Cracking a Windows domain admin password used to be the sort of thing that required a rack of GPUs, a questionable website, and a small fortune in hardware. Now? A $600 laptop and a free set of rainbow tables from Google’s Mandiant division will do the job in under 12 hours. And the kicker? This vulnerability isn’t new. It’s been sitting in plain sight since 1999 . The Ghost of NTLMv1 At the core of this mess is NTLMv1 — an authentication protocol Microsoft introduced in 1993