NTLM has not gone away. In many environments, it still underpins logon flows, service account authentication, and credential relay paths that defenders assume are deprecated. Protected Users is rarely enforced. Credential Guard is rare. Even when Kerberos is in use, fallback to NTLM is often quietly enabled. Add LLMNR, NetBIOS, SMBv1, Telnet, and plaintext LDAP, and attackers have everything they need to steal or relay credentials without malware, without exploits, and often without detection. This article breaks down the legacy defaults still exposing modern networks, and what defenders, incident responders, and CISOs can do to harden these protocols before someone else exploits them.