CACTUSTORCH has become a favorite phishing tool for many folks performing phishing to get payloads into organizations. This talk will discuss how to use the Bettertorch code that was released earlier this year along with improved COM object code that will be released with this talk to further improve phishing payloads through maldocs. There will be a discussion of what has been added, what additional features it provides, and how to use it for detection avoidance. We’ll also discuss how the code is laid out and some of the requirements to add to this project so that you can make it your own and further improve bypass capabilities.