That’s wild… how’d he get the email client to send the NTLM hash? That’s the real story, there. If you can remotely pull sensitive files like that, you already own that computer. That’s an email client vuln, not an issue with the method of encryption.

Actually what is sent is the user’s LAN Manager (LM) or Windows NT LM network authentication challenge response, from which the user’s LM or NT hash can be computed.

Oh… that’s not good. I’m guessing the client was Outlook. In which case, Outlook had a vuln and that was the issue, not the encryption. Or maybe it was windows itself which was vulnerable.

I skimmed kind of quick, but it sounds like Kevin used html email to embed something that loaded from a server he owned. That gave him the target IP, he then did some kind of NetBIOS request where windows sent the NTLM challenge response. That was apparently vulnerable to cracking in such a way that revealed the actual NTLM hash of the windows user being emailed. Then THAT hash was crackable to reveal the actual password of the user.

Not totally sure I read that right, but wow, that is an old ass vuln for windows to still have as late as 2017.

You exchange public keys and then email using your recipient’s key to encrypt it. Only they would then be able to decrypt it, using their private key.

https://www.infoworld.com/article/2334365/understand-diffie-hellman-key-exchange.html

PGP is a thing. Still… Trust no one.

There’s video of them loading into the uhaul, and the cops made sure to blur the faces of the nazis, but nobody else.

Uhauls are made to have padlocks placed on the door… Just something to think about.

I believe you will find that these people are just being paid to do a job. What you want to find are the people paying these sign wavers.