The tweet announces an upcoming presentation by @BRuteLogic at the BugBounty Village, titled "The brute art of bypass." This talk will cover ...September 23, 2025
This tweet promotes the eWPTX certification, which is an advanced web application penetration testing certification. The certification is 100% hands-o ...September 23, 2025
This tweet promotes the eWPTX certification, which is an advanced web application penetration testing certification. The certification is 100% hands-o ...September 23, 2025
The tweet promotes eWPTX, an advanced web application penetration testing certification. It mentions that the 100% hands-on exam covers topics such as ...September 23, 2025
The tweet reflects a common misconception about Web Application Firewall (WAF) bypasses. It highlights that many claimed bypasses are actually not byp ...September 23, 2025
This bypass technique targets WAFs provided by CDN services such as Akamai and Cloudflare. When a website uses a CDN, the traffic passes through the C ...September 23, 2025
This bypass technique targets Cross-Site Scripting (XSS) vulnerabilities and involves the use of multi-character HTML entities. These entities are spe ...September 22, 2025
This tweet discusses a technique to bypass a Web Application Firewall (WAF) by accepting any parameters. The idea is to bypass the WAF's regex ru ...September 21, 2025
The tweet by @xchopath is asking if there is any resource to learn how to bypass the regex rules of a WAF or if the source code is available. However, ...September 21, 2025
This tweet highlights a fascinating case where a security researcher successfully bypassed LG's Web Application Firewall (WAF) using advanced tec ...September 21, 2025
A security researcher named Sarthak discovered a significant Web Application Firewall (WAF) bypass bug that affects multiple major WAF vendors, includ ...September 20, 2025
This tweet is from a user who has discovered two endpoints that are vulnerable to reflected Cross-Site Scripting (XSS) attacks but is struggling to by ...September 20, 2025
This tweet asks about skipping burnout 101, and refers to a strict WAF that can't be bypassed. Burnout here likely metaphorically refers to overc ...September 18, 2025
This tweet describes a scenario where an attacker discovered a vulnerability in the web application firewall (WAF) protecting an Australian Government ...September 17, 2025
A recent report published by @ethiack reveals a new vulnerability affecting nine different Web Application Firewall (WAF) platforms. This vulnerabilit ...September 16, 2025
This tweet describes a technique to bypass Web Application Firewalls (WAFs) that are designed to detect and block reflected Cross-Site Scripting (XSS) ...September 16, 2025
The tweet mentions an interesting Web Application Firewall (WAF) bypass discovered by @malekmesdour. However, the tweet does not include any specific ...September 16, 2025
This tweet highlights a security issue where bypassing a Web Application Firewall (WAF) combined with a Cross-Site Scripting (XSS) vulnerability and a ...September 16, 2025
This tweet hints at a recent WAF bypass incident, indicating that attackers are continuously improving their bypass techniques. Unfortunately, the twe ...September 16, 2025
This blog post describes a manual method to bypass a Web Application Firewall (WAF) to exploit a Boolean-based blind SQL injection vulnerability. The ...September 15, 2025
This tweet highlights an XSS (Cross-Site Scripting) bypass technique related to the MOD UK Police WAF (Web Application Firewall). It points to a blog ...September 15, 2025
This tweet talks about the discovery of a Reflected Cross-Site Scripting (XSS) vulnerability on the MOD UK Police website that manages to bypass their ...September 14, 2025
This tweet talks about a writeup related to the machine called Spiderroot. The writeup shows techniques to bypass WAF (Web Application Firewall). The ...September 14, 2025
This tweet describes the discovery of a reflected Cross-Site Scripting (XSS) vulnerability on the MOD UK Police website. The tweet mentions that the v ...September 14, 2025
This tweet talks about a new type of WAF (Web Application Firewall) bypass technique that uses machine learning, specifically reinforcement learning, ...September 14, 2025
The tweet highlights an important security lesson related to Web Application Firewalls (WAFs). It points out that encountering a 403 Forbidden respons ...September 12, 2025
This tweet announces a new Web Application Firewall (WAF) ruleset update designed to enhance security for web applications by proactively blocking cer ...September 11, 2025
The technique involves forcing a downgrade from HTTP/2 to HTTP/1.1 using malformed headers. This exploits parsing gaps in WAFs that protect HTTP/2 end ...September 10, 2025
This tweet discusses two new techniques to bypass the Akamai Web Application Firewall (WAF) specifically for Cross-Site Scripting (XSS) attacks. The t ...September 10, 2025
In today's PickUp by the editor-in-chief (dated 9/9), there is a discussion about bypassing WAFs using parameter pollution to perform JavaScript ...September 10, 2025