Security Attacks

security.md

Modern Security Attacks

1. What is a CSRF attack? How does it use HTTP requests? And why do we call it the one-click attack?

2. What is an XSS attack? And what is the connection between it and cookies/sessions? What are the two main categories of XSS?

3. What is a phishing attack? How do attackers typically execute phishing attacks, and what are their primary goals?

4. What is a man-in-the-middle (MITM) attack? How do attackers perform MITM attacks, and what can be the consequences for victims?

5. What is End-to-End encryption (E2EE)? Provide an example of a well-known app using E2EE, and explain how that app uses it.

@Pumlanikewana
@NokulungaM
@samuelthis

1. A malicious website vulnerability known as a CSRF (Cross-Site Request Forgery) attack occurs when a web application trusts a user to send unauthorised commands. The way web browsers and web servers process HTTP requests—in particular, the way browsers automatically include cookies and other authentication tokens when making requests—is exploited by cross-site scripting (CSRF) attacks. The phrase "one-click attack" refers to a type of Cross-Site Request Forgery (CSRF) attack that may be carried out with little to no user intervention, typically requiring only one click.

2. An XSS (Cross-Site Scripting) attack is a security vulnerability in web applications that allows attackers to inject malicious scripts into web pages. These scripts can then run in users' browsers, potentially stealing sensitive data like cookies and session tokens. XSS (Cross-Site Scripting) attacks are often used to steal cookies and session tokens, which are crucial for maintaining user sessions. By injecting malicious scripts, attackers can access these cookies and tokens, allowing them to impersonate users, hijack sessions, and gain unauthorised access to user accounts and data.

The two main categories of XSS are:

• Stored XSS: The malicious script is stored on the server (e.g., in a database) and is served to users when they load the affected page.
• Reflected XSS: The malicious script is reflected off a web server, often through user input that is included in the server's response (e.g., in a URL or form submission).

3. A phishing attack is a type of cyber attack where malicious actors attempt to deceive individuals into revealing sensitive information, such as usernames, passwords, credit card numbers, or personal data. Attackers create deceptive messages or websites imitating trusted sources, then send them out through email, text, or social media. The messages often contain urgent or tempting prompts to trick victims into clicking harmful links or giving up personal information. The attacker steals the data for malicious purposes like identity theft, financial fraud, or installing malware.

4. A Man-in-the-Middle (MITM)
   c) DNS Spoofing:
   Attackers alter DNS (Domain Name System) responses to redirect victims to malicious websites.
   Users think they are visiting legitimate sites but are instead interacting with attacker-controlled sites.

d) SSL Stripping:
Attackers downgrade secure HTTPS connections to insecure HTTP connections.
This allows them to intercept and read data that would otherwise be encrypted.

e) Session Hijacking:
Attackers steal session tokens from users, often through methods like XSS or network interception.
With the session token, attackers can impersonate the user on a website.

Consequences for Victims:
Data Theft:
Attackers can capture sensitive information such as login credentials, financial data, and personal information.
This information can be used for identity theft or sold on the black market.

Account Compromise:
By stealing session tokens or login credentials, attackers can gain unauthorized access to user accounts.
This can lead to unauthorized transactions, data loss, or further compromise of the victim's contacts and networks.
Financial Loss:
Victims may suffer direct financial loss through unauthorized transactions or indirect loss through fraud and identity theft.

Privacy Violation:
Personal and sensitive information can be exposed, leading to a breach of privacy and potential misuse of the data.

Malware Injection:

Attackers can inject malware into the data stream, infecting the victim's device.
This can lead to further compromise, data loss, and network breaches.

5. End-to-end encryption (E2EE) is a security method where only the communicating users can read the messages. It scrambles data so that even if it is intercepted, it remains unreadable to anyone except the sender and receiver, ensuring privacy and confidentiality.

Example: WhatsApp uses end-to-end encryption. When you send a message, it's scrambled into unreadable code on your phone before being sent. Only the person you're sending it to has the special key to unlock and read it, ensuring that no one else, even WhatsApp itself, can see your messages.

Team Ntandoyenkosi & Emihle

1. CSRF (Cross-Site Request Forgery) is a cunning attack that leverages the fundamental trust a website places in a user's browser. This trust is a cornerstone of web interactions; when you're logged into a website, your browser sends authentication credentials (like cookies) with every request to that site, confirming your identity.
   HTTP requests: The attacker crafts a malicious link or image that, when clicked by the user, sends a forged HTTP request to the target website. This request often mimics legitimate user actions, like transferring funds, changing passwords, or purchasing items.
   One-click attack: The term "one-click attack" refers to how easily a user can be tricked into performing the malicious action with a single click on a link or image.

2. Cross-site scripting (XSS) is an exploit where an attacker injects malicious code into a legitimate website, which then executes when a victim loads the site. Attackers often use XSS to steal cookies, enabling them to impersonate the victim. They can send the stolen cookie to their own server through various methods.
   Two Main Categories of XSS
   Stored XSS: Malicious script is stored on the server and displayed to users.
   Reflected XSS: Malicious script is reflected off a web application to the victim's browser via a URL or form submission.

3. Phishing attacks involve sending deceptive communications that seem to originate from a trusted source, typically via email or messages that appear to be from legitimate sources, tricking victims into clicking on malicios links or downloading attachments. The objective is to steal sensitive information, such as credit card details and login credentials, or to install malware on the victim’s device.

4. A man-in-the-middle (MITM) attack happens when an attacker positions themselves between two computers, such as a laptop and a remote server, intercepting the traffic secretly and altering the communication between two parties who believe they are directly communicating with each other. This attacker can eavesdrop on or intercept the communications, potentially stealing sensitive information. MITM attacks pose a significant security threat and the consequences include, unathorized data access, identity theft, financial fraud, and compromised network security.

5. End-to-End Encryption (E2EE) ensures that data is encrypted on the sender’s device and only decrypted on the recipient’s device, preventing intermediaries from accessing the data. A well-known app using E2EE is WhatsApp.
   Encryption on Sender’s Device:
   When you send a message on WhatsApp, it is encrypted on your device using a unique encryption key. This key is generated on your device and is not shared with anyone, including WhatsApp.
   Transmission of Encrypted Message:
   The encrypted message is then sent over the internet to the recipient. During this transmission, the message remains encrypted and cannot be read by anyone who might intercept it, including hackers or service providers.
   Decryption on Recipient’s Device:
   When the encrypted message reaches the recipient, it is decrypted using a corresponding decryption key that only the recipient’s device possesses. This key is also unique and securely stored on the recipient’s device.
   End-to-End Encryption Protocol:
   WhatsApp uses the Signal Protocol for E2EE, which is designed to ensure that only the communicating users can access the message content. This protocol involves complex cryptographic techniques that prevent any third party, including WhatsApp, from accessing the messages.

Simphiwe Ndlovu
Katleho
Thabiso

1. Imagine you're logged into your online banking account. A CSRF attack is like someone tricking you into clicking a hidden button that says "Send money to a stranger" without you knowing. It's called a "one-click attack" because just by clicking on what seems like an innocent link or visiting a webpage, you could accidentally trigger this hidden action. The attacker doesn't need your password; they're just taking advantage of the fact that you're already logged in. It's like if someone asked you to pass a sealed envelope to your bank teller, but inside was a request to transfer your money. Your bank would think it's from you because you delivered it, even though you didn't know what was inside.

2. An XSS (Cross-Site Scripting) attack is a type of web security vulnerability where an attacker injects malicious scripts into a trusted website. These scripts then execute in the browsers of users visiting the site. The connection to cookies and sessions is crucial, as XSS can be used to steal these, potentially compromising user accounts. XSS attacks can allow attackers to steal session cookies, enabling them to impersonate users and gain unauthorized access to accounts. They can also modify webpage content, redirect users to malicious sites, or perform actions on behalf of the user. The two types of attacks Stored (Persistent) XSS where malicious script is permanently stored on the target server and the other is Reflected (Non-Persistent) XSS where malicious script is embedded in a link and only activates when that specific link is clicked.

3.where they attempt to trick individuals into revealing sensitive information or taking harmful actions by posing as a trustworthy website. The common methods are sending forged emails that appear to be from legitimate sources and creating convincing replicas of trusted websites.

4.its like a sneaky mailman who intercepts your letters, reads them, and maybe even changes them before delivering. In the digital world, an attacker gets between you and the website or person you're trying to communicate with. The attacker can steal your passwords or credit card information.

5.End-to-End Encryption (E2EE) is like having a super-secret code that only you and the person you're talking to can understand.
Here's how it works:

• When you send a message, it gets turned into a jumbled code.
• This coded message travels across the internet.
• Only the person you're sending it to has the special key to turn the jumble back into a readable message.
• Nobody in between - not even the company running the app - can read your message.

A well-known app that uses E2EE is Signal.
How Signal uses E2EE:

1.When you start a chat with someone on Signal, your phones secretly agree on a unique code (or "key") for your conversation.
2. Every message you send gets scrambled using this code.
3. The scrambled message goes through Signal's servers, but they can't understand it.
4. When your friend's Signal app gets the message, it uses the secret code to unscramble it.
5. This happens for every message, call, or file you send.

@hunny-bee
@Tumelo2748
@NtokozoMitchell

1. CSRF is an attack where an attacker tricks a victim into performing unintended actions on a web app they're logged into.
   It exploits how web apps trust legitimate HTTP requests from authenticated users. Attackers can craft malicious requests and trick victims
   into executing them, like by including it, in an image.
   CSRF is called a "one-click attack" because the victim only needs to take a single action to execute the attack, which then uses their valid
   session to perform actions on their behalf.

2. In a reflected XSS attack, the malicious script is not stored on the server but is reflected off the server in a response.
   This often happens when a user is tricked into clicking a malicious link or submitting a specially crafted form.
   Example: An attacker sends a link with a malicious script embedded in the URL. When the victim clicks the link, the script is reflected off the
   server and executed by the victim's browser.
   Web apps can prevent CSRF by requiring unique tokens, verifying the Referer header, or using double-submit cookies.

3. A phishing attack is when an attempt is made to trick someone into disclosing sensitive data, including credit card numbers, usernames,
   passwords, or other personal information. In most cases, this is achieved by acting to be someone you can trust in online interactions.

   Attackers typically execute phishing attacks by sending fraudulent emails that appear to be from reputable sources. These emails often
   contain links to fake websites that look identical to legitimate ones, aiming to deceive recipients into entering their personal information.

4. Attackers position themselves between the sender and receiver to eavesdrop on exchanged data like credit card numbers, login
   credentials, or sensitive information.Email Hijacking: Attackers take control of email accounts (e.g., banks) to monitor transactions or send
   fake emails to victims.
   Wi-Fi Eavesdropping: Victims unknowingly connect to a malicious Wi-Fi network, allowing attackers to intercept their data.
   Consequences:
   Stolen data can lead to unauthorized purchases, financial account hijacking, and identity theft, leaving organizations and individuals
   vulnerable without their knowledge.

5. With end-to-end encryption (E2EE), messages are only read by the users who are chatting. This is a secure communication method.
   Messages sent over E2EE are encrypted on the sender's end and decoded only on the recipient's end. This means that any third party,
   including the service provider cannot access the sent data.

WhatsApp uses End-to-End Encryption to secure user communications. When a user sends a message on WhatsApp, the message is
encrypted on the sender's device using a unique encryption key. The encrypted message is transmitted over the internet to WhatsApp's
servers and then to the recipient's device. During this transmission, the message remains encrypted, ensuring that even if intercepted, it
cannot be read. Once the encrypted message arrives at the recipient's device, it is decrypted using the unique key that matches the sender's
encryption key. The recipient can then read the message in its original form.

Nhlanhla Msibi @Nhlanhla-advocate
Mpho Oganne
Nonhlanhla Mazibuko

1. A Cross-Site Request Forgery (CSRF) attack is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. Essentially, the attacker tricks the victim into making an unwanted request to a server on which they are authenticated. The attacker needs to get the user to execute this malicious request. This is often done by embedding the request in a malicious link, image, or script on a web page that the user visits.

It's called a one-click attack because, typically, all it takes for the attack to be executed is a single click by the user on a seemingly harmless link or button. In many cases, the user doesn't even realize they are making the request because the action can be embedded in an invisible image or an automatically executing script.

2. XSS attack is called cross-site scripting, which is a vulnerability in web applications that allows attackers to inject malicious scripts into trusted websites. These scripts are then executed by unsuspecting users. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to an end users. The injected code is then delivered to other users who access the web page or web application. When these users' browsers load the page, they execute the malicious script as part of the normal content.

XSS attacks allows an attacker to execute scripts in the context of a user's browser, making it possible for them to potentially steal cookies and the session identifiers stored in the cookies. This can lead to session hijacking, where the attacker gains unauthorized access to the user's session where they can impersonate the victim, performing actions and accessing data as if they were the legitimate use.

Main categories of XSS:

• Stored XSS which is also referred as persistent XSS:
  An attacker may inject malicious content (referred to as the payload), most often JavaScript code, into the target application which can then be stored in the application's database permanently. When a victim opens the affected web page in a browser, the XSS attack payload is served to the victim’s browser, which means that victims will end up executing the malicious script once the page is viewed in their browser. An example would be an attacker posting a comment on a blog post with the malicious code. The blog stores this comment in its database without proper sanitization. When other users view the blog post, the malicious script is executed in their browsers, potentially stealing their session cookies

• Reflected XSS:
  the attacker’s payload has to be a part of the request that is sent to the web server. It is then reflected back in such a way that the HTTP response includes the payload from the HTTP request. This often occurs when the user is tricked into clicking a malicious link or submitting a specially crafted form. The injected script is then included in the server's response to the user, and the browser executes it. This type of XSS is usually targeted at a single user.

3. phishing attack is a type of cyber attack where an attacker disguises themselves as a trustworthy entity to deceive individuals into divulging sensitive information such as usernames, passwords, credit card numbers, or other personal information. Phishing is a form of social engineering, relying on manipulating human psychology rather than exploiting technical vulnerabilities.

Crafting the Bait:
Email: The attacker creates a fake email that looks like it's from a legitimate source,like a bank, a social media site, or an online service. The email usually contains a message that aims to create a sense of urgency or curiosity like getting a message that says "your account has been compromised click here to secure it".

4. A Man-in-the-Middle attack is a type of cyber attack where the attacker secretly intercepts and relays communication between two parties who believe they are directly communicating with each other. The attacker can eavesdrop, alter, or inject false information into the communication, effectively taking control of the conversation without the knowledge of the legitimate parties.

The consequences of the victim are:

Financial Loss:
Victims may experience unauthorized transactions or withdrawals from their bank accounts.
Businesses may suffer from theft of financial information or intellectual property.
5. End-to-End Encryption is a method of data transmission where only the communicating users can read the messages. In E2EE, the data is encrypted on the sender's device and only decrypted on the recipient's device, ensuring that no intermediaries, including service providers, can access the contents of the communication.
WhatsApp uses end-to-end-encryption(What they want us to believe)

When a user sends a message, it is encrypted on their device using a unique encryption key.
This encryption key is only known to the sender and the intended recipient. Even WhatsApp servers do not have access to this key.