TrustFoundry Blog

Get the latest information security news from TrustFoundry. Including issues relating to information security, and penetration testing.

Bypassing WAFs with JSON Unicode Escape Sequences

Bypassing WAFs with JSON Unicode Escape Sequences This blog post will discuss how I was able find a blind SQL injection, analyze a WAF, find a JSON unicode escape bypass, and then automate the bypass [...]

JWT Hacking 101

JWT Hacking 101 As JavaScript continues its quest for world domination, JSON Web Tokens (JWTs) are becoming more and more prevalent in application security.  Many applications use them, so it has become very important for [...]

HoneyPi – An easy honeypot for a Raspberry Pi

HoneyPi - an easy honeypot for a Raspberry Pi It is astonishingly easy as an attacker to move around on most networks undetected. Let's face it, unless your organization is big enough to have full [...]

EXE Hijacking in Git Bash for Windows

TLDR; Git Bash for Windows 1.x will execute any file named "git.exe" in the current directory when accessing the Windows context menu Discovery I was researching some old DLL hijacking vectors recently. Specifically, I was [...]