In My Own Words

Blog Author Picture

Jonathan Cooper

6 followers

This blog is a partial collection of projects I've worked on. I write about hacking, fintech, malware, cloud computing and tools I've created to help us get better.

Subscribe to my newsletter and never miss my upcoming articles

Hacking HTTP with HTTPfuzz

Jan 23, 2021 10 min read

So you’ve been given a web app to pentest. Maybe it’s a banking app or a document workflow system. Either way, you need to make sure it’s done safely. Modern web applications have a large attack surface, and testing everything by hand is inefficient....

Judas: Phishing Resurrected

Oct 5, 2020 5 min read

If you’ve been reading my blog since I started writing on Medium, you’ll remember Judas, the pluggable open-source phishing proxy. I wrote Judas to prove a point on an engagement once, and unfortunately neglected it afterwards. (Side note: Go’s compr...

Printing Money With TD Ameritrade's API

Aug 13, 2020 9 min read

We’ve all heard about algorithmic trading in the news. It sounds great! You think of a program making money for you while you sip Mai Tais and smoke the finest ganja on the beach in Jamaica. I’m going to show you how you can do it yourself with TD Am...

Easy private networks with WireguardHTTPS

Jul 23, 2020 4 min read

I’ve been experimenting with Wireguard as a VPN to protect my internet traffic from local snoopers and communicate between all my devices as if they were on the same network. SSHing into an Ubuntu 20.04 Thinkpad on my home network via the VPN. Wi...

Automated API testing with Postman

Jul 19, 2019 6 min read

Postman is an excellent API testing tool for developers, QA testers and penetration testers. Its UI allows you to easily send HTTP requests and see responses, but it’s also a great automation tool. Getting stock prices from Alpha Vantage with Post...

Cloak and Dagger — Malware Techniques Demystified

Apr 3, 2019 4 min read

The cloak and dagger attack exploits a combination of drawing over other apps and the high level of access to other apps given to accessibility services on Android. It is a simple yet effective technique being exploited in the wild today by cybercrim...