TrustFoundry Blog

Get the latest information security news from TrustFoundry. Including issues relating to information security, and penetration testing.

Practical Guide to exploiting the unquoted service path vulnerability in Windows

Practical Guide to exploiting the unquoted service path vulnerability in Windows What is the unquoted service path vulnerability in Windows? When a service in Windows is started, Windows has to try to find [...]

Exploiting .NET Padding Oracle Attack MS10-070 (CVE-2010-3332) and Bypassing Microsoft’s Workaround

Exploiting .NET Padding Oracle Attack MS10-070 (CVE-2010-3332) and Bypassing Microsoft's Workaround This post was originally writen in October of 2010, and has been lightly updated in 2015. This week I ran into my first ASP.NET site since [...]

Browser URL Encoding Decoding and XSS

Browser URL Encoding Decoding and XSS This article was originally written in early 2010, and has been lightly updated in 2015. Cross-site scripting attacks can be difficult to reproduce because of browser issues.  This problem [...]

TrustFoundry at TriKC 0x01

TrustFoundry at TriKC 0x01 On November 12th, TrustFoundry will be competing at TriKC 0x01 in Overland Park, KS.  Come see Matt South present on finding vulnerabilities using grey-box PHP analysis, and Alex Lauerman present on using software defined [...]