Skip to content
View brinhosa's full-sized avatar

Highlights

  • Pro

Block or report brinhosa

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
brinhosa/README.md

Rafael B. Brinhosa

I am an experienced Information Security Leader, Consultant, Researcher and Security Architect with 20 years of experience including several years in Application Security. Skilled in developing Information Security programs, assessments, and frameworks aligned to risk, security, and governance practices for organizations. Experienced in manual and automated security testing, Pentesting, DevSecOps, SAST, DAST and Bug Bounty(once per year in free time : D). ( 🏆 Ex-DELL, Ex-USBank, Ex-EDS(HP), Ex-AVAYA, Ex-Volkswagen Digital Solutions(MAN Trucks and Buses), now working as a Principal Security Architect at Reltio.

Welcome to my page; on my Github, you can find:

📧 You can contact me on:

LinkedIn Twitter

🔎 You can find me on:

Twitter YouTube LinkedIn

📜 Github stats:

Github Stats

YouTube

Bhack 2021: Hackeando suas próprias aplicações -- Como utilizar técnicas de Bug Bounty em seu DevSecOps (https://www.youtube.com/watch?v=1dmZaQ52KIw)

DEFCON Red Team Village: Mayhem 2021 Portuguese Track: Segurança de Aplicações: Aprendendo com os erros (dos outros) (https://www.youtube.com/watch?v=CDaJ8gmLUrM)

IFPRFOZ: Segurança de Aplicações (o que você precisa saber) (https://www.youtube.com/watch?v=9TNNiO5IMHQ)

My current technology stack:

Python Shell-Script JavaScript PHP Cloudflare Docker Git GitHub Linux AWS DigitalOcean

InfoSec:

[SAST] [DAST] [DevSecOps] [Pentesting]

Technology that I am using but just less:

Java HTML5 Azure jQuery Google Cloud


I am a 👾 Security Researcher and 🔏 Bug bounty hunter in free time.

Discovered and reported several vulnerabilities in projects like Spotify, Symantec, Defense Industrial Base Vulnerability Disclosure Program (DIB-VDP) and Adobe.

⚔️ CVE reported by me:

CVE-2009-3036

Pinned Loading

  1. awesome-pentest-tools-in-colab awesome-pentest-tools-in-colab Public

    A curated list of awesome Penetration Testing Tools ported to Google Colab to make faster and easier to execute and test.

    Jupyter Notebook 34 6

  2. payloads payloads Public

    Payloads for Web Application Security Testing

    14 3

  3. brinhosa-nuclei-templates brinhosa-nuclei-templates Public

    6 8

  4. apidetector apidetector Public

    APIDetector: Efficiently scan for exposed Swagger endpoints across web domains and subdomains. Supports HTTP/HTTPS, multi-threading, and flexible input/output options. Ideal for API security testing.

    Python 304 33