FQDN to access something refers to specifying the complete domain name for a resource, including the hostname and the domain suffix (e.g., hostname.example.com) "break it" is related to LLMNR. ( look at the example how he got the NTLM hash. break it means in local networks for name resolution when the DNS resolution fails, typically due to DNS server unavailability or misconfiguration. then the LLMNR coming up to play. try to google how FQDN & LLMNR related to each other.
I thought you cannot relay hash directly to the Domain Controller, since SMB signing is set to ON by default on DC. How is it you are showing it can be done here?
With the wpad example were you able to crack the machine account? If so I’d like to see a video showing how that is accomplished in a reasonable amount of time. By default every 30 days Windows boxes change their password.