About

The Consultant
Behind CCypher.

Not a team of account managers. Not a vendor trying to upsell a platform. One practitioner, doing real work, in South Florida.

Jacobe Cook — CCypher Security
JC
Jacobe Cook
Founder, CCypher Security
Fort Lauderdale, FL
EMAIL
ccyphersecurity@gmail.com
GITHUB
github.com/himcobe
COVERAGE
Broward & Miami-Dade
PLATFORMS
HackerOne Bugcrowd
My Story

Why I Built
CCypher Security

Most small and mid-size businesses in South Florida have real security gaps and nobody helping them close them. Enterprise security firms are priced for Fortune 500s and move at the pace of a committee. IT generalists don't have the offensive depth. The gap stays open until something goes wrong.

I built CCypher Security to fill that gap. I'm Jacobe Cook — a hands-on security practitioner who came up through offensive security. I learned by doing: building custom tooling, running live attacks on DVWA, hunting bugs on HackerOne and Bugcrowd against real production targets, and writing the reports that explain exactly what broke and why.

Every engagement I run, I run myself. You talk to me — not a junior analyst, not an account manager. I know what I'm doing because I test real systems with real techniques, not just check boxes against a compliance framework.

"I test the way attackers do. Then I explain it in plain English and give you the exact command to fix it."
— Jacobe Cook, Founder
The Promise

What You Get
Every Time

PROTECT

Zero Changes

Audits are 100% read-only. Active testing requires your written authorization, defined to the specific system and time window. You're always in control.

DETECT

Real Techniques

I use the same tools and methods actual attackers use — not just automated scanners. If there's a way in, I find it. No false confidence from shallow testing.

RESPOND

Exact Fixes

Every finding comes with the actual command to fix it. Not "consider reviewing your SSH configuration" — the specific line to add to sshd_config, right now.

REPORT

Plain English

Your report has an executive summary that any business owner can read and understand. Technical detail is there for your IT team. No jargon without explanation.

Technical Skills

What I Know
How to Break

// OFFENSIVE TECHNIQUES

  • SQL Injection — blind, union-based, error-based
  • XSS — reflected, stored, DOM-based, cookie theft
  • Command Injection — chained OS commands, filter bypass
  • File Inclusion — LFI, RFI, PHP filter wrappers
  • SSRF — internal metadata, unvalidated callbacks
  • Privilege Escalation — SUID abuse, sudo misconfig, cron
  • Reverse Shells — bash, python, php, nc, perl payloads
  • CSRF — forged requests, token bypass
  • IDOR — cross-account resource access, GraphQL objects
  • Brute Forcing — HTTP, custom params, threading

// TOOLS & PLATFORMS

  • Metasploit — multi/handler, post-exploitation, loot
  • Nmap — port scanning, service enum, NSE scripts
  • Burp Suite — intercepting proxy, repeater, scanner
  • Tcpdump / Wireshark — packet capture and analysis
  • Netcat / Socat — raw connections, port relay
  • Python — custom exploit tooling and automation
  • Bash — scripting, enumeration, persistence
  • GraphQL — schema enumeration, injection, IDOR testing
  • JWT Analysis — RS256/HS256 flows, claim extraction
  • Linux — Ubuntu, RHEL, WSL2 — daily driver

// TOOLS I'VE BUILT

ccypher_audit.py
14-module Linux security scanner — HTML report, scoring, email delivery
bruteforce.py
Threaded HTTP brute forcer — GET/POST, custom params, any target
recon.py
Subdomain enum, port scan, tech detection — JSON output
osint.py
Username/email OSINT across 25+ platforms
vulnscan.py
Auto SQLi, XSS, LFI scanner — boolean blind detection
revgen.py
Reverse shell generator — bash, python, nc, php, perl
View GitHub: github.com/himcobe →
Bug Bounty

Active on Real
Production Targets

I actively hunt on HackerOne and Bugcrowd — testing real production applications with real stakes. This isn't lab work. It keeps my skills current against the techniques attackers are actually using right now.

PLATFORM
HackerOne
SSRF, information disclosure, OAuth, API security
PLATFORM
Bugcrowd
GraphQL IDOR, auth testing, payment API security
FOCUS AREAS
Web & API
SSRF, IDOR, injection, auth bypass, info disclosure
WHY IT MATTERS
Always Current
Real targets, real bugs, real techniques — not just lab exercises

Ready to Work
Together?

Free 30-minute consultation. No pitch. Let's talk about your environment and where your biggest risks are.

Get in Touch See Pricing