EvolveSec Online | June 2022 | Qasim Ijaz

Live Lab: Steal Credentials by Phishing with Microsoft Word

Watch our exclusive Meetup featuring our OSCP Bootcamp instructor Qasim Ijaz. During this session, Qasim demos Phishing using Microsoft Word lab. He dives into relevant concepts that are covered during our OSCP training and that are vital to understand as you prepare for the OSCP certification exam. During this Meetup, you:

1. Learn how attackers utilize Microsoft Word for phishing
2. Gain hands-on experience with phishing without Macros to reduce the need for antivirus bypass
3. Capture Windows credentials over the network using NTLM

About Qasim
Qasim "Q" Ijaz is a Director of Offensive Security at Blue Bastion Security and OSCP Lead Instructor at Evolve Academy. Qasim specializes in healthcare security and penetration testing. He has conducted hundreds of penetration tests in small to large environments with a focus on networks and web application testing. His areas of interest include healthcare security, Active Directory, cybersecurity policy, and the "dry" business side of hacking. Qasim is a penetration test lead during the day and a teacher after-hours. Qasim has presented and taught at multiple cybersecurity conferences including BSides and Blackhat on offensive security topics.

Note for the lab:

You can use .docm or .doc

Do NOT use .docx as it doesn't allow macros