New blog: Phishing for Primary Refresh Tokens and Windows Hello keys. This blog describes how we can use device code phishing to obtain PRTs and in some cases even add backdoor Windows Hello keys 🤯 dirkjanm.io/phishing-for-m…
8
283
595
131K
209
In contrast to many of my posts/talks this is not something that was fixed, but is an accepted risk at the time of writing, with some future mitigations coming. The blog also includes some mitigating measures and a detection rule.
@_dirkjan @vysecurity Awesome post Dirk-jan! Great foundation for me to explore these phishing concepts one day 👌
@_dirkjan Are we going to talk about this tomorrow at the training? 👀
@_dirkjan Thanks for the shoutout!! Your course is what inspired this idea for me!
