C# modules made for easy recon with SharpMapExec execute assembly function

GetExchangeInbox

Discover if an account is available for Exchange SSO

GetLogonHistory

Get logon history data from the event log, default is data from 14 days back

Requires administrator privileges

GetLsassSessions

Enumerate logon sessions by reading lsass process bytes

Requires administrator privileges

GetLsaSessions

Enumerate logon sessions with LsaGetLogonSessionData

Requires administrator privileges

InvokeRecon

Useful for hunting jump-hosts, hosts used for cloud/infrastructure management and other non-domain credentials. Because pwning just the on-prem domain isn't enough

Acknowledgments

Shoutout to harmj0y and the Seatbelt project