Print Page - A guide to non-conventional WAF/IDS evasion techniques

Title: A guide to non-conventional WAF/IDS evasion techniques
Post by: Admin on January 22, 2022, 04:48:30 pm

Initiating connection via direct IP access
Switching up protocols
Manipulation of HTTP headers
Manipulation of parameter names
CR/LF, Null terminators, and other control chars
HTTP Parameter Pollution
HTTP Verb Tampering
HTTP Request Smuggling
Defeating Virtual Patching
Session Splicing
Denial-of-Service and Resource Exhaustion

Explanation in the article:
https://blog.0xffff.info/2021/07/24/a-guide-to-non-conventional-waf-ids-evasion-techniques/ (https://blog.0xffff.info/2021/07/24/a-guide-to-non-conventional-waf-ids-evasion-techniques/)

Title: Re: A guide to non-conventional WAF/IDS evasion techniques
Post by: Admin on January 22, 2022, 04:48:43 pm

Backups
https://web.archive.org/web/20210731223520/https://blog.0xffff.info/2021/07/24/a-guide-to-non-conventional-waf-ids-evasion-techniques/ (https://web.archive.org/web/20210731223520/https://blog.0xffff.info/2021/07/24/a-guide-to-non-conventional-waf-ids-evasion-techniques/)
https://archive.st/archive/2021/7/blog.0xffff.info/ojzg/blog.0xffff.info/2021/07/24/a-guide-to-non-conventional-waf-ids-evasion-techniques/index.html (https://archive.st/archive/2021/7/blog.0xffff.info/ojzg/blog.0xffff.info/2021/07/24/a-guide-to-non-conventional-waf-ids-evasion-techniques/index.html)
https://archive.is/DhbIn (https://archive.is/DhbIn)

RIP Webby

Computer Discussion => Computer & Network Security => Topic started by: Admin on January 22, 2022, 04:48:30 pm