TrustFoundry Blog

Get the latest information security news from TrustFoundry. Including issues relating to information security, and penetration testing.

Cross-Site Request Forgery Cheat Sheet

Cross-Site Request Forgery Cheat Sheet The Cross-Site Request Forgery (CSRF) Cheat Sheet is a flowchart that is designed to cover the common scenarios that an experienced application penetration tester would test for in CSRF testing. It [...]

Can’t Hack a Hacker: Reverse Engineering a Discovered ATM Skimmer

Can't Hack a Hacker: Reverse Engineering a Discovered ATM Skimmer Background When traveling, Elizabeth and I are always a little bit extra cautious; we hide money in special belts, we carry emergency cards [...]

Shells in Your Serial – Exploiting Java Deserialization on JBoss

Shells in Your Serial - Exploiting Java Deserialization on JBoss Background I read a fantastic write-up by Stephen Breen of FoxGlove Security earlier this month describing a vulnerability, present in several common Java [...]

Practical Guide to exploiting the unquoted service path vulnerability in Windows

Practical Guide to exploiting the unquoted service path vulnerability in Windows What is the unquoted service path vulnerability in Windows? When a service in Windows is started, Windows has to try to find [...]