I was in an interview this morning. And all we discussed was around HSTS and SSL. I must say all Cyber Security folks should be aware of your channel. If I had watched this video earlier, I would rock the interview. Great videos mate!! Keep up the good work!! You are making the world better place.
Fantastic video. As a professional software engineer, I appreciate having these concise videos on security to reference when I forget about concepts (particularly in security). Seeing as you're a software engineer as well, I would appreciate more videos on cybersecurity from a software engineering perspective e.g. How to properly secure Docker containers, tips on securing my Nginx server that's facing the public Internet, etc.
really good explanation. After going through the video, i was able to identify how HSTS works for the first time and how MITM attack works which i wasn't able to understand after looking at other people's video
Your videos are very addicted :) Imo 80% tech videos on YT are garbage, another 15 are good and the last 5% are outstanding. Your videos are definitely in these 5% Keep up the good work sir!
Brilliiant Hussein !. Keep up the good work. As told by @binaryblog your videos are very addictive coz they explain in detail with no doubts hence making them very catchy.
Let's say you create a new website and a client connects to that website for the first time does it mean for the first connection the client will make a http request first then switch to https , and after the website has been added to the hsts list will all the types of web browsers for every client across the world have that updated list or will it just affect only the client that connected to that website?
I agree! That should be the default. HTTPS first, HTTP second! On Firefox, we can enable the HTTPS-Only Mode, which will show an alert before accessing anything through HTTP. Pretty neat!
ssl striping is not what u said realy , it's when the client send a request as https but the attacker is in the middel and downgrade it saying that the server only use http , in the case that u mentioned the user in the begining send http which is simple for the attacker no need for striping he will respond instead of the server with an http resp. but thanks for the explanation
when i type my banks official address with https, it goes first to http and shows insecure connection then redirects to https. I find that very disturbing and strange. why does that happen? is it because they registered their dns with http first? im using google dns
well its hard to sniff to someone now! unless you have the power to connect to the main network switch! or create your own evil twin! the attack vector is hard!
I was in an interview this morning. And all we discussed was around HSTS and SSL. I must say all Cyber Security folks should be aware of your channel. If I had watched this video earlier, I would rock the interview. Great videos mate!!
Keep up the good work!!
You are making the world better place.
Did you get the job :)?
Fantastic video. As a professional software engineer, I appreciate having these concise videos on security to reference when I forget about concepts (particularly in security).
Seeing as you're a software engineer as well, I would appreciate more videos on cybersecurity from a software engineering perspective e.g. How to properly secure Docker containers, tips on securing my Nginx server that's facing the public Internet, etc.
yes please we need these videos!!
Guy must be really fun to interact with. Great explainer!
SSL stripping was a great example to start with, which explains why do we need HSTS in the first place. Awesome video, Thank you!
really good explanation. After going through the video, i was able to identify how HSTS works for the first time and how MITM attack works which i wasn't able to understand after looking at other people's video
Harsh Gupta thanks ! Happy the content could help. Have a great day 😊
sir I found your channel today, I have exam tomorrow and you helped me..you are talented in explaining thank you so much! +1sub
Your videos are very addicted :) Imo 80% tech videos on YT are garbage, another 15 are good and the last 5% are outstanding. Your videos are definitely in these 5% Keep up the good work sir!
binaryblog thank you BinaryBlog!! Comment made my morning. So happy I can provide value 😊
Great videos. Looking forward for some videos on "VPN" security related issues and mitigations around it.
I just checked this channel content after seeing this video. This channel is super amazing 💥💥.
🥳🥳🥳
Brilliiant Hussein !. Keep up the good work. As told by @binaryblog your videos are very addictive coz they explain in detail with no doubts hence making them very catchy.
Zaheer Khan thank you Zaheer! Can you share rhe binary blog link?
@@hnasr its just below my comment
Neat and clear! Really informative, thank you sir!
🙏🙏
Great video! quick question, regarding HTTPS interception attacks, what would be the best solution, HSTS or Certificate Pinning. -thanks
I would choose certificate pinning Hessam. HSTS has still small window of attack.
Keep up the good work Husain. I am learning a lot from your videos. Cheers!
Great video with clear explanation 10/10. thank you for making this!
You keep the interest in IT alive 👍👍
Love your enthusiasm. Thanks
This is a really cool video. I always heard this term bounce around in office, now I know what it meansssss
Let's say you create a new website and a client connects to that website for the first time does it mean for the first connection the client will make a http request first then switch to https , and after the website has been added to the hsts list will all the types of web browsers for every client across the world have that updated list or will it just affect only the client that connected to that website?
Slim Shady's Starbucks took a hit after this video
I don't understand why the user-agent/browser does not always just try connect to https regardles, to see if it exists first.
I agree! That should be the default. HTTPS first, HTTP second! On Firefox, we can enable the HTTPS-Only Mode, which will show an alert before accessing anything through HTTP. Pretty neat!
ssl striping is not what u said realy , it's when the client send a request as https but the attacker is in the middel and downgrade it saying that the server only use http , in the case that u mentioned the user in the begining send http which is simple for the attacker no need for striping he will respond instead of the server with an http resp. but thanks for the explanation
good explaining
Thank you!
You're welcome!
love this content. Very authentic and informative.
J Lai thanks J Lai 😊 appreciate your comment
when i type my banks official address with https, it goes first to http and shows insecure connection then redirects to https. I find that very disturbing and strange. why does that happen? is it because they registered their dns with http first? im using google dns
Hi Hussein, what happens if you call an HTTP site, even the site is on the HSTS list? What's the answer?
The browser will force HTTPS I believe, will need to check.
NICE
Hey, how do i get that kind of a mouse cursor with the trail like that? please reply =)
Hello! oh thats just the google slides cursor not mac or windows. Open Google Slides, create a slide , go to presentation mode and turn on "pointer"
well its hard to sniff to someone now! unless you have the power to connect to the main network switch! or create your own evil twin! the attack vector is hard!
Correct, its very hard to perform MITM if the attacker is not in the line of sight.
@@hnasr hi hussein, subscribing to your channel, more TUTS to come.. stay safe
subbed
man make some schema please, is the purpose videos