The blog post and white paper are quick to the point with a nice refresher on Windows Authentication and a few new tricks about attacking Windows Authentication.
Sometimes too, we forget about the basics. Accessing a Windows resource by IP address will default fallback to NTLM authentication. Similarly a Windows workgroup machine is limited to NTLM authentication.
Matt goes on to make the case about why NTLM authentication is a higher risk... especially important if you are an administrator.
Perhaps friends can help friends connect to PI Servers by name!