Payload Delivery Networks - Abusing CDNs to bypass WAF and DDoS protections
2024-09-27 , Main Track

Want to bypass WAF or DDoS protections provided by CDNs such as Cloudflare, AWS and Azure? Don't want to have to change your payload to outsmart the WAF?

What if we can get direct access to the web server bypassing these protections completely?

In this talk, we will cover how to bypass WAF and DDoS protections by attacking the origin web server directly. We will look at the different ways web servers can be configured to prevent this kind of direct access and some of the surprising ways they can be bypassed too - including by using the CDN to bypass the CDN.

We will also discuss more secure configurations and various fixes defenders can implement to prevent these bypasses.

Taylor currently works as a Red Teamer helping organisations defend themselves against attackers. He has previous experience working in a variety of cyber roles.