About me
>> My Public Projects <<
The Elevator Pitch
Security Engineer + Researcher / Software Developer / Professional Search Engine/LLM End-User with a strong interest in security and design patterns at both the low-level code and high-level architectural scopes. I enjoy enabling people with technology and improving processes with automation. I’m also fond of performing ETL and data visualization to provide valuable, actionable insights that drive impactful decisions. With a desire for learning and expanding my knowledge, I love to develop and reverse software to make the world a better place. Let’s share ideas and information!
Myers-Briggs: I/E-NTP
Strengths Finder: Ideation, Adaptability, Learner, Connectedness, Input
Cloud Security | Azure
web3 | blockchain
Primary Interests
- Application Security
- Cloud Security | Azure
- Tooling + Automation + POCs
- Shellcoding + Exploit Development
- Reverse Engineering
- Fuzzing
- Static + Dynamic Analysis
- Computers + Problem Solving + Learning + Collaborating
- Hands-On, Technical Roles
Certifications:
Bug Bounty Profiles:
Microsoft Researcher Recognition Leaderboard
- #251 - Microsoft 2023 MVR (Most Valuable Security Researcher)
My other public profiles:
Open Source Contributions:
Languages, Tools, and Technologies I play with:
Primary Languages:
Additionally, I occasionally leverage:
Other software and applications I am familiar with:
Projects
Blog posts with Proof Of Concepts: https://alecmaly.com/tag/POC
Hosted Sites / Services
- https://oss-vulns.alecmaly.com
- Dump data from https://osv.dev/list to allow filtering and findinig open source vulns with patch diffs.
- Purpose: tool similar to solodit to find real vulnerabilities and their patches to practice source code review.
- https://web3-vulns.alecmaly.com
- Track updates to in-scope contracts (+ proxy addresses) and github repos for in-scope targets of immunefi bug bounty targets
- Select targets and copy/paste generated shell command for quickly jumping into target codebase for automatic and manual review
- https://sharepoint-json-helper.alecmaly.com < (GitHub Repo) | (YouTube Demo / Tutorial)
- A tool to assist in the creation of SharePoint List Formatting JSON (outdated, new features that this tool does not address have been added to SharePoint).
- https://random.alecmaly.com < (GitHub Repo)
- Scrapes web pages for random tech categories, design patterns, tools, services, etc.
- Purpose: Learn something new & solidify previous knowledge (be reminded of a knowledge you forgot about)
- https://olgastherapy.com
- WordPress website, learnings detailed in this blog post
Tools: Privacy
-
OpenVPN Server: Free, One-Click Deployment on Oracle Cloud (OCI) < (GitHub Repo) | (YouTube Video)
Deploy a Free VPN in one click (copy/paste .sh script), it really is that easy.
- Step 1: Navigate to https://cloud.oracle.com?cloudshell=true
- Step 2: Run this command
curl -s https://raw.githubusercontent.com/alecmaly/One-Click-Oracle-OCI-OpenVPN-Deployment/main/new_oci_openvpn_server.sh | /bin/bash -s -- openvpn 1 6
Tools: Hacking
- Exploit Server POC < (GitHub Repo)
- Quick POC for functionality similar to Portswigger’s Exploit Server (Thank you Portswigger for the idea!).
Tools: Random
-
Discord MEE6 Power Leveling Bot (Python Script) < (GitHub Repo)
-
Moving Data: Power BI (TO DO: polish and release)
- Data collection scripts + Power BI (.pbix) to analyze moving to different US states (e.g.: school data, FEMA natural disasters, allergy, etc.).
Chrome Extensions < (GitHub Repo)
A collection of some Chrome Extensions I have created to solve small problems.
-
SUID GTFOBins < (GitHub Repo)
- (TO DO: Post YouTube Video)
- Easily filter GTFO Bins for output from
find / -perm /6000
-
Michigan Secretary of State Schedular < (YouTube Demo)
- During the beginning of COVID, it was difficult to schedule a secretary of state appointment in Michigan - the website was not user friendly. This Chrome Extension helped find an appointment near the user quickly.
-
NC DMV Appointment Helper < (YouTube Demo) (Chrome Store: Install)
- The North Carolina DMV Appointment website is difficult to use. This extension simplifies the experience of securing the best available appointment quickly.