diff --git a/README.md b/README.md
index 88f9073..2fc1a8b 100644
--- a/README.md
+++ b/README.md
@@ -1414,10 +1414,10 @@ Wanna detect WAFs? Lets see how.
-# Evasion Techniques
+## Evasion Techniques
Lets look at some methods of bypassing and evading WAFs.
-## Fuzzing/Bruteforcing:
+### Fuzzing/Bruteforcing:
#### Method:
Running a set of payloads against the URL/endpoint. Some nice fuzzing wordlists:
- Wordlists specifically for fuzzing - [Seclists Fuzzing](https://github.com/danielmiessler/SecLists/tree/master/Fuzzing).
@@ -1435,15 +1435,17 @@ __Drawback:__
- This method often fails.
- Many a times your IP will be blocked (temporarily/permanently).
-## Regex-Reversing:
-### Method:
+### Regex-Reversing:
+#### Method:
- Most efficient method of bypassing WAFs.
- Some WAFs rely upon matching the attack payloads with the signatures in their databases.
- Payload matches the reg-ex the WAF triggers alarm.
#### Techniques:
-__Scenario 1: SQL Injection__
+### __Keyword Filter Detection/Bypass__
+
+__SQL Injection__
##### • Step 1:
__Keyword filer__: `and`, `or`, `union`
@@ -1550,28 +1552,91 @@ script/src="data:text%2Fj\u0061v\u0061script,\u0061lert(1)">
```
-## Google Dorks Approach:
-__Method:__
+### Browser Bugs:
+#### Charset Bugs:
+- We can try changing charset header to higher Unicode (eg. UTF-32) and test payloads.
+- When the site decodes the string, the payload gets triggered.
+
+Example request:
+
+ GET /page.php?param=∀㸀㰀script㸀alert(1)㰀/script㸀 HTTP/1.1
+ Host: site.com
+ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Firefox/32.0
+ Accept-Charset:utf-32, iso-8859-1;q=0.5
+ Accept-Language: en-US,en;q=0.5
+ Accept-Encoding: gzip, deflate
+
+When the site loads, it will be encoded to the UTF-32 encoding that we set, and
+then as the output encoding of the page is utf-8, it will be rendered as: `": aa
+Keep-Alive: 300
+```
- R-XSS Bypass by [@WAFNinja](https://waf.ninja)
```