The tweet promotes the eWPTX certification which challenges penetration testers to break modern web applications that are secured with WAFs and other defenses. It mentions practice on API-heavy applications with various vulnerabilities including SQL/NoSQL injection, authentication/session flaws, and importantly, WAF bypass. The tweet highlights the real-world, hands-on nature of the lab environment. Although no specific WAF bypass payload is mentioned, the focus is on proving ability to bypass WAFs among other security mechanisms. This suggests the training is designed to expose testers to multiple methods of evading WAF protections, testing their skills against enterprise-level security measures. The post is an invitation to testers interested in advanced web app and API penetration testing with a realistic, challenging setup that includes the complexity of WAF bypass techniques.
For more details, check out the original tweet here: https://twitter.com/INEsecurity/status/1998105298637115703