Cyber Security Blog | 8com Research

The latest findings of our pentesters


Automating parts of Active Directory pentests with BloodHound CE
BloodHound is one of the essential tools for every Penetration Tester and Red Teamer and with the new release of BloodHound CE, BloodHound got some very nice and useful improvements. This blog post will show some examples on how the underlying database or the new API can be used to automatically find many basic weaknesses in an Active Directory environment.
smarttimeplus Vulnerability Disclosure
09. Februar 2023
smarttimeplus is a time tracking software by NovaCHRON. It was vulnerable to an authentication bypass and still has multiple authorization flaws.