Charles Hamilton is a seasoned offensive security leader with 12 years of hands-on experience building red team tooling and leading enterprise offensive programs across North America. Currently Director at CYPFER after senior leadership roles at KPMG Canada and Mandiant/Trustwave, he combines strategic program leadership with deep technical craft in Windows post-exploitation, evasion, and tooling. His open-source work — from PowerShell and C# red team utilities to macro and shellcode obfuscation projects — demonstrates a pragmatic focus on realistic attack simulation and detection evasion techniques. Charles is comfortable shipping low-level C utilities for syscall/ unhooking analysis, fileless lateral movement tools, and managed/unmanaged PowerShell RAT components, reflecting a rare blend of engineering and adversary mindset. Based in Chambly, Quebec, he mentors teams to translate offensive findings into actionable defense improvements while continuing to publish practical red team tools. A lesser-known thread through his work is the emphasis on reproducible, modular payload generation and evasion patterns intended for controlled, ethical testing at scale.
12 years of coding experience
4 years of employment as a software developer
AEC Programmation réseaux et télécommunication, AEC Programmation réseaux et télécommunication at ISI institut supérieur d'informatique
DKMC - Dont kill my cat - Malicious payload evasion tool
Role in this project:
Security Engineer
Contributions:45 commits, 1 PR, 51 pushes in 3 years 5 months
Contributions summary:Charles primarily contributed to developing a malicious payload evasion tool. They focused on obfuscation techniques and implemented features to generate and manipulate shellcode and Powershell scripts. The user made frequent changes to the `gen.py` module, implementing shellcode generation and encoding. They also updated `ps.py` and `exec-sc-rand.ps1` to support Powershell payload generation and execution.
Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
Role in this project:
Security Engineer
Contributions:46 commits, 8 PRs, 47 pushes in 2 years 5 months
Contributions summary:Charles primarily focuses on developing a post-exploitation tool, SCShell, designed for fileless lateral movement using Windows service manipulation. They implemented the core functionality of SCShell, including its ability to modify and start services, along with the ability to revert the changes. The user added Pass-The-Hash functionality and enhanced the tool with restoration of the service binary path. Moreover, they adapted the tool for use as a Cobalt Strike Beacon Object File (BOF) and included a Python script.
lateral-movementrun-command
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.