A Pentesters Guide - Part 5 (Unmasking WAFs and Finding the Source)
In this article I am going to detail a non-exhaustive overview of bypassing WAFs by
Whenever we're on an engagement, I find myself googling for that one command that I never memorize, whether it's the SUID bit find command, the NodeJS reverse shell, the github to that one tool that I always seem to lose track of, we're going to be posting it here.
We're going to be making several cheatsheets and reference articles so that you can bookmark this page and hopefully have a centralised reference so you're never searching Stackoverflow again looking for that one thing you looked up 3 years ago on an engagement.
General References:
- Privilege Escalation Reference (All Operating Systems)
- Reverse Shell Reference
Enumeration References:
- OSINT
- Passive Reconnaissance
- Active Reconnaissance
- Exploitation
- Post-Exploitation
Most of these are not yet published, but will be published in the coming weeks.