2026-06-04 –, Workshops 3
Red teaming social engineering campaigns can fail before they even start: as soon as your AiTM infrastructure goes live, automated systems detect you and takedowns start. This hands-on workshop shows how to harden your infrastructure against bots and other prying eyes. We will demonstrate practical techniques to detect and filter automated traffic, using Caddy as a “bot deflector”, custom url path rewriting, and implementing a scoring-based system to hotswap content in real time. You will also get a behind-the-scenes look at how we manipulate JA4 to reduce detection opportunities and subtly adjust visual elements to evade AiTM detection, along with a discussion of their limitations.
If you come prepared with a virtual machine, by the end of the workshop, you will have a local setup to test Evilginx behind Caddy, understand how to dynamically respond to suspected bot traffic, and gain insight into the strategies our team uses to keep red team infrastructures alive long enough to achieve their objectives.
Description
Red teaming can be challenging, especially when simulating realistic social engineering attacks. You build an entire infrastructure carefully crafted to lure in your potential targets. Then, the moment it goes live, it's quickly discovered and taken down. All your hard work, gone in mere hours.
But not to worry! In this workshop, we will shed some light on how you can protect your AiTM infrastructure from prying eyes. We'll share techniques to detect automated bots and safeguard your systems. You'll learn how we manipulate JA4 to limit detection possibilities and how we hot-swap content based on a scoring system. Finally, we will discuss some techniques we use to modify visual elements to outsmart detection of AiTM attacks.
This workshop provides a behind-the-scenes look at how our team successfully confronted these automated threats.
Want to see what the bots couldn’t? Join and follow our hands-on workshop!
Necessary tools
To be part of this workshop, it is necessary to have a laptop with you that already has a working VirtualBox/VMware installation with the latest Ubuntu LTS on your machine.
What you will learn
By the end, you will have a local setup that you can use to test Evilginx locally, with Caddy in front as our bot deflector and url path rewriter. We will be able to hot-swap data based on the scoring system. We will touch on the subject of JA4 manipulation, but this will not be part of the hands-on session.
Bob van der Staak is a Ethical hacker and red teamer at the Dutch Railways. Sharing knowledge is his passion, and with his background in software development and technical informatics, he implements code to assist with his daily assessments.
From web penetration testing to malware development and cloud technologies, he is eager to learn and share his expertise.
Rutger Flohil began his career as a .NET developer, building a solid base in software development before switching gears to focus on cybersecurity. After gaining valuable experience in the Security Operations Center (SOC) of the Dutch TLD, he moved on to his current role as a Red Teamer at Dutch Railways (NS). Rutger enjoys the creative side of security, especially when it comes to writing offensive scripts in Python. Always curious and eager to learn, he’s passionate about discovering new techniques and fresh perspectives to tackle security challenges.