Alec Maly's Tech Blog

About me

Social Media

The Elevator Pitch

Security Engineer + Researcher / Software Developer / Professional Search Engine/LLM End-User with a strong interest in security and design patterns at both the low-level code and high-level architectural scopes. I enjoy enabling people with technology and improving processes with automation. I'm also fond of performing ETL and data visualization to provide valuable, actionable insights that drive impactful decisions. With a desire for learning and expanding my knowledge, I love to develop and reverse software to make the world a better place. Let's share ideas and information!

Myers-Briggs: I/E-NTP

Strengths Finder: Ideation, Adaptability, Learner, Connectedness, Input

🌱 I'm currently learning
Cloud Security | Azure
web3 | blockchain
SAST Tooling Development

Primary Interests

Application Security
Cloud Security | Azure
Tooling + Automation + POCs
Shellcoding + Exploit Development
Reverse Engineering
Fuzzing
Static + Dynamic Analysis
Computers + Problem Solving + Learning + Collaborating
Hands-On, Technical Roles

Certifications:

Bug Bounty Profiles:

Microsoft Researcher Recognition Leaderboard

#251 - Microsoft 2023 MVR (Most Valuable Security Researcher)

Blog posts with bug reports: Tag: BugReports

My other public profiles:

Open Source Contributions:

laurent22/joplin - my commits (blog post)
ethereum/hevm - my commits, used in crytic/echidna

Languages, Tools, and Technologies I play with:

Primary Languages:

Additionally, I occasionally leverage:

Other software and applications I am familiar with:

Projects

This section is for projects which cannot be found elsewhere on my blog.

Blog posts with Proof Of Concepts: https://alecmaly.com/tag/POC

Hosted Sites / Services

https://rss.alecmaly.com
- Curated cybersecurity RSS feed, blogs and sources that are usually a high signal/noise ratio.
- I have made this public for other people that may be looking for good cybersecurity written content.
https://oss-vulns.alecmaly.com
- Dump data from https://osv.dev/list to allow filtering and finding open source vulns with patch diffs.
- Purpose: tool similar to solodit to find real vulnerabilities and their patches to practice source code review.
https://web3-vulns.alecmaly.com
- Track updates to in-scope contracts (+ proxy addresses) and github repos for in-scope targets of immunefi bug bounty targets
- Select targets and copy/paste generated shell command for quickly jumping into target codebase for automatic and manual review
https://sharepoint-json-helper.alecmaly.com < (GitHub Repo) | (YouTube Demo / Tutorial)
- A tool to assist in the creation of SharePoint List Formatting JSON (outdated, new features that this tool does not address have been added to SharePoint).
https://random.alecmaly.com < (GitHub Repo)
- Scrapes web pages for random tech categories, design patterns, tools, services, etc.
- Purpose: Learn something new & solidify previous knowledge (be reminded of a knowledge you forgot about)
https://olgastherapy.com
- WordPress website, learnings detailed in this blog post

Tools: Privacy

OpenVPN Server: Free, One-Click Deployment on Oracle Cloud (OCI) < (GitHub Repo) | (YouTube Video)
Deploy a Free VPN in one click (copy/paste .sh script), it really is that easy.
- Step 1: Navigate to https://cloud.oracle.com?cloudshell=true
- Step 2: Run this command
```
curl -s https://raw.githubusercontent.com/alecmaly/One-Click-Oracle-OCI-OpenVPN-Deployment/main/new_oci_openvpn_server.sh | /bin/bash -s -- openvpn 1 6
```

Tools: Hacking

Exploit Server POC < (GitHub Repo)
- Quick POC for functionality similar to Portswigger's Exploit Server (Thank you Portswigger for the idea!).

Tools: Random

Discord MEE6 Power Leveling Bot (Python Script) < (GitHub Repo)
Moving Data: Power BI (TO DO: polish and release)
- Data collection scripts + Power BI (.pbix) to analyze moving to different US states (e.g.: school data, FEMA natural disasters, allergy, etc.).

Chrome Extensions < (GitHub Repo)

A collection of some Chrome Extensions I have created to solve small problems.

SUID GTFOBins < (GitHub Repo)
- (TO DO: Post YouTube Video)
- Easily filter GTFO Bins for output from find / -perm /6000
Michigan Secretary of State Schedular < (YouTube Demo)
- During the beginning of COVID, it was difficult to schedule a secretary of state appointment in Michigan - the website was not user friendly. This Chrome Extension helped find an appointment near the user quickly.
NC DMV Appointment Helper < (YouTube Demo) (Chrome Store: Install)
- The North Carolina DMV Appointment website is difficult to use. This extension simplifies the experience of securing the best available appointment quickly.
Browser Extension Related Blog Posts