When you log into a website:

• The server creates a session.
• Your browser stores a session cookie like:

Set-Cookie: sessionid=abc123

Cookie: sessionid=abc123

CSRF exploits the fact that:

• Browsers automatically include cookies (like login sessions) with requests.
• Websites often trust those cookies without verifying the request source.

How websites prevent CSRF

Common protections include:

• CSRF tokens (most important):
  A unique, secret value included in forms that attackers can’t guess.
• SameSite cookies:
  Restr cookies from being sent in cross-site requests.
• Checking headers like Origin or Referer
• Re-authentication for sensitive actions

CSRF is dangerous because it uses your own authenticated session against you—it doesn’t need to hack your password.

1. Encryption (keeps data secret)

HTTPS uses Transport Layer Security (TLS) to encrypt the data between your browser and the website.

• Even if an attacker intercepts the data, it looks like unreadable gibberish
• Sensitive info (passwords, credit card details) stays private

Without HTTPS: attacker can read everything
With HTTPS: attacker sees encrypted nonsense

2. Authentication (proves the website is real)

HTTPS uses SSL/TLS certificates issued by trusted organizations called Certificate Authority (CAs).

• These certificates verify that the website is legitimate
• Your browser checks the certificate before connecting

Prevents attackers from impersonating real websites

3. Data Integrity (prevents tampering)

HTTPS ensures that:

• Data cannot be changed during transmission
• If an attacker tries to modify anything, the connection breaks or shows a warning

Stops attackers from injecting malicious content

4. Secure Handshake (key exchange)

When you visit an HTTPS site:

1. Your browser and server perform a TLS handshake
2. They agree on encryption methods
3. They securely exchange keys

This process often uses public-key cryptography:

• A public key (shared openly)
• A private key (kept secret by the server)

Ensures only the intended server can decrypt the data

HTTPS greatly reduces MITM risk, but it’s not foolproof if:

• You ignore browser warnings
• A device is already compromised
• Attackers use advanced tricks (like fake certificates)

How it works (simple idea)

Imagine you’re sending a message to a website:

You → (attacker intercepts) → Website

The attacker places themselves “in the middle” and can:

• Read your data (like passwords, messages)
• Modify the data
• Steal sensitive information

Step-by-step process

1. Interception
   The attacker gains access to your connection
   (often through unsecured public Wi-Fi)
2. Eavesdropping
   They monitor the data being sent (e.g., login credentials)
3. Manipulation (optional)
   They may alter the communication
   (e.g., redirect you to a fake website)

Common types of MITM attacks

• Wi-Fi eavesdropping – Fake or unsecured Wi-Fi networks
• ARP spoofing – Attacker links their device to your IP address
• DNS spoofing – Redirects you to fake websites
• Session hijacking – Steals your active login session

A MITM attack is like someone secretly listening to—and possibly changing—a private conversation between you and another party.

How ransomware works (step-by-step)

1. Infection

Ransomware usually enters a system through:

• Phishing emails (malicious attachments or links)
• Downloading unsafe software
• Visiting compromised websites
• Exploiting system vulnerabilities

2. Installation

Once inside, the ransomware installs itself silently on your device without your knowledge.

3. Encryption or Locking

The malware then:

• Encrypts your files (documents, photos, databases), or
• Locks your entire system

Encryption means your files become unreadable without a special decryption key.

4. Ransom Demand

After locking your data, you’ll see a message like:

• “Your files are encrypted”
• “Pay X amount (often in cryptocurrency) to get them back”

5. Payment Pressure

Attackers often:

• Set deadlines
• Threaten to delete data
• Sometimes threaten to leak sensitive information

Types of ransomware

• Crypto ransomware – encrypts files
• Locker ransomware – locks the device
• Double extortion – encrypts data and threatens to leak it

1. Malware (Malicious Software)

Malware is any software designed to harm or exploit systems.

Common types:

• Viruses – attach to files and spread when opened
• Worms – spread automatically across networks
• Ransomware – locks your data and demands payment
• Spyware – secretly monitors your activity
• Trojans – disguise themselves as legitimate programs

2. Phishing Attacks

Phishing tricks people into revealing sensitive information like passwords or bank details.

Examples:

• Fake emails pretending to be from banks
• Messages with malicious links
• Fake login pages

3. Man-in-the-Middle (MitM) Attacks

In these attacks, a hacker secretly intercepts communication between two parties.

Example:

• Using public Wi-Fi to steal login details while you browse

4. Denial-of-Service (DoS) Attacks

These attacks overload a system or website so it crashes or becomes unavailable.

• DoS – from a single source
• DDoS (Distributed DoS) – from many systems at once

5. Password Attacks

Attackers try to gain access by cracking passwords.

Methods include:

• Brute force (trying many combinations)
• Dictionary attacks (common passwords)
• Credential stuffing (using leaked passwords)

6. Social Engineering

Instead of hacking systems, attackers manipulate people.

Examples:

• Pretending to be IT support
• Asking for OTPs or passwords
• Creating fake urgency to trick victims

7. Insider Threats

Threats that come from inside an organization.

• Disgruntled employees
• Careless staff exposing data
• Misuse of access privileges

8. Advanced Persistent Threats (APTs)

These are long-term, targeted attacks where hackers secretly stay inside a system to steal data over time.

9. Zero-Day Exploits

Attacks that target unknown vulnerabilities—before developers can fix them.

10. Supply Chain Attacks

Hackers attack a trusted third-party service to indirectly access their target.

At its core, cybersecurity is about keeping three things safe (often called the CIA triad):

• Confidentiality – making sure sensitive information is only accessed by the right people
• Integrity – ensuring data isn’t altered or tampered with
• Availability – making sure systems and data are accessible when needed

What does cybersecurity protect against?

Cybersecurity defends against threats like:

• Hacking (unauthorized access to systems)
• Malware (malicious software like viruses, ransomware)
• Phishing (tricking people into revealing sensitive info)
• Data breaches (leaking or stealing confidential data)

Where is cybersecurity used?

It’s used everywhere digital systems exist:

• Personal devices (phones, laptops)
• Businesses and banks
• Government systems
• Online services (email, social media, cloud storage)