NTLMv1 rainbow tables have been available for 15-20 years. The only thing new is that Google are publishing theirs.

NTLM is often used for more of the underlying technologies, some more secure than others… nthash, net-ntlmv1, net-ntlmv2. There’s a little more complexity here and this is different than the stuff that was out 15 years ago

▲

bri3d 2 hours ago | parent | next [-]

> this is different than the stuff that was out 15 years ago

This stuff was out at least 10-15 years ago. It’s different from the ancient local ntlm hash cracking everyone used to get admin in high school, yes, but it’s not a novel technique.

on cursory google, https://github.com/NotMedic/NetNTLMtoSilverTicket/blob/maste... is 6 years old and was old news when it was committed, and https://crack.sh/netntlm/ has been around online for at least 10 and I think more like 15+ years.

▲

patmorgan23 2 hours ago | parent | prev [-]

Microsoft has deprecated NTLM and is actively ripping it out of windows.

https://support.microsoft.com/en-us/topic/upcoming-changes-t...

Windows 11 is probably the last version that will contain NTLM (and hopefully NTLMv2). Going forward everything will be Kerberos or Oauth based.

	▲	bigfatkitten a minute ago \| parent [-]
		Ironically enough, the things that tend to break first when you try to turn off NTLM are still Windows components.