Bypassing MDO (Microsoft Defender for Office 365) Phishing Filter.
How it Started: Background and Initial Observations: As part of an internal cybersecurity awareness initiative, I was asked by my organization to provide cybersecurity awareness session that included live demonstrations using tools such as Flipper Zero, OMG cables, and a phishing simulation - Gophish (why?: easy and free). Everything was working fine, except for Gophish, After configuring Gmail SMTP in Gophish and sending test emails to my corporate account, the messages were consistently blocked by Microsoft Defender for Office 365 (MDO) and did not reach the inbox. Further analysis revealed that emails generated by Gophish were being flagged as phishing by multiple detection layers within MDO, including general filtering, mixed analysis, and advanced filtering mechanisms. This indicated that the framework was effectively identified and blocked by default protections. During investigation of the email headers, I observed that the default " X-Mailer:Gophi...