Segway Ninebot serial communication analyzer (ESCx such as Voi, Circ / Flash, Bolt, Dott, Jump, Tier...)

Build-it-then-break-it Active Directory lab: one `vagrant up` provisions a Domain Controller, Enterprise CA, Windows 10 and Kali on libvirt/KVM, then you exploit AD CS ESC1 end-to-end (enumerate → cert-as-admin → PKINIT → DCSync). Learn how a pentest really works by building the target and breaking it.