raptor 
A New #PyRDP Release: The Rudolph Desktop Protocol!
“The headline feature for this release is the ability to capture #NetNTLM hashes on any connection we can intercept.
[…] The potential certificate error is never displayed to the user. Certificate validation happens after the NetNTLM exchange under RDP’s Network Level Authentication (NLA) which is why it is never displayed. We reported this issue to Microsoft and they told us it works as designed.”
https://www.gosecure.net/blog/2022/12/23/a-new-pyrdp-release-the-rudolph-desktop-protocol/
A New PyRDP Release: The Rudolph Desktop Protocol! - GoSecure
Isn’t there a better moment than the Holiday season to release a major update of our RDP Attack and Eavesdropping tool PyRDP? That’s right, pour yourself a little glass of eggnog, sit in a comfortable chair, put on some Christmas music and read about the PyRDP updates by the fire.