This is a whitepaper that discusses using DCSync to pull password hashes from a domain controller.

Cisco Unified Contact Center Express suffers from a privilege escalation vulnerability.

CRYPTOCard's CRYPTOAdmin software is a challenge/response user authentication administration system. The PT-1 token, which runs on a PalmOS device, generates the one-time-password response. A PalmOS .PDB file is created for each user and loaded onto their Palm device. By gaining access to the .PDB file, the legitimate user's PIN can be determined through a series of DES decrypts-and-compares. Using the demonstration tool, the PIN can be determined in under 5 minutes on a Pentium III 450MHz.

This Metasploit module exploits a vulnerability found in NTR ActiveX 1.1.8. The vulnerability exists in the Check() method, due to the insecure usage of strcat to build a URL using the bstrParams parameter contents, which leads to code execution under the context of the user visiting a malicious web page. In order to bypass DEP and ASLR on Windows Vista and Windows 7 JRE 6 is needed.

This Metasploit module exploits a vulnerability on the lrFileIOService ActiveX, as installed with HP LoadRunner 11.50. The vulnerability exists in the WriteFileString method, which allow the user to write arbitrary files. It's abused to drop a payload embedded in a dll, which is later loaded through the Init() method from the lrMdrvService control, by abusing an insecure LoadLibrary call. This Metasploit module has been tested successfully on IE8 on Windows XP. Virtualization based on the Low Integrity Process, on Windows Vista and 7, will stop this module because the DLL will be dropped to a virtualized folder, which isn't used by LoadLibrary.

Script that performs RSA factorization attack using Fermat's algorithm.

The Air Contacts Lite iPhone / iPod application suffers from a denial of service vulnerability.

graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie if a guest user has the graph real-time privilege.

This Metasploit module exploits a directory traversal vulnerability (CVE-2015-1830) in Apache ActiveMQ versions 5.x before 5.11.2 for Windows. The module tries to upload a JSP payload to the /admin directory via the traversal path /fileserver/..\admin\ using an HTTP PUT request with the default ActiveMQ credentials admin:admin (or other credentials provided by the user). It then issues an HTTP GET request to /admin/.jsp on the target in order to trigger the payload and obtain a shell.

Research by fDi Intelligence reveals which cities received the most tech start-up FDI relative to their population between 2016 and 2018, with European cities coming out on top.

Telus Actiontec WEB6000Q with firmware 1.1.02.22 suffers from a denial of service vulnerability. By querying CGI endpoints with empty (GET/POST/HEAD) requests causes a Segmentation Fault of the uhttpd webserver. Since there is no watchdog on this daemon, a device reboot is needed to restart the webserver to make any modification to the device.

The CEO of the UN’s Global Compact initiative, Lise Kingo, talks about the sustainability shift in the C-suite, FDI’s role in achieving the SDGs and how CEOs can address common risks.

Egypt became the ‘bread basket’ of Africa in 2018, attracting the largest number of foreign investments in food manufacturing. 

Poor infrastructure and political instability deter tourism, but small and manageable steps to avoid chaos and promote hospitality can work wonders.

From historically underperforming when compared with its peers, the German federal state of Rhineland-Palatinate is now attracting major investment projects on the back of its auto and electrification expertise.

Frankfurt (Oder) is building on the strengths of its university to foster the development of successful start-ups through new co-working spaces and the promotion of sustainable practices and products. 

Having opened new production facilities in Rwanda and South Africa, Mara Phones is looking to alter Africa's mindset from being a 'consumer' to being a 'manufacturer'. 

Despite its thriving automotive sector, Gothenburg is vulnerable to global economic pressures. However, local authorities are confident that their strategies will see the city ride out the uncertainties related to Brexit and the US-China trade wars.

Marcus Weldon, chief technology officer of Nokia and president of its research arm Nokia Bell Labs, talks about what guided the decision to set up a new global R&D centre and the company’s strategy for driving innovation.

Giant investment firm BlackRock throwing its weight behind sustainability issues is sending a signal to the corporate world to respond urgently to global calls for action, writes Gregg Wassmansdorf.

The chairman of the board of the National Bank of the Republic of Belarus talks to fDi about preserving financial stability and diversifying the country’s export split.

Mexico suffered a second year of dwindling manufacturing, with the US's trade policy taking its toll. However, Mexico remains an attractive location for US companies and their suppliers.

Figures show 2018 was India’s best year for manufacturing FDI in seven years.

The UAE remained the Middle East's most popular destination for foreign manufacturing investments in 2018.

The Massachusetts Department of Public Utilities has issued an order approving long-term contracts for 9,554,940 MWh annually of hydropower between H.Q. Energy Services (U.S.) Inc. and the Commonwealth’s electric distribution companies through the New England Clean Energy Connect 100% Hydro project (NECEC Hydro).

The Low Impact Hydropower Institute recently announced it had awarded low-impact certification status to two hydroelectric facilities:

GE Renewable Energy announced at HydroVision that it has signed two hydropower contracts in the U.S. one for FirstLight’s Northfield Mountain project and one for PG&E’s Caribou One hydropower station.

The American Wind Energy Association (AWEA) has released data for Q2, indicating activity rose to new heights in the wind development sector.