The Foundry

Our Blog

Original security research, vulnerability disclosures, and technical deep-dives from our team of penetration testers.

Research2025-04-30

Make Deployment Systems Tier 0 Again: Pentesting PDQ Deploy and Inventory

Deep dive into penetration testing PDQ Deploy and Inventory — examining why deployment systems are critical Tier 0 assets that require dedicated security attention.

By Toby JacksonRead article

Active Directory2025-04-04

Fare Play: See the Movie for Free by Kerberoasting Service Tickets Through an AS-REPRoastable User

Kerberos ticket abuse remains a significant security issue for organizations using Active Directory. Exploring real-world Kerberoasting attack chains through AS-REP roastable accounts.

By Thomas FieberRead article

All Posts

Research2025-04-30Toby Jackson

Make Deployment Systems Tier 0 Again: Pentesting PDQ Deploy and Inventory

Active Directory2025-04-04Thomas Fieber

Fare Play: See the Movie for Free by Kerberoasting Service Tickets Through an AS-REPRoastable User

Exploitation2025-03-28Josiah Pierce

Browser Exploitation Basics — Explaining the addrof and fakeobj Primitives

Exploitation2025-03-21Josiah Pierce

Spot the Bug Challenge 2

Exploitation2025-03-12Josiah Pierce

Spot the Bug Challenge 1

Web Security2025-03-03Toby Jackson

BurpSuite's New AI Features: Are they as AI-mazing as they sound!?

Exploitation2025-01-14Josiah Pierce

A Mere Mortal's Introduction to JIT Vulnerabilities in JavaScript Engines

Research2025-01-06TrustFoundry

Harnessing Blockchain for Secure and Transparent Elections

Cloud2024-12-17TrustFoundry

Enumerating Access for AWS Temporary Credentials

Cloud2024-12-11Alex Lauerman

A Practical Guide to Confidential Computing

Web Security2024-09-18TrustFoundry

Prompt Injection: Stopping Attacks at the Source

Active Directory2024-08-19TrustFoundry

Understanding Active Directory Certificate Services: A Focus on ESC1 and ESC8

Web Security2024-07-30TrustFoundry

A Quick Introduction to postMessage XSS

Exploitation2024-04-11Josiah Pierce

Firefox Sandbox Vulnerability Research: Introduction and Environment Setup

Research2024-04-04TrustFoundry

Preparing for a Technical Interview as a Penetration Tester

Web Security2024-03-21TrustFoundry

A Comprehensive Guide To HTTP Security Headers

Web Security2024-03-14TrustFoundry

BurpSuite Certified Practitioner Exam Review

Web Security2024-03-07TrustFoundry

Securing Session Cookies

Research2024-02-29TrustFoundry

Making the most out of your penetration test

Exploitation2022-03-04TrustFoundry

Writing an exploit for CVE-2021-4034

Web Security2022-02-16TrustFoundry

Did default SameSite:Lax put the nail in the coffin for CSRF? Mostly, but not always!

Exploitation2021-03-01TrustFoundry

Writing Basic Offensive Tooling in Nim

Research2020-10-29TrustFoundry

A Brief Introduction to Semgrep (Part 1)

Research2020-10-29TrustFoundry

A Brief Introduction to Semgrep (Part 2)

Research2020-08-05TrustFoundry

Preparing for an Application Penetration Test

Web Security2020-02-14TrustFoundry

Passwords are dead? Long live WebAuthn!

Exploitation2020-01-22TrustFoundry

Introduction to Triaging Fuzzer-Generated Crashes

Web Security2019-10-15TrustFoundry

Scanning At Scale: Burp Suite Enterprise Edition

Web Security2019-10-01TrustFoundry

The Top 8 Burp Suite Extensions That I Use to Hack Web Sites

Exploitation2019-08-12TrustFoundry

Using Iodine for DNS Tunneling C2 to Bypass Egress Filtering

Exploitation2019-07-18TrustFoundry

Basic ROP Techniques and Tricks

Exploitation2019-02-18TrustFoundry

CVE-2019-7629: RCE in an Open Source MUD Client

Research2019-01-28TrustFoundry

Customer Survey Results

Web Security2018-12-20TrustFoundry

Bypassing WAFs with JSON Unicode Escape Sequences

Web Security2017-12-08TrustFoundry

JWT Hacking 101

Research2017-08-22TrustFoundry

HoneyPi – An easy honeypot for a Raspberry Pi

Exploitation2016-10-30TrustFoundry

EXE Hijacking in Git Bash for Windows

Exploitation2016-10-19TrustFoundry

What is DLL Hijacking?

Web Security2016-08-23TrustFoundry

Referer Redirection and Its Inconspicuous Danger

Web Security2016-04-03TrustFoundry

Cross-Site Request Forgery Cheat Sheet

Research2016-03-31Alex Lauerman

Can't Hack a Hacker: Reverse Engineering a Discovered ATM Skimmer

Exploitation2015-11-18TrustFoundry

Shells in Your Serial – Exploiting Java Deserialization on JBoss

Exploitation2015-09-10TrustFoundry

Practical Guide to exploiting the unquoted service path vulnerability in Windows

Web Security2015-04-20TrustFoundry

Browser URL Encoding Decoding and XSS

Exploitation2015-04-20TrustFoundry

Exploiting .NET Padding Oracle Attack MS10-070 (CVE-2010-3332) and Bypassing Microsoft's Workaround

Research2014-11-09Alex Lauerman

TrustFoundry at TriKC 0x01

Research2014-07-20Alex Lauerman

TrustFoundry at BlackHat USA 2014

Research2014-06-17Alex Lauerman

Building a Presentation Recording Setup

Research2014-04-21Alex Lauerman

Is Security Worth it?

Want More Security Insights?

Visit our full blog archive for more security research, vulnerability disclosures, and technical deep-dives.

View Full Archive