Cyber Security Blog | 8com Research

Password managers are considered one of the most secure ways to keep passwords safe. We have analyzed the commercial password manager by Netwrix and discovered an authenticated Remote Code Execution vulnerability.

This blog post describes an unquoted search path vulnerability and its exploitation in the Plantronics Hub software. This client software is used to configure Plantronics audio devices such as headsets. Plantronics Hub is therefore often additionally installed by VoIP or SIP software solutions to ensure compatibility between the headset and the telephony software.

In this post, we’ll present custom BloodHound queries to find real-world vulnerabilities and misconfigurations. Active Directory plays a very important role in our Corporate Network penetration tests. In many of our tests we manage to compromise the target domain in a short time.

BloodHound is one of the essential tools for every Penetration Tester and Red Teamer and with the new release of BloodHound CE, BloodHound got some very nice and useful improvements. This blog post will show some examples on how the underlying database or the new API can be used to automatically find many basic weaknesses in an Active Directory environment.

smarttimeplus is a time tracking software by NovaCHRON. It was vulnerable to an authentication bypass and still has multiple authorization flaws.