The Foundry

Our Blog

Original security research, vulnerability disclosures, and technical deep-dives from our team of penetration testers.

Windows & Active Directory2025-04-30

Make Deployment Systems Tier 0 Again: Pentesting PDQ Deploy and Inventory

Deep dive into penetration testing PDQ Deploy and Inventory — examining why deployment systems are critical Tier 0 assets that require dedicated security attention.

By Toby JacksonRead article

Windows & Active Directory2025-04-04

Fare Play: See the Movie for Free by Kerberoasting Service Tickets Through an AS-REPRoastable User

Kerberos ticket abuse remains a significant security issue for organizations using Active Directory. Exploring real-world Kerberoasting attack chains through AS-REP roastable accounts.

By Thomas FieberRead article

All Posts49

Windows & Active Directory2025-04-30Toby Jackson

Make Deployment Systems Tier 0 Again: Pentesting PDQ Deploy and Inventory

Windows & Active Directory2025-04-04Thomas Fieber

Fare Play: See the Movie for Free by Kerberoasting Service Tickets Through an AS-REPRoastable User

Exploit Development2025-03-28Josiah Pierce

Browser Exploitation Basics — Explaining the addrof and fakeobj Primitives

Exploit Development2025-03-21Josiah Pierce

Spot the Bug Challenge 2

Exploit Development2025-03-12Josiah Pierce

Spot the Bug Challenge 1

Web & App Security2025-03-03Toby Jackson

BurpSuite's New AI Features: Are they as AI-mazing as they sound!?

Exploit Development2025-01-14Josiah Pierce

A Mere Mortal's Introduction to JIT Vulnerabilities in JavaScript Engines

Career & Company2025-01-06Alex Archondakis

Harnessing Blockchain for Secure and Transparent Elections

Cloud2024-12-17Alex Archondakis

Enumerating Access for AWS Temporary Credentials

Cloud2024-12-11Alex Lauerman

A Practical Guide to Confidential Computing

Web & App Security2024-09-18Ethan Finn

Prompt Injection: Stopping Attacks at the Source

Windows & Active Directory2024-08-19Thomas Fieber

Understanding Active Directory Certificate Services: A Focus on ESC1 and ESC8

Web & App Security2024-07-30Josiah Pierce

A Quick Introduction to postMessage XSS

Exploit Development2024-04-11Josiah Pierce

Firefox Sandbox Vulnerability Research: Introduction and Environment Setup

Career & Company2024-04-04Alex Archondakis

Preparing for a Technical Interview as a Penetration Tester

Web & App Security2024-03-21Alex Archondakis

A Comprehensive Guide To HTTP Security Headers

Career & Company2024-03-14Alex Archondakis

BurpSuite Certified Practitioner Exam Review

Web & App Security2024-03-07Alex Archondakis

Securing Session Cookies

Career & Company2024-02-29Alex Archondakis

Making the most out of your penetration test

Exploit Development2022-03-04Josiah Pierce

Writing an exploit for CVE-2021-4034

Web & App Security2022-02-16Tyler Rosonke

Did default SameSite:Lax put the nail in the coffin for CSRF? Mostly, but not always!

Tooling & Tradecraft2021-03-01Josiah Pierce

Writing Basic Offensive Tooling in Nim

Tooling & Tradecraft2020-10-29Alex Lauerman

A Brief Introduction to Semgrep (Part 1)

Tooling & Tradecraft2020-10-29Josiah Pierce

A Brief Introduction to Semgrep (Part 2)

Career & Company2020-08-05Alex Lauerman

Preparing for an Application Penetration Test

Web & App Security2020-02-14Matt South

Passwords are dead? Long live WebAuthn!

Exploit Development2020-01-22Josiah Pierce

Introduction to Triaging Fuzzer-Generated Crashes

Tooling & Tradecraft2019-10-15Bucky Spires

Scanning At Scale: Burp Suite Enterprise Edition

Tooling & Tradecraft2019-10-01Matt South

The Top 8 Burp Suite Extensions That I Use to Hack Web Sites

Tooling & Tradecraft2019-08-12Josiah Pierce

Using Iodine for DNS Tunneling C2 to Bypass Egress Filtering

Exploit Development2019-07-18Josiah Pierce

Basic ROP Techniques and Tricks

Exploit Development2019-02-18Nick Fox

CVE-2019-7629: RCE in an Open Source MUD Client

Career & Company2019-01-28Alex Lauerman

Customer Survey Results

Web & App Security2018-12-20Tyler Rosonke

Bypassing WAFs with JSON Unicode Escape Sequences

Web & App Security2017-12-08Tyler Rosonke

JWT Hacking 101

Tooling & Tradecraft2017-08-22Matt South

HoneyPi – An easy honeypot for a Raspberry Pi

Windows & Active Directory2016-10-30Matt South

EXE Hijacking in Git Bash for Windows

Windows & Active Directory2016-10-19Matt South

What is DLL Hijacking?

Web & App Security2016-08-23Tyler Rosonke

Referer Redirection and Its Inconspicuous Danger

Web & App Security2016-04-03Alex Lauerman

Cross-Site Request Forgery Cheat Sheet

Tooling & Tradecraft2016-03-31Matt South

Can't Hack a Hacker: Reverse Engineering a Discovered ATM Skimmer

Exploit Development2015-11-18Nick Fox

Shells in Your Serial – Exploiting Java Deserialization on JBoss

Windows & Active Directory2015-09-10Matt South

Practical Guide to exploiting the unquoted service path vulnerability in Windows

Web & App Security2015-04-20Alex Lauerman

Browser URL Encoding Decoding and XSS

Exploit Development2015-04-20Alex Lauerman

Exploiting .NET Padding Oracle Attack MS10-070 (CVE-2010-3332) and Bypassing Microsoft's Workaround

Career & Company2014-11-09Alex Lauerman

TrustFoundry at TriKC 0x01

Career & Company2014-07-20Alex Lauerman

TrustFoundry at BlackHat USA 2014

Career & Company2014-06-17Alex Lauerman

Building a Presentation Recording Setup

Career & Company2014-04-21Alex Lauerman

Is Security Worth it?

Want More Security Insights?

Visit our full blog archive for more security research, vulnerability disclosures, and technical deep-dives.

View Full Archive