00:58 background information, layer 7 01:32 security usability-tradeoff, false positive shorturl.at/uzLT6 02:14 designed to prevent a wide variety of attacks, SQLi, XSS, LFI 02:28 focusing on XSS 03:02 reflected XSS ====================================== WAF STRATEGIES ====================================== 03:11 WAF Strategies, very small numbers of common WAFs, Imperva, Cloudfare, F5, akamai shorturl.at/uEWZ2 03:26 at its core, most if not all, filters, malicious payloads, blog.cloudflare.com/details-of-the-cloudflare-outage-on-july-2-2019/ RegEx 04:09 some of the most common filters, blocking function calls, keywords like onload, innerHTML shorturl.at/grIKZ, special characters, array, index, operations 04:31 execution contexts, greatly reduce the number of false positives, also increase the complexity of the WAF 05:20 reflected XSS ====================================== Payload Construction ====================================== 05:31 payload construction, isn't a bypass necessarily, svg onload 06:05 there is two categories, string construction 06:37 string hiding 06:59 perhaps the most basic example of payload construction, JavaScript parameter scripting 07:36 another example is DOM parameter splitting 08:17 `dataset` parameter splitting 08:38 `innerText` Parameter Splitting 08:56 `window.name` Payload Storage, ====================================== Payload Execution ====================================== 09:24 after construction or hiding the payload, browser API 09:38 alert 09:51 session exfiltration 10:13 the easiest way to achieve code execution is simply to assign innerHTML 10:34 the easiest to exfiltrate data 11:29 location setting++ 12:33 brief demo 17:31 images `src`, `srcset`, lowsrc 18:34 brief demo this exploit 21:40 Right to left execution, nested elements 22:40 reflected, svg ====================================== Key Takeaways ====================================== 24:41 WAF can't never been perfect, easily harm use experience by blocking non malicious payload

16, and 17! You guys are amazing and are doing amazing things with your lives!

Great presentation you guys. Very impressive

Please how can one bypass WAFs using SQLMAP in Kali linux

Thank you guys!

🙏 🙏 😊 great presentation guys!

Amazing!!! My respect

This is hilarious. I'm admin of Akamai WAF, has anyone tested presented techniques against it?

farhan was here

slides: m.gnk.io/dlhNkRtxoKE8SWT1.pdf

This is incredible

🤯

I am Ali and i am 03 years old hacker 😑😑