The tweet suggests that there are multiple bypass techniques for WAFs, specifically mentioning SQL injection payloads like /**/. It also highlights the difficulty in creating specific rules for SIEM and conducting DFIR when dealing with SQL logs containing filter bypass payloads. A tool is mentioned to parse the SQL logs and remove all filter bypasses efficiently. This bypass technique can be concerning for organizations using WAFs to protect against SQL injection attacks. A blogpost should explain the impact on security and provide technical details on how to mitigate such bypasses.
For more insights, check out the original tweet here: https://twitter.com/kira_321k/status/1864370864969433356. And don’t forget to follow @kira_321k for more exciting updates in the world of cybersecurity.