Android Exploitation Technical Paper Release
I’ve been playing around with some Android exploitation lately, and I wanted to clarify the risks associated with storing domain credentials anywhere on a mobile device. Obviously, gaining access to your email or calendar could expose some sensitive information, or could allow for password resets via email or some social engineering, but I feel like the real risk lay elsewhere. Most mobile devices when associated with an Exchange server will store credentials in cleartext. This means that any malicious attacker who can get root access to your phone can gain access to your domain credentials. The risk this presents is dependent on your organization, but if your organization has any external resources accessible via RDP or uses AD authentication on the VPN, an attacker can just hop right into your environment. This is true on Android and iOS for sure; to prove it to you, my technical paper has practical guidelines on how to extract credentials from a mobile phone. Check it out! Download “Dark Harvest – Active Directory Credentials on Mobile Devices“
Explore More Blog Posts
Why Continuous Testing is the New Standard for Modern Security
NetSPI's continuous pentesting delivers regular, tailored assessments across critical assets, customized to your organization's risk profile and operational cadence to ensure coverage where it matters most. These services are delivered through NetSPI’s leading PTaaS platform using existing workflows.
CVE-2026-0300 Palo Alto Networks PAN-OS Buffer Overflow Overview & Takeaways
Palo Alto Networks has disclosed a critical zero-day vulnerability in PAN-OS, tracked as CVE-2026-0300, affecting PA-Series and VM-Series firewalls with the User-ID Authentication Portal (Captive Portal) enabled. The flaw is a pre-authentication buffer overflow that allows an unauthenticated, remote attacker to execute arbitrary code with root privileges on affected devices.
CVE-2026-41940 cPanel & WHM Authentication Bypass Overview and Takeaways
cPanel has disclosed a critical authentication bypass vulnerability affecting cPanel & WHM and WP Squared, tracked as CVE-2026-41940 (CVSS 9.8). The flaw allows a remote, unauthenticated attacker to gain root-level administrative access by injecting arbitrary values into a server-side session file, effectively bypassing all credential checks.