Milton Araújo
Security Researcher
Lisbon, Portugal
Actions
I’m a senior offensive security specialist, red teamer, and instructor, driven by a relentless curiosity for how systems break—and how organizations can build stronger, more resilient defenses.
My expertise spans advanced red teaming, penetration testing, malware development, evasion techniques, and reverse engineering, with a strong focus on simulating real-world adversaries. I help organizations understand their true exposure by emulating the mindset, tactics, and tradecraft used by modern threat actors.
I regularly lead complex offensive operations designed to challenge modern defensive stacks such as EDR, AV, XDR, and sandbox environments, developing custom implants, memory-resident payloads, obfuscation pipelines, shellcode loaders, and stealth execution frameworks to bypass detection and expose defensive blind spots.
What I do best:
• Penetration testing across infrastructure, web applications, APIs, mobile, and wireless
• Red team operations and adversary simulation
• Malware analysis and reverse engineering (IDA Pro, Ghidra, custom tooling)
• Development of evasive malware and stealth execution techniques
• Building and scaling offensive security infrastructure and C2 frameworks
• Breaking detection mechanisms and understanding how modern defenses fail
Certifications & Professional Credentials
I hold an extensive portfolio of internationally recognized cybersecurity certifications, covering offensive, defensive, analytical, and instructional domains, including:
• OSCP, OSWP (Offensive Security)
• CPENT, CEH (ANSI / Practical / Master), CND, CSA, CHFI, CASE JAVA, ECDE, CEI (EC-Council)
• CASP+, CySA+, PenTest+, Security+, CSIE, CSAE, CSAP, CNSP, CNVP (CompTIA)
• CRTeamer (SecOps Group) • CC (ISC²) • EFH (EXIN)
• Veracode Security Labs Champion (Levels 1, 2 & 3)
• MCP & MCTA (Network, Security, WSM) (Microsoft)
This certification stack reflects a rare balance between deep offensive expertise, defensive understanding, and professional instruction capability.
Education
• Master of Science (MSc) in Cybersecurity – Digital Forensics, EC-Council University
• Bachelor’s Degree in Cybersecurity and Cyber Defense Management, UNINTER
Beyond hands-on technical work, I’m an active OWASP contributor and a postgraduate-level instructor in offensive security, helping shape the next generation of cybersecurity professionals with a strong focus on real-world attack techniques.
I’m also the host of r19.io – Hackers Behind the Code, a podcast where I interview world-class hackers, red teamers, and security researchers from around the globe. We go beyond code, diving into their methodologies, experiences, and the mindset behind modern offensive security.
My mission: to push the edge of what’s possible in offensive security—and make that knowledge accessible, practical, and impactful.
Badges
Area of Expertise
Topics
BSides Porto
The objective of this session is to explore HTML Smuggling—an often overlooked but highly effective technique used by attackers to bypass modern security controls. While the concept has existed for years, it continues to evade traditional defenses such as Antivirus (AV), Endpoint Detection and Response (EDR), and even some sandbox technologies. This persistence makes HTML Smuggling a powerful case study for anyone interested in offensive security or defense hardening. HTML Smuggling leverages the way browsers process HTML and JavaScript to deliver malicious payloads directly on the victim's device, without requiring suspicious downloads that might be blocked. By dynamically constructing or decoding binary data within the browser, attackers can trigger the execution of malware while avoiding many common detection rules that focus on static signatures, file extensions, or network traffic inspection. In this talk, I will explain the core mechanics of HTML Smuggling, walk through different variations of the technique, and highlight how attackers adapt it to defeat security layers. Practical demonstrations will showcase how a benign-looking web page can turn into a delivery mechanism for malware implants or loaders—completely under the radar of many defensive products. Attendees will leave with a red team perspective on how this technique is weaponized, along with blue team strategies for detection and mitigation. Whether you are a penetration tester, SOC analyst, or security architect, this session will provide actionable insights into why HTML Smuggling still matters—and how to prepare your defenses against it.
OWASP Lisbon
HTML Smuggling to EDR Bypass
The aim of this talk is to demonstrate various techniques of HTML Smuggling and how they can be utilized to bypass traditional Antivirus (AV) and Endpoint Detection and Response (EDR) solutions. Despite being an older technique, HTML Smuggling remains relevant and effective against contemporary security measures, making it a compelling topic in the cybersecurity landscape.
HTML Smuggling is a method employed by cybercriminals to covertly deliver malicious payloads directly to a target device through web browsers. This technique exploits the way browsers interpret HTML and JavaScript, allowing attackers to disguise their actions within seemingly benign web pages. Once a user visits a compromised page, the embedded malicious code can dynamically download files without raising red flags. This process often circumvents common security mechanisms that rely on detecting known file types or extensions.
During the talk, I will explain the underlying principles of HTML Smuggling, present various attack vectors, and demonstrate real-world applications of this technique. Audience members will gain insights into how attackers leverage this method to bypass security frameworks, as well as important considerations for defending against such tactics.
Milton Araújo
Milton Araújo is a Security Researcher at r19.io specializing in red teaming, malware development, evasion techniques, and reverse engineering. They help organizations improve their defenses by simulating real-world adversaries and exposing the gaps that traditional tools often miss.
Their work focuses on designing advanced offensive operations that bypass modern detection technologies like EDR, AV, XDR, and sandboxes. They build custom implants, memory-resident payloads, and stealthy execution frameworks to replicate the tactics of sophisticated threat actors. Milton also has broad experience in penetration testing, malware analysis, and offensive infrastructure development.
Outside of research, they contribute to the OWASP community and teach offensive security at the postgraduate level. They also host r19.io, a podcast featuring in-depth conversations with hackers, red teamers, and security researchers from around the world.
OWASP Leiria
Talk: HTML Smuggling to EDR Bypass by Milton Araújo (Security Researcher @ Secure Tecnologia)
Abstract: Delve into how cybercriminals utilize HTML Smuggling to circumvent traditional security measures like Antivirus (AV) and Endpoint Detection and Response (EDR) solutions. This session will explore the nuances of this stealthy attack method, showcasing how malicious payloads can be discreetly delivered to target devices via browsers while evading standard security protocols.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top