WAF.NINJA
  • WAF.ninja
  • Reviews
  • Tools
  • WAF
Mikhail Golovanov

Mikhail Golovanov

https://waf.ninja
Twitter 11 posts
JA3 on guard against bots
ja3

JA3 on guard against bots

A while ago I was researching JA3 hashes and how it may help with bot mitigation. The first problem I met - even if many
By Mikhail Golovanov 30 May 2022
Sandbox for HoneyPot
honeypot

Sandbox for HoneyPot

I monitor bots activity for a while and often see such behavior: * [SUCCESS] Robot comes to the page * [SUCCESS ..?] Robot exploits known vulnerability * [FAIL :(] Robot
By Mikhail Golovanov 1 Nov 2018
ModSecurity rules verification
waf

ModSecurity rules verification

ModSecurity [https://www.modsecurity.org/] is open-source WAF. It protects web applications with libinjection and regular expressions. The first one detects SQL-injections by tokenizing parameters
By Mikhail Golovanov 15 Oct 2018
How to turn any website into Wordpress/Drupal honeypot
tools

How to turn any website into Wordpress/Drupal honeypot

When new exploit to popular CMS's vulnerability appears, same day someone will send it all around the web, trying to compromise vulnerable systems. It is
By Mikhail Golovanov 28 May 2018
Part 2. libinjection: different databases fuzzing
libinjection

Part 2. libinjection: different databases fuzzing

It is sequel of previous article [https://waf.ninja/libinjection-fuzz-to-bypass/], where I was fuzzing MariaDB 10.2.5, trying to bypass libinjection library. This time
By Mikhail Golovanov 9 Oct 2017
libinjection: fuzz to bypass
libinjection

libinjection: fuzz to bypass

libinjection is a library that parses parameter value to SQL elements (tokens) and check if tokens combination (fingerprint) is familiar to SQL-injection attack. This library
By Mikhail Golovanov 24 Sep 2017
Showcase: Struts2 vulnerability evolution
rce

Showcase: Struts2 vulnerability evolution

Apache Struts 2 [https://en.wikipedia.org/wiki/Apache_Struts_2] is used as framework for Java EE applications development. During time there were found
By Mikhail Golovanov 22 Sep 2017
Showcase: DOM-based XSS
xss

Showcase: DOM-based XSS

Cross-Site Scripting (XSS) vulnerabilities are divided into three types: * Reflected: when payload is injected from user-provided payloads, e.g. user clicks on malicious link * Stored:
By Mikhail Golovanov 18 Sep 2017
Review: wtt OWASP CRS 3.0 bypass
waf

Review: wtt OWASP CRS 3.0 bypass

A while ago I had to make comparison of different Web Application Firewalls based on their security level protection. And as result made WAF Testing
By Mikhail Golovanov 17 Sep 2017
Review: WAFNinja
waf

Review: WAFNinja

WAFNinja was presented by Khalil Bijjou at OWASP Stammtisch Frankfurt 2015 and PHDays 2016. This tool is cli python script which allows to fuzz parameters
By Mikhail Golovanov 16 Sep 2017
Review: WAF Testing Framework
waf

Review: WAF Testing Framework

WAF Testing Framework is developed by Imperva employees (Yaniv Azaria, Amichai Shulman) and was presented at OWASP AppSec USA in 2012. To work properly it
By Mikhail Golovanov 16 Sep 2017

Featured Posts

JA3 on guard against bots

JA3 on guard against bots

30 May 2022
Sandbox for HoneyPot

Sandbox for HoneyPot

1 November 2018
ModSecurity rules verification

ModSecurity rules verification

15 October 2018
How to turn any website into Wordpress/Drupal honeypot

How to turn any website into Wordpress/Drupal honeypot

28 May 2018

Tag Cloud

tools (7) waf (6) review (4) honeypot (3) demo (2) attack (2) libinjection (2) sqli (2) xss (1) rce (1) bypass (1) ja3 (1)
© WAF.NINJA, 2023
WAF.NINJA

  • WAF.ninja
  • Reviews
  • Tools
  • WAF

  • YouTube
  • GitHub
  • RSS
Search suggestions