#NahamCon2024
Вставка
- Опубліковано 26 вер 2024
- Modern WAF Bypass Techniques on Large Attack Surfaces 👇
Shubham Shah is a security researcher and entrepreneur, known for co-founding Assetnote - a leading attack surface management platform. He's ranked as the #1 bug bounty hunter in Australia for three consecutive years and #27 in the world on HackerOne. Shubham specializes in discovering complex vulnerabilities in enterprise software and engineering security automation.
nowafpls:
github.com/ass...
JOIN DISCORD:
discord.gg/NahamSec
💬 Social Media
- / nahamsec
- / nahamsec
- twitch.com/nah...
- / nahamsec1
Shubs is like, "Have you ever heard of the internet? Yeah, I own it."
Wow! This was amazing! Thank you, sir. Greatly appreciated.
Thanks, Shubs for showing some cool techniques for WAF bypasses. I guess the community had long waited for this! Even though some WAF bypasses were not new, but many people knew this for sure.
Great presentation and really appreciated the fun and engaging delivery. Big thanks again for putting on NahamCon2024 ❤❤
ANYTIME I see Shubs in the thumbnail, I'm clicking on it! Thanx for the tips!! 💪
Great talk thanks for NAHAMCON Ben :)
Great talk, glad to see it here too
Thank you Shah , Good topic
Wow keep it up , present 😊
Can these tools be ran from a laptop this is the first video I've seen on them thanks again Ben you still da man Bro :)
Brilliant!!!
Caido made way into these videos lmao , i can see some crime websites as flare too
Super infromative
Thanks
Nice tips
Nice!!
Nice talk
wow
Shadow clone is like axiom finally
Amazing Doc.
I certainly doubt nowafpls working, but happy to be wrong.
And i highly doubt you know anything about web hacking and who is this guy lmao
@@trustedsecurity6039 This is not PCI compliance relax. Just try the tool and then tell. Oh wait! but you wont get blocked because pretty sure your attacks are not that powerful. LMAO
@@parthshukla1216 just talking about PCI compliance when it comes to bypass/hacking show your dont have the basics of web pentesting LMAO I do web pentest everyday... And this guy do it since you wasnt even born... And to finish it is a bypass he use since years and we use it for years ;) it is like when EDR didnt scan large files too... Not PCI compliance LMAO
Will/Have the slides been released?
With the shared certificates trick(cross-tenant attacks). You will have to know the origin IP of the target right?
Ok. This only applies to cloud WAF.
Use of shared certificates is why I disliked akamai, they do not support bring your own certs....terrible!