SECTHEMALL Blog



theMiddle
Mar 1, 2018 - 7 min read

Unconventional PHP SSRF Techniques
How to bypass filter_var(), preg_match() and parse_url()

300   2.3K

Read on medium.com
theMiddle
Dec 27, 2017 - 9 min read

Web Application Firewall (WAF) Evasion Techniques #2
String concatenation in a Remote Command Execution payload makes you able to bypass firewall rules (Sucuri, ModSecurity)

400   7.3K

Read on medium.com

theMiddle
Dec 27, 2017 - 9 min read

Detecting human users: Is there a way to block enumeration, fuzz or web scan?
No, you won't be able to totally block them, but you would be surprised how stupid some bots are! Nginx + Lua FTW.

76   424

Read on medium.com

theMiddle
Dec 8, 2017 - 9 min read

Web Application Firewall (WAF) Evasion Techniques
I can read your passwd file with: "/???/??t /???/??ss??" Having fun with Sucuri WAF, ModSecurity, Paranoia Level and more...

1.1K   22k

Read on medium.com