<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>NTLM on HackingPassion.com : root@HackingPassion.com-[~]</title><link>https://hackingpassion.com/tags/ntlm/</link><description>Recent content in NTLM on HackingPassion.com : root@HackingPassion.com-[~]</description><generator>Hugo</generator><language>en</language><lastBuildDate>Tue, 21 Apr 2026 00:00:00 +0000</lastBuildDate><atom:link href="https://hackingpassion.com/tags/ntlm/index.xml" rel="self" type="application/rss+xml"/><item><title>Windows Snipping Tool NTLM Hash Leak CVE-2026-33829</title><link>https://hackingpassion.com/snipping-tool-ntlm-hash-leak/</link><pubDate>Tue, 21 Apr 2026 13:53:07 +0200</pubDate><guid>https://hackingpassion.com/snipping-tool-ntlm-hash-leak/</guid><description>&lt;p>The Windows Snipping Tool can hand your Windows password hash to an attacker through a single click on a crafted link, and what the victim sees is the familiar screenshot tool opening on screen the way it always does. It ships with Windows 10, Windows 11 and Windows Server, &lt;strong>thirty-one Windows versions affected&lt;/strong>. Microsoft rates exploitation as unlikely. A working proof of concept with video demonstration went public on GitHub the same day the patch shipped, and the link that pulls off the whole thing fits on a single line of text. 😏&lt;/p></description></item><item><title>Why It Took Microsoft 32 Years to Disable NTLM</title><link>https://hackingpassion.com/ntlm-finally-disabled/</link><pubDate>Wed, 04 Feb 2026 11:31:37 +0100</pubDate><guid>https://hackingpassion.com/ntlm-finally-disabled/</guid><description>&lt;p>32 years. That is how long it took Microsoft to disable NTLM, the protocol that handles Windows login authentication. A broken system linked to $10 billion in damages and some of the worst cyberattacks ever recorded. Hackers have been exploiting it since 2001. Here is the story of why it took this long.&lt;/p>
&lt;p>On January 30, 2026, Microsoft announced they will finally disable NTLM by default in future Windows releases.&lt;/p></description></item><item><title>Cracking Windows Domain Admin Passwords Just Got Simple</title><link>https://hackingpassion.com/cracking-windows-domain-admin-passwords-rainbow-tables/</link><pubDate>Tue, 20 Jan 2026 15:09:59 +0100</pubDate><guid>https://hackingpassion.com/cracking-windows-domain-admin-passwords-rainbow-tables/</guid><description>&lt;p>Cracking Windows domain admin passwords just got simple. A massive set of rainbow tables just went public, a $600 laptop is enough, and it takes 12 hours max. This flaw has existed since 1999. Microsoft ignored it for 25 years. So Google decided to force the conversation. 🔓&lt;/p>
&lt;p>The flaw is in NTLMv1. That&amp;rsquo;s an authentication protocol from 1993. When a Windows machine logs in over a network, it sends an encrypted response based on the user&amp;rsquo;s password. The problem? That encryption uses 56-bit DES. Cryptographers declared that dead decades ago.&lt;/p></description></item></channel></rss>