W-WAF-BYPASSDefense Evasion

WAF Bypass

Encoding (URL, double-URL, unicode), case randomisation, comment insertion, parameter pollution, chunked transfer, HTTP/2 fragments.

§ Where this technique fits

W-WAF-BYPASS is catalogued under the Defense Evasion tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 3 on average.

§ Dossiers chaining this technique

Header smuggling → gateway sees vendor, mailbox sees attacker
Crafted RFC-edge headers cause SPF/DMARC to validate against one From while Outlook renders the other — slips past Microsoft Defender / Proofpoint and lands as a 'verified' message.
step 3 / 6

§ What commonly comes next

01
Phishing
T1566 · Initial Access
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

Header smuggling → gateway sees vendor, mailbox sees attacker

§ What commonly comes next