Topic: Modern Red Teaming & EDR Evasion Techniques
Abstract: The objective of this session is to explore HTML Smuggling—an often overlooked but highly effective technique used by attackers to bypass modern security controls. While the concept has existed for years, it continues to evade traditional defenses such as Antivirus (AV), Endpoint Detection and Response (EDR), and even some sandbox technologies. This persistence makes HTML Smuggling a powerful case study for anyone interested in offensive security or defense hardening. HTML Smuggling leverages the way browsers process HTML and JavaScript to deliver malicious payloads directly on the victim’s device, without requiring suspicious downloads that might be blocked. By dynamically constructing or decoding binary data within the browser, attackers can trigger the execution of malware while avoiding many common detection rules that focus on static signatures, file extensions, or network traffic inspection. In this talk, I will explain the core mechanics of HTML Smuggling, walk through different variations of the technique, and highlight how attackers adapt it to defeat security layers. Practical demonstrations will showcase how a benign-looking web
page can turn into a delivery mechanism for malware implants or loaders—completely under the radar of many defensive products. Attendees will leave with a red team perspective on how this technique is weaponized, along with blue team strategies for detection and mitigation. Whether you are a penetration tester, SOC analyst, or security architect, this session will provide actionable insights into why HTML Smuggling still matters—and how to prepare your defenses against it.
Key Takeaways:
- How HTML Smuggling abuses browser-native features to bypass traditional security controls.
- Why signature-based detection and sandboxing often fail against dynamically assembled payloads.
- Real-world variations of HTML Smuggling used to evade AV, EDR, and network inspection.
- Practical detection and mitigation strategies from both red team and blue team perspectives.
Speaker:
Milton Araújo, Security Researcher
Bio: I am an offensive security specialist with a strong focus on red team operations, malware development, evasion techniques, and reverse engineering. My work centers on simulating real-world adversaries to help organizations assess and improve their defenses against modern security controls such as EDR, AV, XDR, and sandbox technologies.
I regularly conduct advanced penetration tests across infrastructure, web, APIs, mobile, and wireless environments, and develop custom implants and stealth execution frameworks. I am an OWASP community contributor, an official EC-Council (CEI) instructor, and the host of r19.io, a podcast featuring leading hackers and security researchers from around the world.
