Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore advanced cybersecurity research on Primary Refresh Token (PRT) cookie theft targeting macOS environments in this DEF CON 33 conference presentation. Discover how attackers can extract authentication tokens from Microsoft Intune Company Portal on macOS systems, extending beyond the well-documented Windows-based attacks. Learn about the comparative analysis between Windows and macOS authentication flows and security controls, revealing critical weaknesses that enable attackers to bypass process validation mechanisms. Examine a novel persistence technique that allows threat actors to register new devices and generate fresh tokens using stolen credentials with MFA claims, maintaining long-term access even after original tokens expire. Witness live demonstrations of PRT cookie extraction on macOS systems and gain insights into the proof-of-concept tool developed by the research team. Understand how Microsoft's device registration security measures can be circumvented and how organizations using Microsoft Intune for cross-platform device management face expanded attack surfaces that now include macOS endpoints alongside traditional Windows targets.
