I'M MILTON
Security Researcher
I'M MILTON
Security Researcher
I'M
MILTON
SECURITY RESEARCHER
I'M
MILTON
SECURITY RESEARCHER
Offensive security specialist with deep expertise in penetration testing, evasion techniques, malware development, and reverse engineering.
Offensive security specialist with deep expertise in penetration testing, evasion techniques, malware development, and reverse engineering.
Offensive security specialist with deep expertise in penetration testing, evasion techniques, malware development, and reverse engineering.
Offensive security specialist with deep expertise in penetration testing, evasion techniques, malware development, and reverse engineering.
Hackers Behind
the Code
Hackers Behind
the Code
Exploring the minds shaping digital security from the inside out.
Exploring the minds shaping digital security from the inside out.
Access the podcast now!
Access the podcast now!
Hackers Behind
the Code
Exploring the minds shaping digital security from the inside out.
Access the podcast now!
Hackers Behind
the Code
Exploring the minds shaping digital security from the inside out.
Access the podcast now!
Hackers Behind
the Code
Exploring the minds shaping digital security from the inside out.
Access the podcast now!
ARTICLES
ARTICLES
ARTICLES
HTML Smuggling and EDR Bypass
This project demonstrates how to use HTML Smuggling as an evasion technique to bypass Antivirus (AV) and Endpoint Detection and Response (EDR) solutions. Originally presented at Leiria Tech Talks, this walkthrough covers payload generation, shellcode transformation, in-memory execution, and delivery via a web browser using HTML Smuggling techniques.
HTML Smuggling and
EDR Bypass
This project demonstrates how to use HTML Smuggling as an evasion technique to bypass Antivirus (AV) and Endpoint Detection and Response (EDR) solutions. Originally presented at Leiria Tech Talks, this walkthrough covers payload generation, shellcode transformation, in-memory execution, and delivery via a web browser using HTML Smuggling techniques.
HTML Smuggling and
EDR Bypass
This project demonstrates how to use HTML Smuggling as an evasion technique to bypass Antivirus (AV) and Endpoint Detection and Response (EDR) solutions. Originally presented at Leiria Tech Talks, this walkthrough covers payload generation, shellcode transformation, in-memory execution, and delivery via a web browser using HTML Smuggling techniques.
HTML Smuggling and
EDR Bypass
This project demonstrates how to use HTML Smuggling as an evasion technique to bypass Antivirus (AV) and Endpoint Detection and Response (EDR) solutions. Originally presented at Leiria Tech Talks, this walkthrough covers payload generation, shellcode transformation, in-memory execution, and delivery via a web browser using HTML Smuggling techniques.
HTML Smuggling and
EDR Bypass
This project demonstrates how to use HTML Smuggling as an evasion technique to bypass Antivirus (AV) and Endpoint Detection and Response (EDR) solutions. Originally presented at Leiria Tech Talks, this walkthrough covers payload generation, shellcode transformation, in-memory execution, and delivery via a web browser using HTML Smuggling techniques.
Adaptix C2 Framework
Adaptix C2 is a modular and stealth-oriented Command and Control framework tailored for red team operations. It supports advanced evasion techniques, customizable listeners, and an extensible architecture through operational modules called extenders. This article explores its setup, payload delivery, and practical offensive use cases.
Adaptix C2 Framework
Adaptix C2 is a modular and stealth-oriented Command and Control framework tailored for red team operations. It supports advanced evasion techniques, customizable listeners, and an extensible architecture through operational modules called extenders. This article explores its setup, payload delivery, and practical offensive use cases.
Adaptix C2 Framework
Adaptix C2 is a modular and stealth-oriented Command and Control framework tailored for red team operations. It supports advanced evasion techniques, customizable listeners, and an extensible architecture through operational modules called extenders. This article explores its setup, payload delivery, and practical offensive use cases.
Adaptix C2 Framework
Adaptix C2 is a modular and stealth-oriented Command and Control framework tailored for red team operations. It supports advanced evasion techniques, customizable listeners, and an extensible architecture through operational modules called extenders. This article explores its setup, payload delivery, and practical offensive use cases.
Adaptix C2 Framework
Adaptix C2 is a modular and stealth-oriented Command and Control framework tailored for red team operations. It supports advanced evasion techniques, customizable listeners, and an extensible architecture through operational modules called extenders. This article explores its setup, payload delivery, and practical offensive use cases.
ABOUT ME
ABOUT ME
ABOUT ME
I lead advanced red team operations focused on bypassing modern defensive technologies such as EDRs, antivirus engines, and sandbox environments. My work involves developing custom payloads, in-memory loaders, and obfuscation techniques to simulate real-world threats and support continuous security improvement.
Key areas of expertise:
• Penetration testing (Infrastructure, Web, APIs, Mobile, Wireless)
• Penetration testing (Infrastructure, Web, APIs, Mobile, Wireless)
• Penetration testing (Infrastructure, Web, APIs, Mobile, Wireless)
• Penetration testing (Infrastructure, Web, APIs, Mobile, Wireless)
• Penetration testing (Infrastructure, Web, APIs, Mobile, Wireless)
• Malware analysis and binary reversing using IDA Pro, Ghidra, and custom tools
• Malware analysis and binary reversing using IDA Pro, Ghidra, and custom tools
• Malware analysis and binary reversing using IDA Pro, Ghidra, and custom tools
• Malware analysis and binary reversing using IDA Pro, Ghidra, and custom tools
• Malware analysis and binary reversing using IDA Pro, Ghidra, and custom tools
• Building evasive malware and shellcode execution frameworks
• Building evasive malware and shellcode execution frameworks
• Building evasive malware and shellcode execution frameworks
• Building evasive malware and shellcode execution frameworks
• Building evasive malware and shellcode execution frameworks
• Adversary emulation and threat simulation
• Adversary emulation and threat simulation
• Adversary emulation and threat simulation
• Adversary emulation and threat simulation
• Adversary emulation and threat simulation
• Offensive tooling and red team infrastructure
• Offensive tooling and red team infrastructure
• Offensive tooling and red team infrastructure
• Offensive tooling and red team infrastructure
• Offensive tooling and red team infrastructure
• Bypassing detection controls (AV/EDR/XDR)
• Bypassing detection controls (AV/EDR/XDR)
• Bypassing detection controls (AV/EDR/XDR)
• Bypassing detection controls (AV/EDR/XDR)
• Bypassing detection controls (AV/EDR/XDR)
In parallel with hands-on work, I actively contribute to the OWASP community and participate in security research projects focused on offensive techniques and threat modeling.
I also serve as a postgraduate-level cybersecurity instructor, sharing knowledge in areas like malware development, exploit analysis, and offensive security operations.
My mission is to push the boundaries of offensive security to help organizations strengthen their defenses,understand attacker tradecraft, and build resilient environments.
I lead advanced red team operations focused on bypassing modern defensive technologies such as EDRs, antivirus engines, and sandbox environments. My work involves developing custom payloads, in-memory loaders, and obfuscation techniques to simulate real-world threats and support continuous security improvement.
Key areas of expertise:
• Penetration testing (Infrastructure, Web, APIs, Mobile, Wireless)
• Penetration testing (Infrastructure, Web, APIs, Mobile, Wireless)
• Penetration testing (Infrastructure, Web, APIs, Mobile, Wireless)
• Malware analysis and binaryreversing using IDA Pro, Ghidra, and custom tools
• Malware analysis and binaryreversing using IDA Pro, Ghidra, and custom tools
• Malware analysis and binaryreversing using IDA Pro, Ghidra, and custom tools
• Building evasive malware and shellcode execution frameworks
• Building evasive malware and shellcode execution frameworks
• Building evasive malware and shellcode execution frameworks
• Adversary emulation and threat simulation
• Adversary emulation and threat simulation
• Adversary emulation and threat simulation
• Offensive tooling and red team infrastructure
• Offensive tooling and red team infrastructure
• Offensive tooling and red team infrastructure
• Bypassing detection controls (AV/EDR/XDR)
• Bypassing detection controls (AV/EDR/XDR)
• Bypassing detection controls (AV/EDR/XDR)
In parallel with hands-on work, I actively contribute to the OWASP community and participate in security research projects focused on offensive techniques and threat modeling.
I also serve as a postgraduate-level cybersecurity instructor, sharing knowledge in areas like malware development, exploit analysis, and offensive security operations.
My mission is to push the boundaries of offensive security to help organizations strengthen their defenses,understand attacker tradecraft, and build resilient environments.
I lead advanced red team operations focused on bypassing modern defensive technologies such as EDRs, antivirus engines, and sandbox environments. My work involves developing custom payloads, in-memory loaders, and obfuscation techniques to simulate real-world threats and support continuous security improvement.
In parallel with hands-on work, I actively contribute to the OWASP community and participate in security research projects focused on offensive techniques and threat modeling.
I also serve as a postgraduate-level cybersecurity instructor, sharing knowledge in areas like malware development, exploit analysis, and offensive security operations.
My mission is to push the boundaries of offensive security to help organizations strengthen their defenses,understand attacker tradecraft, and build resilient environments.
I lead advanced red team operations focused on bypassing modern defensive technologies such as EDRs, antivirus engines, and sandbox environments. My work involves developing custom payloads, in-memory loaders, and obfuscation techniques to simulate real-world threats and support continuous security improvement.
In parallel with hands-on work, I actively contribute to the OWASP community and participate in security research projects focused on offensive techniques and threat modeling.
I also serve as a postgraduate-level cybersecurity instructor, sharing knowledge in areas like malware development, exploit analysis, and offensive security operations.
My mission is to push the boundaries of offensive security to help organizations strengthen their defenses,understand attacker tradecraft, and build resilient environments.
I lead advanced red team operations focused on bypassing modern defensive technologies such as EDRs, antivirus engines, and sandbox environments. My work involves developing custom payloads, in-memory loaders, and obfuscation techniques to simulate real-world threats and support continuous security improvement.
In parallel with hands-on work, I actively contribute to the OWASP community and participate in security research projects focused on offensive techniques and threat modeling.
I also serve as a postgraduate-level cybersecurity instructor, sharing knowledge in areas like malware development, exploit analysis, and offensive security operations.
My mission is to push the boundaries of offensive security to help organizations strengthen their defenses,understand attacker tradecraft, and build resilient environments.
"We are proud to have Milton Araújo as the Official Red Team Instructor at Tech Secure 2.0. His expertise in Red Teaming and Adversary Simulation brought a fresh perspective and inspired our community."
"Alone we survive, together we prosper"
"Milton is an incredible professional, his knowledge and ability to manage activities makes the work lighter and more dynamic."
We are proud to have Milton Araújo as the Official Red Team Instructor at Tech Secure 2.0. His expertise in Red Teaming and Adversary Simulation brought a fresh perspective and inspired our community.
"Alone we survive, together we prosper"
"Milton is an incredible professional, his knowledge and ability to manage activities makes the work lighter and more dynamic."
We are proud to have Milton Araújo as the Official Red Team Instructor at Tech Secure 2.0. His expertise in Red Teaming and Adversary Simulation brought a fresh perspective and inspired our community.
"Alone we survive, together we prosper"
"Milton is an incredible professional, his knowledge and ability to manage activities makes the work lighter and more dynamic."
We are proud to have Milton Araújo as the Official Red Team Instructor at Tech Secure 2.0. His expertise in Red Teaming and Adversary Simulation brought a fresh perspective and inspired our."
"Alone we survive, together we prosper"
"Milton is an incredible professional, his knowledge and ability to manage activities makes the work lighter and more dynamic."
SKILLS
Offensive Reverse Engineering
Offensive Reverse Engineering
Offensive Reverse Engineering
Offensive Reverse Engineering
Advanced Post-Exploitation
Advanced Post-Exploitation
Advanced Post-Exploitation
Advanced Post-Exploitation
Custom Payloads & Shellcode
Custom Payloads & Shellcode
Custom Payloads & Shellcode
Custom Payloads & Shellcode
Buffer Overflow Exploits
Buffer Overflow Exploits
Buffer Overflow Exploits
Buffer Overflow Exploits
Protocol & Misconfig Exploits
Protocol & Misconfig Exploits
Protocol & Misconfig Exploits
Protocol & Misconfig Exploits
Tunneling & Covert Channels
Tunneling & Covert Channels
Tunneling & Covert Channels
Tunneling & Covert Channels
Exploitation Validation
Exploitation Validation
Exploitation Validation
Exploitation Validation
Web App Exploitation (OWASP)
Web App Exploitation (OWASP)
Web App Exploitation (OWASP)
Web App Exploitation (OWASP)
Client-Side Payloads
Client-Side Payloads
Client-Side Payloads
Client-Side Payloads
Misconfig Discovery (Cloud/On-Prem)
Misconfig Discovery (Cloud/On-Prem)
Misconfig Discovery (Cloud/On-Prem)
Misconfig Discovery (Cloud/On-Prem)
Audit Alignment (ISO/NIST/OWASP)
Audit Alignment (ISO/NIST/OWASP)
Audit Alignment (ISO/NIST/OWASP)
Audit Alignment (ISO/NIST/OWASP)
Red & Purple Team Support
Red & Purple Team Support
Red & Purple Team Support
Red & Purple Team Support
Pen Testing Methodologies
Pen Testing Methodologies
Pen Testing Methodologies
Pen Testing Methodologies
Threat Surface Mapping
Threat Surface Mapping
Threat Surface Mapping
Threat Surface Mapping
Windows Attack Techniques
Windows Attack Techniques
Windows Attack Techniques
Windows Attack Techniques
Exploit Chain Research
Exploit Chain Research
Exploit Chain Research
Exploit Chain Research
Malware & Fingerprint Reduction
Malware & Fingerprint Reduction
Malware & Fingerprint Reduction
Malware & Fingerprint Reduction
EDR & NDR Evasion
EDR & NDR Evasion
EDR & NDR Evasion
EDR & NDR Evasion
AV Evasion (Obfuscation, HTML-S)
AV Evasion (Obfuscation, HTML-S)
AV Evasion (Obfuscation, HTML-S)
AV Evasion (Obfuscation, HTML-S)
Anti-Forensics & Traffic Shaping
Anti-Forensics & Traffic Shaping
Anti-Forensics & Traffic Shaping
Anti-Forensics & Traffic Shaping
Active Directory Exploits
Active Directory Exploits
Active Directory Exploits
Active Directory Exploits
Credential Attacks & Token Abuse
Credential Attacks & Token Abuse
Credential Attacks & Token Abuse
Credential Attacks & Token Abuse
Custom Red Team Tooling
Custom Red Team Tooling
Custom Red Team Tooling
Custom Red Team Tooling
SKILLS
SKILLS
SKILLS
EXPERIENCE
EXPERIENCE
EXPERIENCE
Founder & Host
Founder & Host
Founder & Host
Founder & Host
r19.io
r19.io
r19.io
r19.io
Lisbon - May 2025 - Present
Lisbon - May 2025 - Present
OWASP Member
OWASP Member
OWASP Member
OWASP Member
OWASP Foundation
OWASP Foundation
OWASP Foundation
OWASP Foundation
Lisbon - Jun 2024 - Present
Lisbon - Jun 2024 - Present
Principal Cybersecurity Auditor
Principal Cybersecurity Auditor
Principal Cybersecurity Auditor
Visionware
Visionware
Visionware
Lisbon - Set 2022 - Present
Lisbon - Set 2022 - Present
Lisbon - Set 2022 - Present
EXPERIENCE
Founder & Host
r19.io
Lisbon - May 2025 - Present
OWASP Member
OWASP Foundation
Lisbon - Jun 2024 - Present
Principal Cybersecurity Auditor
Visionware
Lisbon - Set 2022 - Present
Official Instructor
EC-Council
Brazil - Ago 2021 - Present
Founder & Security Researcher
Secure Tecnologia
Brazil - Apr 2016 - Present
It's a long story... Professionally I worked as a systems developer, and despite being relatively young, I've already been through a bit of everything in technology and security, huuuu, believe it or not. It all started when I was just 12 years old.
EXPERIENCE
Founder & Host
r19.io
Lisbon - May 2025 - Present
OWASP Member
OWASP Foundation
Lisbon - Jun 2024 - Present
Principal Cybersecurity Auditor
Visionware
Lisbon - Set 2022 - Present
Official Instructor
EC-Council
Brazil - Ago 2021 - Present
Founder & Security Researcher
Secure Tecnologia
Brazil - Apr 2016 - Present
It's a long story... Professionally I worked as a systems developer, and despite being relatively young, I've already been through a bit of everything in technology and security, huuuu, believe it or not. It all started when I was just 12 years old.
EXPERIENCE
Founder & Host
r19.io
Lisbon - May 2025 - Present
OWASP Member
OWASP Foundation
Lisbon - Jun 2024 - Present
Principal Cybersecurity Auditor
Visionware
Lisbon - Set 2022 - Present
Official Instructor
EC-Council
Brazil - Ago 2021 - Present
Founder & Security Researcher
Secure Tecnologia
Brazil - Apr 2016 - Present
It's a long story... Professionally I worked as a systems developer, and despite being relatively young, I've already been through a bit of everything in technology and security, huuuu, believe it or not. It all started when I was just 12 years old.
Official Instructor
Official Instructor
Official Instructor
EC-Council
EC-Council
EC-Council
Brazil - Ago 2021 - Present
Brazil - Ago 2021 - Present
Brazil - Ago 2021 - Present
Founder & Security Researcher
Founder & Security Researcher
Founder & Security Researcher
Secure Tecnologia
Secure Tecnologia
Secure Tecnologia
Brazil - Apr 2016 - Present
Brazil - Apr 2016 - Present
Brazil - Apr 2016 - Present
It's a long story... Professionally I worked as a systems developer, and despite being relatively young, I've already been through a bit of everything in technology and security, huuuu, believe it or not. It all started when I was just 12 years old.
It's a long story... Professionally I worked as a systems developer, and despite being relatively young, I've already been through a bit of everything in technology and security, huuuu, believe it or not. It all started when I was just 12 years old.
It's a long story... Professionally I worked as a systems developer, and despite being relatively young, I've already been through a bit of everything in technology and security, huuuu, believe it or not. It all started when I was just 12 years old.
EXPERIENCE
EXPERIENCE
Founder & Host
Founder & Host
Founder & Host
r19.io
r19.io
r19.io
Lisbon - May 2025 - Present
Lisbon - May 2025 - Present
OWASP Member
OWASP Member
OWASP Member
OWASP Foundation
OWASP Foundation
OWASP Foundation
Lisbon - Jun 2024 - Present
Lisbon - Jun 2024 - Present
Principal Cybersecurity Auditor
Principal Cybersecurity Auditor
Principal Cybersecurity Auditor
Visionware
Visionware
Visionware
Lisbon - Set 2022 - Present
Lisbon - Set 2022 - Present
Official Instructor
Official Instructor
Official Instructor
EC-Council
EC-Council
EC-Council
Brazil - Ago 2021 - Present
Brazil - Ago 2021 - Present
Founder & Security Researcher
Founder & Security Researcher
Founder & Security Researcher
Secure Tecnologia
Secure Tecnologia
Secure Tecnologia
Brazil - Apr 2016 - Present
Brazil - Apr 2016 - Present
It's a long story... Professionally I worked as a systems developer, and despite being relatively young, I've already been through a bit of everything in technology and security, huuuu, believe it or not. It all started when I was just 12 years old.
It's a long story... Professionally I worked as a systems developer, and despite being relatively young, I've already been through a bit of everything in technology and security, huuuu, believe it or not. It all started when I was just 12 years old.
It's a long story... Professionally I worked as a systems developer, and despite being relatively young, I've already been through a bit of everything in technology and security, huuuu, believe it or not. It all started when I was just 12 years old.
It's a long story... Professionally I worked as a systems developer, and despite being relatively young, I've already been through a bit of everything in technology and security, huuuu, believe it or not. It all started when I was just 12 years old.
It's a long story... Professionally I worked as a systems developer, and despite being relatively young, I've already been through a bit of everything in technology and security, huuuu, believe it or not. It all started when I was just 12 years old.