Another blog on the Primary Refresh Token! Thx
@gentilkiwi
for figuring this out with me! Tl;Dr: PRT can be extracted from lsass with
#mimikatz
🥝. If with TPM, session key is protected. Still possible to extract derived keys and sign your own PRT cookies.