Forrest Kasler

Industry Insights

Epic Pentest Fail

How to Wreck Entra with a Single Mistyped Character This is a cautionary tale. Always read the docs when you…

Industry Insights

Teach a Man to Phish

PHISHING SCHOOL A Decade of Distilled Phishing Wisdom I decided to give away all of my phishing secrets for free. I…

Research & Tradecraft

Sleeping With the Phishes

Hiding C2 With Stealthy Callback Channels Write a custom command and control (C2) implant — Check ✅ Test it on…

Research & Tradecraft

Deep Sea Phishing Pt. 2

PHISHING SCHOOL Making Your Malware Look Legit to Bypasses EDR I wanted to write this blog about several good techniques for…

Research & Tradecraft

Deep Sea Phishing Pt. 1

PHISHING SCHOOL How to Bypass EDR With Custom Payloads If endpoint detection and response (EDR) protections keep blocking your phishing payloads,…

Research & Tradecraft

Phish Out of Water

PHISHING SCHOOL Bypassing Web Proxies so Your Phish Don’t Suffocate You just fought long and hard to convince a user…

Research & Tradecraft

Drink Like a Phish

PHISHING SCHOOL How to Make Your Phishing Sites Blend In As you read this, bots are coming to find and destroy…

Research & Tradecraft

Like Shooting Phish in a Barrel

PHISHING SCHOOL Bypassing Link Crawlers You’ve just convinced a target user to click your link. In doing so, you have achieved…

Research & Tradecraft

I Will Make you Phishers of Men

PHISHING SCHOOL Convincing Targets to Click Your Links When it comes to phishing advice, the number one question I get from…