Many web application firewalls (WAFs) can be bypassed by simply sending large amounts of extra data in the request body along with your payload. Most WAFs will only process requests up to a certain size limit. How the WAF is configured to handle these large requests determines exploitability, but some common WAFs will allow it by default.

The post Bypassing WAFs Using Oversized Requests appeared first on Black Hills Information Security, Inc..

Beau Bullock // If you have been even remotely in touch with technology in the past thirty years you have probably heard of this thing called a “firewall”. If not, […]

The post Poking Holes in the Firewall: Egress Testing With AllPorts.Exposed appeared first on Black Hills Information Security, Inc..

John Strand // AV is Dead Long Live Whitelisting. We have been discovering more and more of our tests bypass AV controls with ease.  We have yet to see any iteration or […]

The post The New Security Fundamentals – Kill Your AV appeared first on Black Hills Information Security, Inc..