The Star Wars Sequel During Bsides Cape Town this year, I was fortunate enough to be a speaker there and had the opportunity to present the outcomes of my initial research that focused on web application firewalls and the modern state of WAFs. In the talk we took a look at a high level history of the evolution of WAFs as well as the growth of the techniques they use to detect and repel malicious behavior.

Cracking the Shield: WAF Bypass Techniques Unveiled Introduction Web Application Firewalls (WAFs) play a crucial role in safeguarding web applications by filtering and monitoring HTTP traffic between a web application and the internet. They are designed to protect against various web-based attacks, such as SQL injection, cross-site scripting (XSS), and other attacks. However, as with any security measure, WAFs are not infallible. The constant evolution of attack techniques means that even the most robust WAFs can be bypassed under certain conditions.

Exploiting the Complex: The WikiJs CSTI Vulnerability Preface In today’s tech landscape, integrating front-end and back-end technologies often necessitates complex systems. However, these intricate systems can also introduce new and exotic vulnerabilities. In this post, we’ll explore a case where a sophisticated yet complex system in the widely-used Wiki.js framework led to a critical 0-day vulnerability—CVE-2024-34710. Background Wiki.js is a powerful wiki framework built with Vue.js for the front end and Node.