• 10+ years full time InfoSec
• Sr Consultant @ TrustedSec
• Specialties: Active Directory, Development (C#
• Hobbies: Woodworking, Beekeeping, Fly Fishing
Jason Lang @curi0usJack
• Defined: A network layer control that performs real-
time threat prevention
• Two biggest contenders: Palo Alto, Fortinet.
• My testing was performed with a fully licensed, up-to-
date Palo Alto, as well as a Cisco 5500 with FirePower
Pupy Custom Meterpreter
•Custom C# code
•Whatever I wanted
Victim Machines: Windows 7/10 x64.
• Rules: Blocking all the things
• SSL Decryption: ON
• Pay attention to Decryption/Detection patterns.
• Favor Empire/Pupy over MSF if you are getting
detected. Change all defaults.
• Change your template**.
• Hope you’re working with a Cisco firewall.
• Defined: Anything that stops my phish from getting to
• Examples: Proofpoint, Mimecast, Google spam filters
Thanks to @CaseyCammilleri for all the shells!
Q: What if Google is blocking on the
A: You forgot this.
^^ Correct SPF Record for sending via O365 ^^
1. Obfuscate your payload (generally the most basic will do)
2. Set SPF/DKIM Records
3. Use links instead of attachments
4. mod_rewrite is your friend
5. Check the phish with isnotspam.com
6. Don’t trip threshold alerts. Send targeted phish slowly