logo
episode-header-image
Sep 2023
33m 17s

Encrypted Client Hello - The Pros & Cons

Hussein Nasser
About this episode


The Encrypted Client Hello or ECH is a new RFC that encrypts the TLS client hello to hide sensitive information like the SNI. In this video I go through pros and cons of this new rfc. 0:00 Intro 2:00 SNI 4:00 Client Hello 8:40 Encrypted Client Hello 11:30 Inner Client Hello Encryption 18:00 Client-Facing Outer SNI 21:20 Decrypting Inner Client Hello 23:30 Disadvantages 26:00 Censorship vs Privacy ECH https://blog.cloudflare.com/announcing-encrypted-client-hello/ https://chromestatus.com/feature/6196703843581952

Up next
Jan 19
5 Backend Design Patterns for Managing Threads and Sockets
In this video I introduce 5 different design patterns for building backend applications. Each mode explains how a socket listener is established, a connections are established and how threads and connections are managed to read, write and process requests. 
46m 9s
Dec 15
Page Tables
Page tables provide the mapping between virtual memory and physical memory for each process. This means it needs to be as efficient and as fast as possible. I explore the inner workings of page tables in this episode.0:00 Intro2:00 Virtual Memory ⁃ ⁃ 8:00 MMU10:00 Page Tables ⁃ ⁃ ... Show More
46m 39s
Nov 2025
CPU and Kernel Page Faults
<p>Page faults occurs when the process tries to access a memory that isn’t backed by a physical page kernel raises a fault which loads a page. It happens on first access, stack expansion, COW, swap and much more. However it comes with a cost. </p><p><br /></p><p>In this episode o ... Show More
48m 37s
Recommended Episodes
Jun 2022
How to keep a secret (Ship It! #58)
Rob Barnes (a.k.a. Devops Rob) and Rosemary Wang (author of Infrastructure as Code - Patterns & Practices) are joining us today to talk about infrastructure secrets. What do Rosemary and Rob think about committing encrypted secrets into a repository? How do they suggest that w ... Show More
1h 13m
Feb 2024
Episode 58: Youssef Sammouda - Client-Side & ATO War Stories
Episode 58: In this episode of Critical Thinking - Bug Bounty Podcast we finally sit down with Youssef Samouda and grill him on his various techniques for finding and exploiting client-side bugs and postMessage vulnerabilities. He shares some crazy stories about race conditions, ... Show More
1h 54m
Mar 2024
LLM Security and Privacy
<p>Sean Falconer (@seanfalconer, Head of Dev Relations @SkyflowAPI, Host @software_daily) talks about security and privacy of LLMs and how to prevent PII (personally identifiable information) from leaking out</p><p><b>SHOW: 807<br/><br/>CLOUD NEWS OF THE WEEK - </b><a href='http: ... Show More
26m 9s
Aug 2023
522: Practical Privacy
Why Linux reigns for privacy; our recommendations for secure tools from chat to DNS. 
1h 17m
Nov 2023
Episode 43: Caido - The Up-And-Coming HTTP Proxy
Episode 43: In this episode of Critical Thinking - Bug Bounty Podcast, we're joined by Emile from Caido, who shares his journey into the bug bounty and ethical hacking world. We kick off with a hilarious incident involving Joel, a child on an airplane, and an unfortunate cough. W ... Show More
1 h
Nov 2023
Episode 44: URL Parsing & Auth Bypass Magic
Episode 44: In this episode of Critical Thinking - Bug Bounty Podcast, the topic is URL structure, and Justin and Joel break down the elements that make up a URL and some common tips and tricks surrounding them which allow for all sorts of bypasses. We also round out the episode ... Show More
1h 11m
Oct 2023
Clio Cloud 2023: Best Practices for Running Client-Centered Law Firms
Clients feel better about your law firm when they feel their needs are met and their concerns are heard. What can you do to make sure this happens in your firm? From ClioCon, host Christopher Anderson talks to Pegeen Turner about her session on client-centered practices for your ... Show More
17m 53s
Mar 2024
Episode 64: .NET Remoting, CDN Attack Surface, and Recon vs Main App
Episode 64: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Justin and Joel delve into .NET remoting and how it can be exploited, a recent bypass in the Dom Purify library and some interesting functionality in the Cloudflare CDN-CGI endpoint. They also tou ... Show More
1h 8m
Listen to millions of songs and podcasts on Anghami