In the past few years I have done several web application firewall assessments and have been very successful in bypassing them. So, thought to share some of the things that I learnt. Let me just clarify what this post is NOT about: This post is not about, how to detect web application firewall (WAFs) on …
While researching on data exfiltration techniques and covert channels, I thought of making one of my own, dubbed ChorTCP. Though protocol over protocol tunneling is a well known concept but I really wanted to actually try to hypothesize one aspect and then implement it, just for fun. The abstract below is taken from the white …
Hello again ! Disclaimer: All the material shown on this blog is for educational purposes ! We would not be held responsible for any illegal use of the material by any one ! Usually what happens is that people want to visit a website , which is legit , but some how it is listed …
Hey every body !! Its been along time i posted on my blog ! I recently had an interview with some security managers of a Multi National Company ! We discussed about alot of Network Security Issues ! Although my mind was kinda rusted because i have lately been working on Web Application vulnerabilities and …
Web Application security is very important nowadays ! especially due to ecommerce. Hence Web Application firewalls came into being ! which automatically filter out the malicious query string. And many high end technology giants have them installed ! But what IF ???!!! Some one bypasses the WAF (Web Application Firewalls) , and because of the …
First off let me explain what tunneling really is ? Well to make it simple i wont go into technical details but would say that for example you take a LAYS chips packet and put some thing in side it , that you are usually not allowed to send and you seal it back and …
How tunneling softwares compromise internal security Read More »
