I’m completing the “Advanced Command Obfuscation” where several advanced obuscation techniques are shown.
In particular, the most of these techniques is based on the usage of subshell
$() and it is also reported on the text that is less likely to be blocked by WAF or filters.
My question is: on WAF-side or backend-side, an easy solution to defend me from these injections, could not be simply the usage of filters on
) characters to avoid these advanced techniques?
Thank you in advance!