One of the most concerning attack methods I’ve come across recently is ‘Pass-the-PRT.’ It’s not the most likely of cyberattacks, but if successful – your organization’s security is in trouble. And that’s precisely what makes it dangerous—it leverages legitimate authentication processes, blending into normal network activity, making it hard to detect. I saw this firsthand while testing an Azure environment for lateral movement vulnerabilities. An attacker had been moving across systems for days using a stolen primary refresh token (PRT). Because they didn’t need to reauthenticate, their access looked legitimate, slipping past detection. It was a reminder of how easy…
Author: Adi Mor
Adi Mor
Adi Mor is a Product Manager at Pentera with over five years of experience in cybersecurity and cloud platform integration. She started her career in the Israel Defense Forces (IDF), where she worked on developing creative solutions to technical challenges. Since then, she has gained valuable experience in the cyber industry, focusing on practical, effective solutions. Adi enjoys combining her technical skills with a strategic mindset to help solve tough problems and make a real difference.
