About me

>> My Public Projects <<

Social Media

The Elevator Pitch

Security Engineer + Researcher / Software Developer / Professional Search Engine/LLM End-User with a strong interest in security and design patterns at both the low-level code and high-level architectural scopes. I enjoy enabling people with technology and improving processes with automation. I’m also fond of performing ETL and data visualization to provide valuable, actionable insights that drive impactful decisions. With a desire for learning and expanding my knowledge, I love to develop and reverse software to make the world a better place. Let’s share ideas and information!

Myers-Briggs: I/E-NTP

Strengths Finder: Ideation, Adaptability, Learner, Connectedness, Input

🌱 I'm currently learning
Cloud Security | Azure
web3 | blockchain

Primary Interests

• Application Security
• Cloud Security | Azure
• Tooling + Automation + POCs
• Shellcoding + Exploit Development
• Reverse Engineering
• Fuzzing
• Static + Dynamic Analysis
• Computers + Problem Solving + Learning + Collaborating
• Hands-On, Technical Roles

Certifications:

Bug Bounty Profiles:

Microsoft Researcher Recognition Leaderboard

• #251 - Microsoft 2023 MVR (Most Valuable Security Researcher)

My other public profiles:

Open Source Contributions:

• laurent22/joplin (blog post)
• ethereum/hevm / crytic/echidna

---

Languages, Tools, and Technologies I play with:

Primary Languages:

Additionally, I occasionally leverage:

Other software and applications I am familiar with:

Projects

---

This section is for projects which cannot be found elsewhere on my blog.

Blog posts with Proof Of Concepts: https://alecmaly.com/tag/POC

---

Hosted Sites / Services

• https://oss-vulns.alecmaly.com
  • Dump data from https://osv.dev/list to allow filtering and findinig open source vulns with patch diffs.
  • Purpose: tool similar to solodit to find real vulnerabilities and their patches to practice source code review.
• https://web3-vulns.alecmaly.com
  • Track updates to in-scope contracts (+ proxy addresses) and github repos for in-scope targets of immunefi bug bounty targets
  • Select targets and copy/paste generated shell command for quickly jumping into target codebase for automatic and manual review
• https://sharepoint-json-helper.alecmaly.com < (GitHub Repo) | (YouTube Demo / Tutorial)
  • A tool to assist in the creation of SharePoint List Formatting JSON (outdated, new features that this tool does not address have been added to SharePoint).
• https://random.alecmaly.com < (GitHub Repo)
  • Scrapes web pages for random tech categories, design patterns, tools, services, etc.
  • Purpose: Learn something new & solidify previous knowledge (be reminded of a knowledge you forgot about)
• https://olgastherapy.com
  • WordPress website, learnings detailed in this blog post

---

Tools: Privacy

• OpenVPN Server: Free, One-Click Deployment on Oracle Cloud (OCI) < (GitHub Repo) | (YouTube Video)

  Deploy a Free VPN in one click (copy/paste .sh script), it really is that easy.

  • Step 1: Navigate to https://cloud.oracle.com?cloudshell=true
  • Step 2: Run this command

      curl -s https://raw.githubusercontent.com/alecmaly/One-Click-Oracle-OCI-OpenVPN-Deployment/main/new_oci_openvpn_server.sh | /bin/bash -s -- openvpn 1 6
    

---

Tools: Hacking

• Exploit Server POC < (GitHub Repo)
  • Quick POC for functionality similar to Portswigger’s Exploit Server (Thank you Portswigger for the idea!).

---

Tools: Random

• Discord MEE6 Power Leveling Bot (Python Script) < (GitHub Repo)

• Moving Data: Power BI (TO DO: polish and release)

  • Data collection scripts + Power BI (.pbix) to analyze moving to different US states (e.g.: school data, FEMA natural disasters, allergy, etc.).

---

Chrome Extensions < (GitHub Repo)

A collection of some Chrome Extensions I have created to solve small problems.

• SUID GTFOBins < (GitHub Repo)

  • (TO DO: Post YouTube Video)
  • Easily filter GTFO Bins for output from find / -perm /6000

• Michigan Secretary of State Schedular < (YouTube Demo)

  • During the beginning of COVID, it was difficult to schedule a secretary of state appointment in Michigan - the website was not user friendly. This Chrome Extension helped find an appointment near the user quickly.

• NC DMV Appointment Helper < (YouTube Demo) (Chrome Store: Install)

  • The North Carolina DMV Appointment website is difficult to use. This extension simplifies the experience of securing the best available appointment quickly.

• Browser Extension Related Blog Posts