StreamDivert: Relaying (specific) network connections

This blog describes StreamDivert, an open-source userland tool leveraging the WinDivert kernel driver to intercept and relay inbound and outbound network connections for MITM purposes (including relaying SMB to capture authentication hashes). The author recounts a red-team scenario that motivated the tool, details StreamDivert's capabilities (selective relaying by port or source IP, SOCKS handling, TCP/UDP/ICMP over IPv4/IPv6), and provides detection guidance based on event log entries.