getuid

CodeX

Offensive Researcher & Red Team Operator

I specialize in advanced EDR evasion, red team tooling, and offensive security research.

Read my blog GitHub Get in touch

Open to full-time offensive security roles

01. about me

A bit about me

I'm an offensive security researcher based in Singapore, currently pursuing a Bachelor's in Information Security at the Singapore Institute of Technology while working as a Cyber Offensive Intern at softScheck APAC.

I build open-source offensive tooling focused on EDR evasion, C2 infrastructure, and post-exploitation.

I share my research on my blog, where I write about in-memory evasion, tradecraft etc.

02. experience

Where I've worked

Intern — Cyber Offensive May 2025 – Apr 2026
softScheck APAC — Singapore
  • Specialized in delivering stealth-based red teaming in modern environments with EDR
  • Communicated red team engagement results to stakeholders and management
  • Created COSG's playbooks and tools for red teaming operations
  • Automated deployment of resilient C2 infrastructure
  • Worked with sales to scope and plan red team proposals
  • Performed web and network penetration testing
  • Developed tools to streamline penetration testing processes
Freelance — Cyber Range Development Dec 2024
ASYNC Security Labs — Remote
  • Deployed cyber ranges with Ansible and Ludus
  • Designed realistic cyber range scenarios focused on Active Directory attacks
Contract — Offensive Research Jul – Oct 2024
Altered Security — Remote
  • Research and development on evading enterprise EDRs (Elastic Defend, Microsoft Defender for Endpoint)
  • Research and development on evading Mark Of The Web (MOTW) for phishing attacks
  • Research and development on lateral movement in Active Directory while evading EDR
  • Developed simulated users for realistic training environments
  • Documented offensive tools and tradecraft for course material
Intern — Attack Simulation Group Sep 2021 – Jun 2022
Cyber Security Agency of Singapore — Singapore
  • Developed a modular, extensible tool to automate development and generation of evasive shellcode loaders
  • Developed a shellcode stager to dynamically stage payloads based on endpoint configuration
  • Presented offensive research titled "Evasion Adventures" at Division Zero (Div0) exploring modern EDR evasion

03. projects

Things I've built

I build and maintain open-source offensive security tooling focused on EDR evasion, C2 frameworks, and red team tradecraft. All projects live on my GitHub.

Beacon Object Files (BOFs)
Multiple popular Cobalt Strike Beacon Object Files enhancing the stealth and post-exploitation capabilities of the Beacon implant.
CustomC2ChannelTemplate
Framework for development of custom C2 channels for Cobalt Strike, implemented via IAT hooks independent of the ExternalC2 interface.
OpenMalleableC2
Framework-agnostic library implementing Cobalt Strike's Malleable C2 profile format for HTTP transformations.
View more on GitHub

04. credentials

Credentials

Certifications

Offensive Security Certified Professional (OSCP)
Offensive Security · 2025
Certified Red Team Lead (CRTL)
Zero-Point Security · 2025
Web Application Penetration Tester (eWPT)
eLearnSecurity · 2026
Certified Azure Red Team Professional (CARTP)
Altered Security · 2023
Certified Red Team Operator (CRTO)
Zero-Point Security · 2023
Certified Professional Penetration Tester (eCPPT)
eLearnSecurity · 2022
HackTheBox ProLabs — Zephyr & RastaLabs
HackTheBox · 2024
Offensive Security Wireless Professional (OSWP)
Offensive Security · 2018

Education

Bachelor of Science — Information Security
Singapore Institute of Technology · 2022–2026
Diploma — Information Security Management
Singapore Polytechnic · 2019–2022

05. awards

Recognition

PwC Hackaday CTF — 4th Place
2024
ITSEC Asia Book Prize in Ethical Hacking
2024
HackTheBox ProLabs — Zephyr, RastaLabs Completion
2024
WorldSkills Singapore (Cyber Security) — Bronze Medal
2021
Cyber Defenders Discovery Camp — 3rd Place
2021
SANS Mixed Disciplines CTF — 6th Place
2020
YCEP CTF — 2nd Place
2018

06. research

Publications & Talks

Evasion Adventures
Division Zero (Div0) — Singapore

Presented at Division Zero on modern in-memory evasion tradecraft for red teams, exploring techniques to bypass enterprise EDRs while operating with Beacon. Covered live demonstrations, detection logic analysis, and practical evasion strategies for modern defensive stacks.

Read more on my blog

07. contact

Get in touch

I'm currently open to full-time roles in offensive security and red teaming. If you think I'd be a good fit, feel free to reach out.

ethanseowyh@gmail.com
Blog GitHub LinkedIn