ATT&CK techniques detected
4 predictions
T1059.007 JavaScript
“[ ] + [ ] ) [! + [ ] +! + [ ] ] + (!! [ ] + [ ] ) [! + [ ] +! + [ ] +! + [ ] ] + (!! [ ] + [ ] ) [ +! + [ ] ] + (!! [ ] + [ ] ) [ + [ ] ] + ( [ ] [ (! [ ] + [ ] ) [ +! + [ ] ] + (!! [ ] + [ ] ) [ + [ ] ] ] + [ ] ) [ +! + [ ] + [ +! + [ ] ] ] + [ +! + [ ] ] + ( [ ] + [ ] + [ ] [ (…”
Mark wrong
Looks right
Undo / change
Retry
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
×
No matches for
Loading techniques…
Submit correction
Saving…
Cancel
T1059.007 JavaScript
“same philosophy but uses a dollar sign and underscore based reduced charset built around a reference variable. these changes allow for shorter payloads. # jsfuck - > eval ( alert ( 1 ) ) [ ] [ (! [ ] + [ ] ) [ +! + [ ] ] + (!! [ ] + [ ] ) [ + [ ] ] ] [ ( [ ] [ (! [ ] + [ ] ) [ +!…”
Mark wrong
Looks right
Undo / change
Retry
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
×
No matches for
Loading techniques…
Submit correction
Saving…
Cancel
T1059.007 JavaScript
“\ x2f \ 145 \ 164 \ 143 \ x2f \ 160 \ 141 \ 163 \ 163 \ 167 \ 144 ' - > cat / etc / passwd ( unix context ) * * hex encoding * * \ x61 \ x6c \ x65 \ x72 \ x74 \ x28 \ x31 \ x29 - > alert ( 1 ) cat $ ' \ x2f \ x65 \ x74 \ x63 \ x2f \ x70 \ x61 \ x73 \ x73 \ x77 \ x64 ' - > cat / e…”
Mark wrong
Looks right
Undo / change
Retry
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
×
No matches for
Loading techniques…
Submit correction
Saving…
Cancel
T1027.010 Command Obfuscation
“$ _ $ _ + (! [ ] + " " ) [ $. _ $ _ ] + $. $ $ $ _ + " \ \ " + $. _ _ $ + $. $ $ _ + $. _ $ _ + $. _ _ + " ( \ \ \ " " + $. _ _ $ + " \ \ \ " \ \ " + $. $ _ _ + $. _ _ _ + " ) " + " \ " " ) ( ) ) ( ) ; this type of encoding is easily identifiable by its length but also by entropy…”
Mark wrong
Looks right
Undo / change
Retry
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
×
No matches for
Loading techniques…
Submit correction
Saving…
Cancel
Summary
Deep dive into Web Application Firewall (WAF) bypasses, from misconfiguration exploitation to crafting obfuscated payloads. We show the impact of the parsing discrepancy between how a WAF reads a request and how a backend executes it. It is not a bug, it is a feature.