I had some success with on Phishing engagements by base64 encoding the contents of a file, putting it into a HTML file and having it decode and drop when the user opened the HTML file. So I created the tool Fudge to automate creating these weaponised HTML attachments.

Hiding implants in HTML files. Contribute to dale-ruane/Fudge development by creating an account on GitHub.