TrustFoundry Blog

Get the latest information security news from TrustFoundry. Including issues relating to information security, and penetration testing.

JWT Hacking 101

As JavaScript continues its quest for world domination, JSON Web Tokens (JWTs) are becoming more and more prevalent in application security.  Many applications use them, so it has become very important for me to know [...]

HoneyPi – An easy honeypot for a Raspberry Pi

HoneyPi - an easy honeypot for a Raspberry Pi It is astonishingly easy as an attacker to move around on most networks undetected. Let's face it, unless your organization is big enough to have full [...]

EXE Hijacking in Git Bash for Windows

TLDR; Git Bash for Windows 1.x will execute any file named "git.exe" in the current directory when accessing the Windows context menu Discovery I was researching some old DLL hijacking vectors recently. Specifically, I was [...]

What is DLL Hijacking?

DLL Hijacking is a way for attackers to execute unexpected code on your machine. This means that if an attacker can get a file on your machine (by social engineering, remote control, etc.)  that file could [...]