Skip to content
View brinhosa's full-sized avatar
156 followers · 966 following

Achievements

Achievement: Pull Sharkx2Achievement: Starstruckx2Achievement: Arctic Code Vault Contributor

Achievements

Achievement: Pull Sharkx2Achievement: Starstruckx2Achievement: Arctic Code Vault Contributor

Block or report brinhosa

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
brinhosa/README.md

Hi, I'm Rafael 👋

Information Security Leader, Architect, and Researcher with 20+ years of experience, with a strong focus on Application Security, Product Security, and AI/Agent Security. I build pragmatic security programs, assessments, and frameworks aligned to risk, governance, and engineering velocity. Hands-on across manual and automated security testing, Pentesting, DevSecOps, SAST, DAST, SCA, and the occasional bug bounty (once a year, in free time 😄).

🏆 Ex-DELL, Ex-U.S. Bank, Ex-EDS (HP), Ex-Avaya, Ex-Volkswagen Digital Solutions (MAN Trucks and Buses). Currently Director of Information Security at Reltio, leading Product Security, AppSec, and AI/Agent Security for a B2B SaaS data unification and context intelligence platform (now joining the SAP family).

🎤 Speaker at OWASP Lisbon on AI agent security ("Hack Your Agents Before They Hack You"). 🔨 APIDetector presented at BlackHat Arsenal 2024.

What you'll find here

Projects I've built and maintain:

  • 🔐🤖 Awesome AI Security — A curated list of AI/LLM security tools, frameworks, guides, papers, and training, focused on open-source and community resources.
  • 🛰️ APIDetector — Fast scanner for exposed Swagger / OpenAPI endpoints across web domains and subdomains. Presented at BlackHat Arsenal 2024.
  • 🧪 Awesome Pentest Tools in Colab — A curated set of Penetration Testing and DevSecOps tools ported to Google Colab, so you can try, run, and test them in seconds without local setup.
  • 💉 Payloads — Curated payloads for Prompt Injection, XSS, SQL Injection, and other classic and AI-era attack classes.
  • 🧬 Nuclei Templates — My personal collection of Nuclei templates for vulnerability detection.

Areas I work in

AI / LLM / Agent Security · Application Security · Product Security · Penetration Testing · DevSecOps · SAST / DAST / SCA · Cloud Security (AWS, Azure, GCP) · Threat Modeling · Secure SDLC

📧 You can contact me on:

LinkedIn Twitter

🔎 You can find me on:

Twitter YouTube LinkedIn

📜 Github stats:

Rafael's GitHub stats

YouTube

Bhack 2021: Hackeando suas próprias aplicações -- Como utilizar técnicas de Bug Bounty em seu DevSecOps (https://www.youtube.com/watch?v=1dmZaQ52KIw)

DEFCON Red Team Village: Mayhem 2021 Portuguese Track: Segurança de Aplicações: Aprendendo com os erros (dos outros) (https://www.youtube.com/watch?v=CDaJ8gmLUrM)

IFPRFOZ: Segurança de Aplicações (o que você precisa saber) (https://www.youtube.com/watch?v=9TNNiO5IMHQ)

My current technology stack:

Python Shell-Script JavaScript PHP Cloudflare Docker Git GitHub Linux AWS DigitalOcean

InfoSec:

[SAST] [DAST] [DevSecOps] [Pentesting]

Technology that I am using but just less:

Java HTML5 Azure jQuery Google Cloud

I am a 👾 Security Researcher and 🔏 Bug bounty hunter in free time.

Discovered and reported several vulnerabilities in projects like Spotify, Symantec, Defense Industrial Base Vulnerability Disclosure Program (DIB-VDP) and Adobe.

⚔️ CVE reported by me:

CVE-2009-3036

Pinned Loading

  1. awesome-ai-security awesome-ai-security Public

    A collection of awesome AI Security, LLM Security, and Prompt Injection tools and resources.

    29 18

  2. apidetector apidetector Public

    APIDetector: Efficiently scan for exposed Swagger endpoints across web domains and subdomains. Supports HTTP/HTTPS, multi-threading, and flexible input/output options. Ideal for API security testing.

    Python 377 45

  3. awesome-pentest-tools-in-colab awesome-pentest-tools-in-colab Public

    A curated list of awesome Penetration Testing Tools ported to Google Colab to make faster and easier to execute and test.

    Jupyter Notebook 39 6

  4. payloads payloads Public

    Payloads for Web Application Security Testing

    Python 15 4

  5. brinhosa-nuclei-templates brinhosa-nuclei-templates Public

    7 7