The tweet describes an experience during bug hunting where the tester attempted an XXE (XML External Entity) attack but found that the developers do not favor JSON input. The tester mentions a WAF (Web Application Firewall) bypass attempt using HTML entity encoding but encountered an error, as shown in the attached picture. The target was a public Bulletin Board System (BBP) and testing was performed on a Mobile Device Management (MDM) system. The key takeaway is the advice to always fuzz content types, HTTP request methods (VERBS), and read comments during security testing. The tweet highlights interesting behaviors observed but no successful bug was found. This insight can help security researchers consider different input methods and encoding strategies to test WAF defenses more effectively.