Skip to content
View brinhosa's full-sized avatar
156 followers · 966 following

Achievements

Achievement: Pull Sharkx2Achievement: Starstruckx2Achievement: Arctic Code Vault Contributor

Achievements

Achievement: Pull Sharkx2Achievement: Starstruckx2Achievement: Arctic Code Vault Contributor

Block or report brinhosa

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please donโ€™t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this userโ€™s behavior. Learn more about reporting abuse.

Report abuse
brinhosa/README.md

Hi, I'm Rafael ๐Ÿ‘‹

Information Security Leader, Architect, and Researcher with 20+ years of experience, with a strong focus on Application Security, Product Security, and AI/Agent Security. I build pragmatic security programs, assessments, and frameworks aligned to risk, governance, and engineering velocity. Hands-on across manual and automated security testing, Pentesting, DevSecOps, SAST, DAST, SCA, and the occasional bug bounty (once a year, in free time ๐Ÿ˜„).

๐Ÿ† Ex-DELL, Ex-U.S. Bank, Ex-EDS (HP), Ex-Avaya, Ex-Volkswagen Digital Solutions (MAN Trucks and Buses). Currently Director of Information Security at Reltio, leading Product Security, AppSec, and AI/Agent Security for a B2B SaaS data unification and context intelligence platform (now joining the SAP family).

๐ŸŽค Speaker at OWASP Lisbon on AI agent security ("Hack Your Agents Before They Hack You"). ๐Ÿ”จ APIDetector presented at BlackHat Arsenal 2024.

What you'll find here

Projects I've built and maintain:

  • ๐Ÿ”๐Ÿค– Awesome AI Security โ€” A curated list of AI/LLM security tools, frameworks, guides, papers, and training, focused on open-source and community resources.
  • ๐Ÿ›ฐ๏ธ APIDetector โ€” Fast scanner for exposed Swagger / OpenAPI endpoints across web domains and subdomains. Presented at BlackHat Arsenal 2024.
  • ๐Ÿงช Awesome Pentest Tools in Colab โ€” A curated set of Penetration Testing and DevSecOps tools ported to Google Colab, so you can try, run, and test them in seconds without local setup.
  • ๐Ÿ’‰ Payloads โ€” Curated payloads for Prompt Injection, XSS, SQL Injection, and other classic and AI-era attack classes.
  • ๐Ÿงฌ Nuclei Templates โ€” My personal collection of Nuclei templates for vulnerability detection.

Areas I work in

AI / LLM / Agent Security ยท Application Security ยท Product Security ยท Penetration Testing ยท DevSecOps ยท SAST / DAST / SCA ยท Cloud Security (AWS, Azure, GCP) ยท Threat Modeling ยท Secure SDLC

๐Ÿ“ง You can contact me on:

LinkedIn Twitter

๐Ÿ”Ž You can find me on:

Twitter YouTube LinkedIn

๐Ÿ“œ Github stats:

Rafael's GitHub stats

YouTube

Bhack 2021: Hackeando suas prรณprias aplicaรงรตes -- Como utilizar tรฉcnicas de Bug Bounty em seu DevSecOps (https://www.youtube.com/watch?v=1dmZaQ52KIw)

DEFCON Red Team Village: Mayhem 2021 Portuguese Track: Seguranรงa de Aplicaรงรตes: Aprendendo com os erros (dos outros) (https://www.youtube.com/watch?v=CDaJ8gmLUrM)

IFPRFOZ: Seguranรงa de Aplicaรงรตes (o que vocรช precisa saber) (https://www.youtube.com/watch?v=9TNNiO5IMHQ)

My current technology stack:

Python Shell-Script JavaScript PHP Cloudflare Docker Git GitHub Linux AWS DigitalOcean

InfoSec:

[SAST] [DAST] [DevSecOps] [Pentesting]

Technology that I am using but just less:

Java HTML5 Azure jQuery Google Cloud

I am a ๐Ÿ‘พ Security Researcher and ๐Ÿ” Bug bounty hunter in free time.

Discovered and reported several vulnerabilities in projects like Spotify, Symantec, Defense Industrial Base Vulnerability Disclosure Program (DIB-VDP) and Adobe.

โš”๏ธ CVE reported by me:

CVE-2009-3036

Pinned Loading

  1. awesome-ai-security awesome-ai-security Public

    A collection of awesome AI Security, LLM Security, and Prompt Injection tools and resources.

    30 20

  2. apidetector apidetector Public

    APIDetector: Efficiently scan for exposed Swagger endpoints across web domains and subdomains. Supports HTTP/HTTPS, multi-threading, and flexible input/output options. Ideal for API security testing.

    Python 377 45

  3. awesome-pentest-tools-in-colab awesome-pentest-tools-in-colab Public

    A curated list of awesome Penetration Testing Tools ported to Google Colab to make faster and easier to execute and test.

    Jupyter Notebook 39 6

  4. payloads payloads Public

    Payloads for Web Application Security Testing

    Python 15 4

  5. brinhosa-nuclei-templates brinhosa-nuclei-templates Public

    7 7