In My Own Words

Subscribe to my newsletter and never miss my upcoming articles

Judas: Phishing Resurrected

Oct 5, 20205 min read

If you’ve been reading my blog since I started writing on Medium, you’ll remember Judas, the pluggable open-source phishing proxy. I wrote Judas to prove a point on an engagement once, and unfortunately neglected it afterwards. (Side note: Go’s compr...

Printing Money With TD Ameritrade's API

Aug 13, 20209 min read

We’ve all heard about algorithmic trading in the news. It sounds great! You think of a program making money for you while you sip Mai Tais and smoke the finest ganja on the beach in Jamaica. I’m going to show you how you can do it yourself with TD Am...

Easy private networks with WireguardHTTPS

Jul 23, 20204 min read

I’ve been experimenting with Wireguard as a VPN to protect my internet traffic from local snoopers and communicate between all my devices as if they were on the same network. SSHing into an Ubuntu 20.04 Thinkpad on my home network via the VPN. Wi...

Automated API testing with Postman

Jul 19, 20196 min read

Postman is an excellent API testing tool for developers, QA testers and penetration testers. Its UI allows you to easily send HTTP requests and see responses, but it’s also a great automation tool. Getting stock prices from Alpha Vantage with Post...

Cloak and Dagger — Malware Techniques Demystified

Apr 3, 20194 min read

The cloak and dagger attack exploits a combination of drawing over other apps and the high level of access to other apps given to accessibility services on Android. It is a simple yet effective technique being exploited in the wild today by cybercrim...

Disabling OkHttp’s SSL Pinning on Android Apps

Sep 27, 20182 min read

Your target has an Android application and you want to walk through their API to check for server-side vulnerabilities. You configure the emulator to use Burp Suite as a proxy and begin using the app. https://gist.github.com/JonCooperWorks/1866d3efe7...