diff --git a/.gitmodules b/.gitmodules
index 86efee1..06c8365 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -52,3 +52,6 @@
 [submodule "red-teaming/CobaltSplunk"]
 	path = red-teaming/CobaltSplunk
 	url = https://github.com/mgeeky/CobaltSplunk
+[submodule "red-teaming/SharpWebServer"]
+	path = red-teaming/SharpWebServer
+	url = https://github.com/mgeeky/SharpWebServer
diff --git a/red-teaming/README.md b/red-teaming/README.md
index 4112540..ba8bf03 100755
--- a/red-teaming/README.md
+++ b/red-teaming/README.md
@@ -340,6 +340,31 @@ $ ./markOwnedNodesInNeo4j.py kerberoasted.txt
 
 - **`set-handler.rc`** - Quickly set metasploit's multi-handler + web_delivery (separated) handler for use with powershell. ([gist](https://gist.github.com/mgeeky/bf4d732aa6e602ca9b77d089fd3ea7c9))
 
+- [**`SharpWebServer`**](https://github.com/mgeeky/SharpWebServer) - Red Team oriented C# Simple HTTP Server with Net-NTLMv1/2 hashes capture functionality
+
+```
+C:\> SharpWebServer.exe port=8888 dir=C:\Windows\Temp verbose=true ntlm=true
+
+    :: SharpWebServer ::
+    a Red Team oriented C# Simple HTTP Server with Net-NTLMv1/2 hashes capture functionality
+
+[.] Serving HTTP server on port  : 8888
+[.] Will run for this long       : 60 seconds
+[.] Verbose mode turned on.
+[.] NTLM mode turned on.
+[.] Serving files from directory : C:\Windows\Temp
+
+SharpWebServer [29.03.21, 17:55:14] NTLM: Sending 401 Unauthorized due to lack of Authorization header.
+SharpWebServer [29.03.21, 17:55:14] ::1 - "GET /test.txt" - len: 0 (401)
+SharpWebServer [29.03.21, 17:55:14] NTLM: Sending 401 Unauthorized with NTLM Challenge Response.
+SharpWebServer [29.03.21, 17:55:14] ::1 - "GET /test.txt" - len: 0 (401)
+
+[+] SharpWebServer: Net-NTLM hash captured:
+TestUser:::1122334455667788:66303EE2DF9417E2FE07E1B7FD663205:010100000000000092EC04E8B324D701C2B561D5FECBB325000000000200060053004D0042000100160053004D0042002D0054004F004F004C004B00490054000400120073006D0062002E006C006F00630061006C000300280073006500720076006500720032003000300033002E0073006D0062002E006C006F00630061006C000500120073006D0062002E006C006F00630061006C00080030003000000000000000010000000020000045E18A336DA58F5F0F826F846C699F77DCCF02BA5135525AC52EFBB0C0A1F1160A0010000000000000000000000000000000000009001C0048005400540050002F006C006F00630061006C0068006F00730074000000000000000000
+
+SharpWebServer [29.03.21, 17:55:14] ::1 - "GET /test.txt" - len: 11 (200)
+```
+
 - [**`SharpWMI`**](https://github.com/mgeeky/SharpWMI) - This implementation is a refurbished and enhanced version of original SharpWMI by @harmj0y that adds some more flexibility for working with malicious VBS scripts, AMSI evasion, file upload purely via WMI and makes it possible to return output from WMI remotely executed commands. Initially submitted as a [Pull Request #3](https://github.com/GhostPack/SharpWMI/pull/3) to the original repo of that project, however unless it's merged there - will pin my fork here for accountability
 
 - **`Stracciatella`** - Powershell runspace from within C# (aka `SharpPick` technique) with AMSI and Script Block Logging disabled for your pleasure.
diff --git a/red-teaming/SharpWebServer b/red-teaming/SharpWebServer
new file mode 160000
index 0000000..8346f4b
--- /dev/null
+++ b/red-teaming/SharpWebServer
@@ -0,0 +1 @@
+Subproject commit 8346f4bc38d53467498ec47f123b98258cb297e0