06

Timeline

1998 💻
First Contact
At age 10, first steps in the world of computers and technology. The beginning of a self-taught journey.
2004 🚀
First Projects
At age 16, development and commercial operation of projects — hoststart.com.br and ritmosbsb.com.
2006–2010 🌐
Web & Infrastructure
Hosting projects, institutional websites, Linux servers and automation.
2010–2015 🏛️
Government & Corporate
Projects for public sector, international organizations, energy sector, automotive industry and political parties across multiple areas.
2015–2020 🔒
Security & Backend
Specialization in information security, reverse engineering, banking SDKs and financial platforms.
2020–2024 ⚙️
Platforms & SDKs
wSocket (16 SDKs), xPusher, HostStart — complete SaaS architecture, billing and push notifications.
2024–today 💎
Fullstack Expert
+22 years of commercial experience (+28 years of IT). Desktop, WASM, mobile, realtime and security research.
07

Resume

👤

// professional profile

  • Rafael Cavalcanti da Silva — Brasília, DF. Born on 09/13/1988.
  • Fullstack developer with 22+ years of commercial career and 28+ accumulated in technology (since age 10).
  • Specialist in information security, reverse engineering and SDK development.
  • Proven track record on projects for public sector, international organizations, energy sector, automotive industry and political parties.
  • Author of 16 multi-language SDKs and creator of complete SaaS platforms.
  • Founder, SEO and mentor of xpusher.net and wsocket.io.
⚙️

// technical experience

  • SaaS hosting platform with provisioning, recurring billing, 2FA and React + FastAPI dashboards.
  • Push notification advertising network with CPC/CPM model and analytics dashboard in Go + Next.js.
  • Modular banking integration SDKs with multi-step authentication, RSA/AES cryptography and MongoDB persistence.
  • Reverse engineering tooling: APK analysis with Frida, JADX, mitmproxy and endpoint mapping.
  • Native desktop automation with Go + Win32 API — conditional logic, screen capture and standalone binary.
  • GUI for remote server management via SSH/SFTP with encrypted credentials.
  • Messaging automation at scale with Playwright, Puppeteer and Selenium.
  • Banking file generation CNAB 240 — TED, DOC, PIX, payment slips and taxes.
  • Browser extensions (Manifest V3) with remote monitoring and WebSocket backend.
  • Desktop applications with Flutter/Dart and Go/Fyne for Linux and Windows.
🛠️

// main stack

  • Backend: Python (FastAPI, Flask), Go (net/http, gorilla/mux), Node.js (Express, ws)
  • Frontend: React 18/19, Next.js 15/16, Astro, Tailwind CSS, MUI, Electron
  • Databases: MongoDB (motor, pymongo, Go driver), Redis (Pub/Sub), SQLite
  • Realtime: WebSocket, Redis Pub/Sub, Push Notifications (VAPID, FCM, APNs)
  • Offensive Security: Pentesting, exploit development, vulnerability scanning, brute-force, credential harvesting, traffic analysis
  • Defensive Security: Hardening, WAF, IDS/IPS, firewall, iptables, forensic analysis, monitoring
  • Reverse Engineering: Frida, JADX, apktool, mitmproxy, RSA/AES/X.509, OAuth 2.0, hooking, JNI/NDK
  • Mobile: Java/Android, Kotlin, Android SDK, Gradle, APK instrumentation, native lib analysis
  • DevOps: Linux, Nginx, Docker, systemd, Vagrant, SSH automation, CI/CD
  • Desktop: Go (Fyne, lxn/walk Win32), Flutter/Dart, C# .NET, Conky/Rofi
  • WASM: Emscripten (C→WASM), wasm-bindgen (Rust→WASM)