I'M MILTON
Security Researcher
Offensive security specialist with deep expertise in penetration testing, evasion techniques, malware development, and reverse engineering.
Hackers Behind
the Code
Hackers Behind
the Code
Exploring the minds shaping digital security from the inside out.
Access the podcast now!
CERTIFICATIONS
CERTIFICATIONS
ARTICLES
HTML Smuggling and EDR Bypass
This project demonstrates how to use HTML Smuggling as an evasion technique to bypass Antivirus (AV) and Endpoint Detection and Response (EDR) solutions. Originally presented at Leiria Tech Talks, this walkthrough covers payload generation, shellcode transformation, in-memory execution, and delivery via a web browser using HTML Smuggling techniques.
HTML Smuggling and
EDR Bypass
This project demonstrates how to use HTML Smuggling as an evasion technique to bypass Antivirus (AV) and Endpoint Detection and Response (EDR) solutions. Originally presented at Leiria Tech Talks, this walkthrough covers payload generation, shellcode transformation, in-memory execution, and delivery via a web browser using HTML Smuggling techniques.
HTML Smuggling and
EDR Bypass
This project demonstrates how to use HTML Smuggling as an evasion technique to bypass Antivirus (AV) and Endpoint Detection and Response (EDR) solutions. Originally presented at Leiria Tech Talks, this walkthrough covers payload generation, shellcode transformation, in-memory execution, and delivery via a web browser using HTML Smuggling techniques.
Adaptix C2 Framework
Adaptix C2 is a modular and stealth-oriented Command and Control framework tailored for red team operations. It supports advanced evasion techniques, customizable listeners, and an extensible architecture through operational modules called extenders. This article explores its setup, payload delivery, and practical offensive use cases.
Adaptix C2 Framework
Adaptix C2 is a modular and stealth-oriented Command and Control framework tailored for red team operations. It supports advanced evasion techniques, customizable listeners, and an extensible architecture through operational modules called extenders. This article explores its setup, payload delivery, and practical offensive use cases.
Adaptix C2 Framework
Adaptix C2 is a modular and stealth-oriented Command and Control framework tailored for red team operations. It supports advanced evasion techniques, customizable listeners, and an extensible architecture through operational modules called extenders. This article explores its setup, payload delivery, and practical offensive use cases.
ABOUT ME
I lead advanced red team operations focused on bypassing modern defensive technologies such as EDRs, antivirus engines, and sandbox environments. My work involves developing custom payloads, in-memory loaders, and obfuscation techniques to simulate real-world threats and support continuous security improvement.
Key areas of expertise:
• Penetration testing (Infrastructure, Web, APIs, Mobile, Wireless)
• Penetration testing (Infrastructure, Web, APIs, Mobile, Wireless)
• Penetration testing (Infrastructure, Web, APIs, Mobile, Wireless)
• Penetration testing (Infrastructure, Web, APIs, Mobile, Wireless)
• Penetration testing (Infrastructure, Web, APIs, Mobile, Wireless)
• Malware analysis and binary reversing using IDA Pro, Ghidra, and custom tools
• Malware analysis and binary reversing using IDA Pro, Ghidra, and custom tools
• Malware analysis and binary reversing using IDA Pro, Ghidra, and custom tools
• Malware analysis and binary reversing using IDA Pro, Ghidra, and custom tools
• Malware analysis and binary reversing using IDA Pro, Ghidra, and custom tools
• Building evasive malware and shellcode execution frameworks
• Building evasive malware and shellcode execution frameworks
• Building evasive malware and shellcode execution frameworks
• Building evasive malware and shellcode execution frameworks
• Building evasive malware and shellcode execution frameworks
• Adversary emulation and threat simulation
• Adversary emulation and threat simulation
• Adversary emulation and threat simulation
• Adversary emulation and threat simulation
• Adversary emulation and threat simulation
• Offensive tooling and red team infrastructure
• Offensive tooling and red team infrastructure
• Offensive tooling and red team infrastructure
• Offensive tooling and red team infrastructure
• Offensive tooling and red team infrastructure
• Bypassing detection controls (AV/EDR/XDR)
• Bypassing detection controls (AV/EDR/XDR)
• Bypassing detection controls (AV/EDR/XDR)
• Bypassing detection controls (AV/EDR/XDR)
• Bypassing detection controls (AV/EDR/XDR)
In parallel with hands-on work, I actively contribute to the OWASP community and participate in security research projects focused on offensive techniques and threat modeling.
I also serve as a postgraduate-level cybersecurity instructor, sharing knowledge in areas like malware development, exploit analysis, and offensive security operations.
My mission is to push the boundaries of offensive security to help organizations strengthen their defenses,understand attacker tradecraft, and build resilient environments.
I lead advanced red team operations focused on bypassing modern defensive technologies such as EDRs, antivirus engines, and sandbox environments. My work involves developing custom payloads, in-memory loaders, and obfuscation techniques to simulate real-world threats and support continuous security improvement.
Key areas of expertise:
• Penetration testing (Infrastructure, Web, APIs, Mobile, Wireless)
• Penetration testing (Infrastructure, Web, APIs, Mobile, Wireless)
• Penetration testing (Infrastructure, Web, APIs, Mobile, Wireless)
• Malware analysis and binaryreversing using IDA Pro, Ghidra, and custom tools
• Malware analysis and binaryreversing using IDA Pro, Ghidra, and custom tools
• Malware analysis and binaryreversing using IDA Pro, Ghidra, and custom tools
• Building evasive malware and shellcode execution frameworks
• Building evasive malware and shellcode execution frameworks
• Building evasive malware and shellcode execution frameworks
• Adversary emulation and threat simulation
• Adversary emulation and threat simulation
• Adversary emulation and threat simulation
• Offensive tooling and red team infrastructure
• Offensive tooling and red team infrastructure
• Offensive tooling and red team infrastructure
• Bypassing detection controls (AV/EDR/XDR)
• Bypassing detection controls (AV/EDR/XDR)
• Bypassing detection controls (AV/EDR/XDR)
In parallel with hands-on work, I actively contribute to the OWASP community and participate in security research projects focused on offensive techniques and threat modeling.
I also serve as a postgraduate-level cybersecurity instructor, sharing knowledge in areas like malware development, exploit analysis, and offensive security operations.
My mission is to push the boundaries of offensive security to help organizations strengthen their defenses,understand attacker tradecraft, and build resilient environments.
I lead advanced red team operations focused on bypassing modern defensive technologies such as EDRs, antivirus engines, and sandbox environments. My work involves developing custom payloads, in-memory loaders, and obfuscation techniques to simulate real-world threats and support continuous security improvement.
In parallel with hands-on work, I actively contribute to the OWASP community and participate in security research projects focused on offensive techniques and threat modeling.
I also serve as a postgraduate-level cybersecurity instructor, sharing knowledge in areas like malware development, exploit analysis, and offensive security operations.
My mission is to push the boundaries of offensive security to help organizations strengthen their defenses,understand attacker tradecraft, and build resilient environments.
SKILLS
Offensive Reverse Engineering
Advanced Post-Exploitation
Custom Payloads & Shellcode
Buffer Overflow Exploits
Protocol & Misconfig Exploits
Tunneling & Covert Channels
Exploitation Validation
Web App Exploitation (OWASP)
Client-Side Payloads
Misconfig Discovery (Cloud/On-Prem)
Audit Alignment (ISO/NIST/OWASP)
Red & Purple Team Support
Pen Testing Methodologies
Threat Surface Mapping
Windows Attack Techniques
Exploit Chain Research
Malware & Fingerprint Reduction
EDR & NDR Evasion
AV Evasion (Obfuscation, HTML-S)
Anti-Forensics & Traffic Shaping
Active Directory Exploits
Credential Attacks & Token Abuse
Custom Red Team Tooling
EXPERIENCE
Founder & Host
r19.io
Lisbon - May 2025 - Present
OWASP Member
OWASP Foundation
Lisbon - Jun 2024 - Present
Principal Cybersecurity Auditor
Visionware
Lisbon - Set 2022 - Present
Official Instructor
EC-Council
Brazil - Ago 2021 - Present
EXPERIENCE
Founder & Host
r19.io
Lisbon - May 2025 - Present
OWASP Member
OWASP Foundation
Lisbon - Jun 2024 - Present
Principal Cybersecurity Auditor
Principal Cybersecurity
Auditor
Visionware
Lisbon - Set 2022 - Present
Official Instructor
EC-Council
Brazil - Ago 2021 - Present
Founder & Security Researcher
Founder & Security
Researcher
Secure Tecnologia
Brazil - Apr 2016 - Present
It's a long story... Professionally I worked as a systems developer, and despite being relatively young, I've already been through a bit of everything in technology and security, huuuu, believe it or not. It all started when I was just 12 years old.
