack happens when an attacker positions themselves between two computers, such as a laptop and a remote server, intercepting the traffic secretly and altering the communication between two parties who believe they are directly communicating with each other. This attacker can eavesdrop on or intercept the communications, potentially stealing sensitive information. MITM attacks pose a significant security threat and the consequences include, unathorized data access, identity theft, financial fraud, and compromised network security.

5. End-to-End Encryption (E2EE) ensures that data is encrypted on the sender’s device and only decrypted on the recipient’s device, preventing intermediaries from accessing the data. A well-known app using E2EE is WhatsApp.
   Encryption on Sender’s Device:
   When you send a message on WhatsApp, it is encrypted on your device using a unique encryption key. This key is generated on your device and is not shared with anyone, including WhatsApp.
   Transmission of Encrypted Message:
   The encrypted message is then sent over the internet to the recipient. During this transmission, the message remains encrypted and cannot be read by anyone who might intercept it, including hackers or service providers.
   Decryption on Recipient’s Device:
   When the encrypted message reaches the recipient, it is decrypted using a corresponding decryption key that only the recipient’s device possesses. This key is also unique and securely stored on the recipient’s device.
   End-to-End Encryption Protocol:
   WhatsApp uses the Signal Protocol for E2EE, which is designed to ensure that only the communicating users can access the message content. This protocol involves complex cryptographic techniques that prevent any third party, including WhatsApp, from accessing the messages.

Simphiwe Ndlovu
Katleho
Thabiso

1. Imagine you're logged into your online banking account. A CSRF attack is like someone tricking you into clicking a hidden button that says "Send money to a stranger" without you knowing. It's called a "one-click attack" because just by clicking on what seems like an innocent link or visiting a webpage, you could accidentally trigger this hidden action. The attacker doesn't need your password; they're just taking advantage of the fact that you're already logged in. It's like if someone asked you to pass a sealed envelope to your bank teller, but inside was a request to transfer your money. Your bank would think it's from you because you delivered it, even though you didn't know what was inside.

2. An XSS (Cross-Site Scripting) attack is a type of web security vulnerability where an attacker injects malicious scripts into a trusted website. These scripts then execute in the browsers of users visiting the site. The connection to cookies and sessions is crucial, as XSS can be used to steal these, potentially compromising user accounts. XSS attacks can allow attackers to steal session cookies, enabling them to impersonate users and gain unauthorized access to accounts. They can also modify webpage content, redirect users to malicious sites, or perform actions on behalf of the user. The two types of attacks Stored (Persistent) XSS where malicious script is permanently stored on the target server and the other is Reflected (Non-Persistent) XSS where malicious script is embedded in a link and only activates when that specific link is clicked.

3.where they attempt to trick individuals into revealing sensitive information or taking harmful actions by posing as a trustworthy website. The common methods are sending forged emails that appear to be from legitimate sources and creating convincing replicas of trusted websites.

4.its like a sneaky mailman who intercepts your letters, reads them, and maybe even changes them before delivering. In the digital world, an attacker gets between you and the website or person you're trying to communicate with. The attacker can steal your passwords or credit card information.

5.End-to-End Encryption (E2EE) is like having a super-secret code that only you and the person you're talking to can understand.
Here's how it works:

• When you send a message, it gets turned into a jumbled code.
• This coded message travels across the internet.
• Only the person you're sending it to has the special key to turn the jumble back into a readable message.
• Nobody in between - not even the company running the app - can read your message.

A well-known app that uses E2EE is Signal.
How Signal uses E2EE:

1.When you start a chat with someone on Signal, your phones secretly agree on a unique code (or "key") for your conversation.
2. Every message you send gets scrambled using this code.
3. The scrambled message goes through Signal's servers, but they can't understand it.
4. When your friend's Signal app gets the message, it uses the secret code to unscramble it.
5. This happens for every message, call, or file you send.

@hunny-bee
@Tumelo2748
@NtokozoMitchell

1. CSRF is an attack where an attacker tricks a victim into performing unintended actions on a web app they're logged into.
   It exploits how web apps trust legitimate HTTP requests from authenticated users. Attackers can craft malicious requests and trick victims
   into executing them, like by including it, in an image.
   CSRF is called a "one-click attack" because the victim only needs to take a single action to execute the attack, which then uses their valid
   session to perform actions on their behalf.

2. In a reflected XSS attack, the malicious script is not stored on the server but is reflected off the server in a response.
   This often happens when a user is tricked into clicking a malicious link or submitting a specially crafted form.
   Example: An attacker sends a link with a malicious script embedded in the URL. When the victim clicks the link, the script is reflected off the
   server and executed by the victim's browser.
   Web apps can prevent CSRF by requiring unique tokens, verifying the Referer header, or using double-submit cookies.

3. A phishing attack is when an attempt is made to trick someone into disclosing sensitive data, including credit card numbers, usernames,
   passwords, or other personal information. In most cases, this is achieved by acting to be someone you can trust in online interactions.

   Attackers typically execute phishing attacks by sending fraudulent emails that appear to be from reputable sources. These emails often
   contain links to fake websites that look identical to legitimate ones, aiming to deceive recipients into entering their personal information.

4. Attackers position themselves between the sender and receiver to eavesdrop on exchanged data like credit card numbers, login
   credentials, or sensitive information.Email Hijacking: Attackers take control of email accounts (e.g., banks) to monitor transactions or send
   fake emails to victims.
   Wi-Fi Eavesdropping: Victims unknowingly connect to a malicious Wi-Fi network, allowing attackers to intercept their data.
   Consequences:
   Stolen data can lead to unauthorized purchases, financial account hijacking, and identity theft, leaving organizations and individuals
   vulnerable without their knowledge.

5. With end-to-end encryption (E2EE), messages are only read by the users who are chatting. This is a secure communication method.
   Messages sent over E2EE are encrypted on the sender's end and decoded only on the recipient's end. This means that any third party,
   including the service provider cannot access the sent data.

WhatsApp uses End-to-End Encryption to secure user communications. When a user sends a message on WhatsApp, the message is
encrypted on the sender's device using a unique encryption key. The encrypted message is transmitted over the internet to WhatsApp's
servers and then to the recipient's device. During this transmission, the message remains encrypted, ensuring that even if intercepted, it
cannot be read. Once the encrypted message arrives at the recipient's device, it is decrypted using the unique key that matches the sender's
encryption key. The recipient can then read the message in its original form.

Nhlanhla Msibi @Nhlanhla-advocate
Mpho Oganne
Nonhlanhla Mazibuko

1. A Cross-Site Request Forgery (CSRF) attack is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. Essentially, the attacker tricks the victim into making an unwanted request to a server on which they are authenticated. The attacker needs to get the user to execute this malicious request. This is often done by embedding the request in a malicious link, image, or script on a web page that the user visits.

It's called a one-click attack because, typically, all it takes for the attack to be executed is a single click by the user on a seemingly harmless link or button. In many cases, the user doesn't even realize they are making the request because the action can be embedded in an invisible image or an automatically executing script.

2. XSS attack is called cross-site scripting, which is a vulnerability in web applications that allows attackers to inject malicious scripts into trusted websites. These scripts are then executed by unsuspecting users. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to an end users. The injected code is then delivered to other users who access the web page or web application. When these users' browsers load the page, they execute the malicious script as part of the normal content.

XSS attacks allows an attacker to execute scripts in the context of a user's browser, making it possible for them to potentially steal cookies and the session identifiers stored in the cookies. This can lead to session hijacking, where the attacker gains unauthorized access to the user's session where they can impersonate the victim, performing actions and accessing data as if they were the legitimate use.

Main categories of XSS:

• Stored XSS which is also referred as persistent XSS:
  An attacker may inject malicious content (referred to as the payload), most often JavaScript code, into the target application which can then be stored in the application's database permanently. When a victim opens the affected web page in a browser, the XSS attack payload is served to the victim’s browser, which means that victims will end up executing the malicious script once the page is viewed in their browser. An example would be an attacker posting a comment on a blog post with the malicious code. The blog stores this comment in its database without proper sanitization. When other users view the blog post, the malicious script is executed in their browsers, potentially stealing their session cookies

• Reflected XSS:
  the attacker’s payload has to be a part of the request that is sent to the web server. It is then reflected back in such a way that the HTTP response includes the payload from the HTTP request. This often occurs when the user is tricked into clicking a malicious link or submitting a specially crafted form. The injected script is then included in the server's response to the user, and the browser executes it. This type of XSS is usually targeted at a single user.

3. phishing attack is a type of cyber attack where an attacker disguises themselves as a trustworthy entity to deceive individuals into divulging sensitive information such as usernames, passwords, credit card numbers, or other personal information. Phishing is a form of social engineering, relying on manipulating human psychology rather than exploiting technical vulnerabilities.

Crafting the Bait:
Email: The attacker creates a fake email that looks like it's from a legitimate source,like a bank, a social media site, or an online service. The email usually contains a message that aims to create a sense of urgency or curiosity like getting a message that says "your account has been compromised click here to secure it".

4. A Man-in-the-Middle attack is a type of cyber attack where the attacker secretly intercepts and relays communication between two parties who believe they are directly communicating with each other. The attacker can eavesdrop, alter, or inject false information into the communication, effectively taking control of the conversation without the knowledge of the legitimate parties.

The consequences of the victim are:

Financial Loss:
Victims may experience unauthorized transactions or withdrawals from their bank accounts.
Businesses may suffer from theft of financial information or intellectual property.
5. End-to-End Encryption is a method of data transmission where only the communicating users can read the messages. In E2EE, the data is encrypted on the sender's device and only decrypted on the recipient's device, ensuring that no intermediaries, including service providers, can access the contents of the communication.
WhatsApp uses end-to-end-encryption(What they want us to believe)

When a user sends a message, it is encrypted on their device using a unique encryption key.
This encryption key is only known to the sender and the intended recipient. Even WhatsApp servers do not have access to this key.