Dragging Secrets Out of Chrome: NTLM Hash Leaks via File URLs

This report presents "DragonHash", a proof-of-concept that abuses Chromium drag-and-drop DownloadURL behavior to induce Windows to initiate NTLM authentication requests to an attacker-controlled responder, allowing capture of NTLM hashes; it includes PoC code, a demo site, and notes on limitations (user interaction and browser download settings).