Android Exploitation Technical Paper Release
I’ve been playing around with some Android exploitation lately, and I wanted to clarify the risks associated with storing domain credentials anywhere on a mobile device. Obviously, gaining access to your email or calendar could expose some sensitive information, or could allow for password resets via email or some social engineering, but I feel like the real risk lay elsewhere. Most mobile devices when associated with an Exchange server will store credentials in cleartext. This means that any malicious attacker who can get root access to your phone can gain access to your domain credentials. The risk this presents is dependent on your organization, but if your organization has any external resources accessible via RDP or uses AD authentication on the VPN, an attacker can just hop right into your environment. This is true on Android and iOS for sure; to prove it to you, my technical paper has practical guidelines on how to extract credentials from a mobile phone. Check it out! Download “Dark Harvest – Active Directory Credentials on Mobile Devices“
Explore More Blog Posts
Extracting Sensitive Information from Azure Load Testing
Learn how Azure Load Testing's JMeter JMX and Locust support enables code execution, metadata queries, reverse shells, and Key Vault secret extraction vulnerabilities.
3 Key Takeaways from Continuous Threat Exposure Management (CTEM) For Dummies, NetSPI Special Edition
Discover continuous threat exposure management (CTEM) to learn how to bring a proactive approach to cybersecurity and prioritize the most important risks to your business.
How Often Should Organizations Conduct Penetration Tests?
Learn how often organizations should conduct penetration tests. Discover industry best practices, key factors influencing testing frequency, and why regular pentesting is essential for business security.