Skip to main content
Topic: A guide to non-conventional WAF/IDS evasion techniques (Read 109 times) previous topic - next topic

A guide to non-conventional WAF/IDS evasion techniques

Initiating connection via direct IP access
Switching up protocols
Manipulation of HTTP headers
Manipulation of parameter names
CR/LF, Null terminators, and other control chars
HTTP Parameter Pollution
HTTP Verb Tampering
HTTP Request Smuggling
Defeating Virtual Patching
Session Splicing
Denial-of-Service and Resource Exhaustion

Explanation in the article:
https://blog.0xffff.info/2021/07/24/a-guide-to-non-conventional-waf-ids-evasion-techniques/