brinhosa Goto Github PK

followers: 95.0 following: 792.0 repos: 262.0 gists: 2.0

Name: Rafael

Type: User

Bio: https://linkedin.com/in/brinhosa

Twitter: brinhosa

Rafael B. Brinhosa

I am an experienced Information Security Consultant, Researcher and Security Architect with 20 years of experience including several years in Application Security. Skilled in developing Information Security programs, assessments, and frameworks aligned to risk, security, and governance practices for organizations. Experienced in manual and automated security testing, Pentesting, DevSecOps, SAST, DAST and Bug Bounty(once per year in free time : D). ( 🏆 Ex-DELL, Ex-USBank, Ex-EDS(HP), Ex-AVAYA, Ex-Volkswagen Digital Solutions(MAN Trucks and Buses), now working as a Principal Security Architect at Reltio.

Welcome to my page; on my Github, you can find:

Projects created by me
A curated list of awesome Penetration Testing and DevSecOps Tools ported to Google Colab to make faster and easier to try, execute and test. (https://github.com/brinhosa/awesome-pentest-tools-in-colab)
APIDetector (https://github.com/brinhosa/apidetector)
My nuclei templates (https://github.com/brinhosa/brinhosa-nuclei-templates)

📧 You can contact me on:

🔎 You can find me on:

📜 Github stats:

Bhack 2021: Hackeando suas próprias aplicações -- Como utilizar técnicas de Bug Bounty em seu DevSecOps (https://www.youtube.com/watch?v=1dmZaQ52KIw)

DEFCON Red Team Village: Mayhem 2021 Portuguese Track: Segurança de Aplicações: Aprendendo com os erros (dos outros) (https://www.youtube.com/watch?v=CDaJ8gmLUrM)

IFPRFOZ: Segurança de Aplicações (o que você precisa saber) (https://www.youtube.com/watch?v=9TNNiO5IMHQ)

My current technology stack:

InfoSec:

[SAST] [DAST] [DevSecOps] [Pentesting]

Technology that I am using but just less:

I am a 👾 Security Researcher and 🔏 Bug bounty hunter in free time.

Discovered and reported several vulnerabilities in projects like Spotify, Symantec, Defense Industrial Base Vulnerability Disclosure Program (DIB-VDP) or Adobe.

⚔️ CVE reported by me:

CVE-2009-3036

Rafael 's Projects

4-zero-3

403/401 Bypass Methods + Bash Automation + Your Support ;)

anno.js

Interactive step-by-step guides for web apps.

aort

All in One Recon Tool for Bug Bounty

api-sec-c

Checklist of the most important security countermeasures when designing, testing, and releasing your API

apidetector

APIDetector: Efficiently scan for exposed Swagger endpoints across web domains and subdomains. Supports HTTP/HTTPS, multi-threading, and flexible input/output options. Ideal for API security testing.

aquatone-docker

Aquatone (go version) docker image

archerysec

Automate Your Application Security Orchestration And Correlation (ASOC) Using ArcherySec.

arsenal

Arsenal is a Simple shell script (Bash) used to install tools and requirements for Bug Bounty

atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.

auto-copilot1

🛠️✨ Automation Tool for GitHub Copilot 💪 that Auto Fixes code with Live Preview 🚀🤯🤩

autoenum

Automatic Service Enumeration Script

av-payloads

During the exploitation phase of a pen test or ethical hacking engagement, you will ultimately need to try to cause code to run on target system computers. Whether accomplished by phishing emails, delivering a payload through an exploit, or social engineering, running code on target computers is part of most penetration tests. That means that you will need to be able to bypass antivirus software or other host-based protection for successful exploitation. The most effective way to avoid antivirus detection on your target's computers is to create your own customized backdoor. Here is a simple way to evade anti-virus software when creating backdoors!