If you do Phishing attacks on a regular basis, you will end up using a framework or scripts to automate some of the tedious parts. You have your preferred web stack for phishing pages, your custom SMTP delivery system (with SPF/DKIM enabled AND good reputation - of course), your payloads and so on, and you need to maintain all of that while evolving it at the same time. Where do you host your phishing infrastructure? What happens if the target blacklists your phishing FQDNs or IPs? Moreover, do you have a template system for HTML emails, including victim fingerprinting with automated and targeted exploit delivery? If you have such needs and you do all the above manually, then PhishLulz comes to the rescue. PhishLulz is a Ruby toolkit to dynamically instantiate phishing instances on the fly. You can use Amazon, OpenStack, libvirt and much more (the ruby Fog gem comes to the rescue), which means you can use it to deploy internal phishing VMs, or have everything public in the cloud. It comes with a Debian Amazon EC2 image pre-configured with PhishingFrenzy, BeEF, Metasploit, ShellTer, Veil and other useful tools for phishing engagements (Mr.Robot will be lost, he uses SET !!). PhishLulz allows to focus on pretext creation and payload customisation, automating for you all the tedious configurations related to the phishing infrastructure. Multiple real-life stories from engagements done with PhishLulz will be discussed, including automated functionality to concurrently grep Outlook Web Access and Outlook 365 webmails with different credentials. In the middle of all of this, we will also analyze some interesting real-life scenarios of phishing lures spotted in the wild. As a side note, PhishLulz will be exclusively released at KiwiCon X.