Bob van der staak
Bob van der Staak is a Ethical hacker and red teamer at the Dutch Railways. Sharing knowledge is his passion, and with his background in software development and technical informatics, he implements code to assist with his daily assessments.
From web penetration testing to malware development and cloud technologies, he is eager to learn and share his expertise.
Session
Red teaming social engineering campaigns can fail before they even start: as soon as your AiTM infrastructure goes live, automated systems detect you and takedowns start. This hands-on workshop shows how to harden your infrastructure against bots and other prying eyes. We will demonstrate practical techniques to detect and filter automated traffic, using Caddy as a “bot deflector”, custom url path rewriting, and implementing a scoring-based system to hotswap content in real time. You will also get a behind-the-scenes look at how we manipulate JA4 to reduce detection opportunities and subtly adjust visual elements to evade AiTM detection, along with a discussion of their limitations.
If you come prepared with a virtual machine, by the end of the workshop, you will have a local setup to test Evilginx behind Caddy, understand how to dynamically respond to suspected bot traffic, and gain insight into the strategies our team uses to keep red team infrastructures alive long enough to achieve their objectives.