so.cl

In order to find phishing payloads, one needs to understand how executable filetypes on Windows are handled, finding which ones can be delivered to mail clients, thus users, without being caught by mail defences in between and without requesting multiple validation steps from that user for execution once clicked on.

Other filetypes are also relevant for phishing even if they are not executable per-se, they are also mentionned in this article.

I am pretty sure all presented filetypes have been documented before but the method used below may be applicable for future Microsoft systems or constrained Windows environments to understand why certain filetypes are blocked. Divin’n’phishin with executable filetypes on Windows