./Alec Maly's Tech Blog

All Tags

Web POC Hacking JavaScript reverse-engineering Cloud Debugging BugBounty TypeScript Tutorial SharePoint Security Privilege-Escalation PowerApps Power-Platform Microsoft Joplin Game-Hacking Electronjs Development Credential-Dumping Chromium Browser-Extension Browser x64dbg x32dbg pykd mona.py mobile linux il2cpp adb XSS Wordpress WinDbg-Preview WinDbg VPS Unity Race-Condition Python PowerShell Power-Automate Phishing Pentesting Paypal Payment-Gateway Outlook Oracle Optimization OneDrive Microsoft-Teams Microsoft-Edge M365-Services M365 Java Image-Manipulation HackerOne GraphQL Google-Maps GitHub Frida ExpressVPN Email Electron.js Dynamic-Testing CodeQL CodeBuild CTF CICD BurpSuite BugCrowd Blender Azure-DevOps Android AWS .apk

Web [10]

Resolving Undocumented AWS Codebuild Errors and Discussing CI/CD GitHub Integration Security (17 Jun 2025)
[$15,000 Bounty] M365 Phish: Power Platform Privilege Escalation and Pivoting (29 Feb 2024)
[$1250 - High Severity] Bypassing Brower Extension's Geolocation Spoofing with a Malicious Website (Location Guard & ExpressVPN) (28 Aug 2023)
Optimizing Multi-Destination Routes with Google Maps and a Chrome Extension (07 Nov 2022)
M365 Internal Phish: Abusing the Power Platform for SharePoint/OneDrive Privilege Escalation (13 May 2022)
Download and Sort HackerOne Hacktivity Reports Using GraphQL Introspection (12 Jan 2022)
My First Wordpress Site: olgastherapy.com (04 Jan 2022)
Debugging a Race Condition Between Microsoft Edge and SharePoint (23 Nov 2021)
Scanning and Hooking Dynamic, Client-Side Data in Modern Web Applications (22 Nov 2021)
Finding Vulnerabilities in an 18 Year Old MMO (12 Nov 2021)

POC [8]

Resolving Undocumented AWS Codebuild Errors and Discussing CI/CD GitHub Integration Security (17 Jun 2025)
[$15,000 Bounty] M365 Phish: Power Platform Privilege Escalation and Pivoting (29 Feb 2024)
[$1250 - High Severity] Bypassing Brower Extension's Geolocation Spoofing with a Malicious Website (Location Guard & ExpressVPN) (28 Aug 2023)
Optimizing Multi-Destination Routes with Google Maps and a Chrome Extension (07 Nov 2022)
Image Slicing with Python (25 Jan 2022)
Scanning and Hooking Dynamic, Client-Side Data in Modern Web Applications (22 Nov 2021)
Exploring the WinDbg Preview JavaScript API (22 Oct 2021)
Hacking Electron Apps: Joplin (12 Oct 2021)

Hacking [8]

[$15,000 Bounty] M365 Phish: Power Platform Privilege Escalation and Pivoting (29 Feb 2024)
[$1250 - High Severity] Bypassing Brower Extension's Geolocation Spoofing with a Malicious Website (Location Guard & ExpressVPN) (28 Aug 2023)
M365 Internal Phish: Abusing the Power Platform for SharePoint/OneDrive Privilege Escalation (13 May 2022)
Download and Sort HackerOne Hacktivity Reports Using GraphQL Introspection (12 Jan 2022)
Game Hacking: Extracting Meshes to Make a Minimap HUD (08 Dec 2021)
Finding Vulnerabilities in an 18 Year Old MMO (12 Nov 2021)
Hacking Electron Apps: Joplin (12 Oct 2021)
Android Hacking Tips and Tricks with Frida & BurpSuite (10 Oct 2021)

JavaScript [6]

[$1250 - High Severity] Bypassing Brower Extension's Geolocation Spoofing with a Malicious Website (Location Guard & ExpressVPN) (28 Aug 2023)
Scanning and Hooking Dynamic, Client-Side Data in Modern Web Applications (22 Nov 2021)
Exploring the WinDbg Preview JavaScript API (22 Oct 2021)
Hacking Electron Apps: Joplin (12 Oct 2021)
Adventures in Open Source Contributing: Joplin (11 Oct 2021)
Android Hacking Tips and Tricks with Frida & BurpSuite (10 Oct 2021)

reverse-engineering [4]

Game Hacking: Extracting Meshes to Make a Minimap HUD (08 Dec 2021)
Exploring the WinDbg Preview JavaScript API (22 Oct 2021)
Hacking Electron Apps: Joplin (12 Oct 2021)
Android Hacking Tips and Tricks with Frida & BurpSuite (10 Oct 2021)

Cloud [4]

Resolving Undocumented AWS Codebuild Errors and Discussing CI/CD GitHub Integration Security (17 Jun 2025)
[$15,000 Bounty] M365 Phish: Power Platform Privilege Escalation and Pivoting (29 Feb 2024)
M365 Internal Phish: Abusing the Power Platform for SharePoint/OneDrive Privilege Escalation (13 May 2022)
My First Wordpress Site: olgastherapy.com (04 Jan 2022)

Debugging [3]

Debugging a Race Condition Between Microsoft Edge and SharePoint (23 Nov 2021)
Scanning and Hooking Dynamic, Client-Side Data in Modern Web Applications (22 Nov 2021)
Adventures in Open Source Contributing: Joplin (11 Oct 2021)

BugBounty [3]

TypeScript [2]

Hacking Electron Apps: Joplin (12 Oct 2021)
Adventures in Open Source Contributing: Joplin (11 Oct 2021)

Tutorial [2]

My First Wordpress Site: olgastherapy.com (04 Jan 2022)
Game Hacking: Extracting Meshes to Make a Minimap HUD (08 Dec 2021)

SharePoint [2]

[$15,000 Bounty] M365 Phish: Power Platform Privilege Escalation and Pivoting (29 Feb 2024)
Debugging a Race Condition Between Microsoft Edge and SharePoint (23 Nov 2021)

Security [2]

M365 Internal Phish: Abusing the Power Platform for SharePoint/OneDrive Privilege Escalation (13 May 2022)
Finding Vulnerabilities in an 18 Year Old MMO (12 Nov 2021)

Privilege-Escalation [2]

[$15,000 Bounty] M365 Phish: Power Platform Privilege Escalation and Pivoting (29 Feb 2024)
M365 Internal Phish: Abusing the Power Platform for SharePoint/OneDrive Privilege Escalation (13 May 2022)

PowerApps [2]

[$15,000 Bounty] M365 Phish: Power Platform Privilege Escalation and Pivoting (29 Feb 2024)
Scanning and Hooking Dynamic, Client-Side Data in Modern Web Applications (22 Nov 2021)

Power-Platform [2]

[$15,000 Bounty] M365 Phish: Power Platform Privilege Escalation and Pivoting (29 Feb 2024)
M365 Internal Phish: Abusing the Power Platform for SharePoint/OneDrive Privilege Escalation (13 May 2022)

Microsoft [2]

[$15,000 Bounty] M365 Phish: Power Platform Privilege Escalation and Pivoting (29 Feb 2024)
M365 Internal Phish: Abusing the Power Platform for SharePoint/OneDrive Privilege Escalation (13 May 2022)

Joplin [2]

Hacking Electron Apps: Joplin (12 Oct 2021)
Adventures in Open Source Contributing: Joplin (11 Oct 2021)

Game-Hacking [2]

Game Hacking: Extracting Meshes to Make a Minimap HUD (08 Dec 2021)
Finding Vulnerabilities in an 18 Year Old MMO (12 Nov 2021)

Electronjs [2]

Hacking Electron Apps: Joplin (12 Oct 2021)
Adventures in Open Source Contributing: Joplin (11 Oct 2021)

Development [2]

My First Wordpress Site: olgastherapy.com (04 Jan 2022)
Adventures in Open Source Contributing: Joplin (11 Oct 2021)

Credential-Dumping [2]

Resolving Undocumented AWS Codebuild Errors and Discussing CI/CD GitHub Integration Security (17 Jun 2025)
[$15,000 Bounty] M365 Phish: Power Platform Privilege Escalation and Pivoting (29 Feb 2024)

Chromium [2]

Optimizing Multi-Destination Routes with Google Maps and a Chrome Extension (07 Nov 2022)
Debugging a Race Condition Between Microsoft Edge and SharePoint (23 Nov 2021)

Browser-Extension [2]

Browser [2]

x64dbg [1]

Exploring the WinDbg Preview JavaScript API (22 Oct 2021)

x32dbg [1]

Exploring the WinDbg Preview JavaScript API (22 Oct 2021)

pykd [1]

Exploring the WinDbg Preview JavaScript API (22 Oct 2021)

mona.py [1]

Exploring the WinDbg Preview JavaScript API (22 Oct 2021)

mobile [1]

Android Hacking Tips and Tricks with Frida & BurpSuite (10 Oct 2021)

linux [1]

Android Hacking Tips and Tricks with Frida & BurpSuite (10 Oct 2021)

il2cpp [1]

Android Hacking Tips and Tricks with Frida & BurpSuite (10 Oct 2021)

adb [1]

Android Hacking Tips and Tricks with Frida & BurpSuite (10 Oct 2021)

XSS [1]

Finding Vulnerabilities in an 18 Year Old MMO (12 Nov 2021)

Wordpress [1]

My First Wordpress Site: olgastherapy.com (04 Jan 2022)

WinDbg-Preview [1]

Exploring the WinDbg Preview JavaScript API (22 Oct 2021)

WinDbg [1]

Exploring the WinDbg Preview JavaScript API (22 Oct 2021)

VPS [1]

My First Wordpress Site: olgastherapy.com (04 Jan 2022)

Unity [1]

Game Hacking: Extracting Meshes to Make a Minimap HUD (08 Dec 2021)

Race-Condition [1]

Debugging a Race Condition Between Microsoft Edge and SharePoint (23 Nov 2021)

Python [1]

Image Slicing with Python (25 Jan 2022)

PowerShell [1]

Hacking Electron Apps: Joplin (12 Oct 2021)

Power-Automate [1]

[$15,000 Bounty] M365 Phish: Power Platform Privilege Escalation and Pivoting (29 Feb 2024)

Phishing [1]

M365 Internal Phish: Abusing the Power Platform for SharePoint/OneDrive Privilege Escalation (13 May 2022)

Pentesting [1]

Download and Sort HackerOne Hacktivity Reports Using GraphQL Introspection (12 Jan 2022)

Paypal [1]

Finding Vulnerabilities in an 18 Year Old MMO (12 Nov 2021)

Payment-Gateway [1]

Finding Vulnerabilities in an 18 Year Old MMO (12 Nov 2021)

Outlook [1]

[$15,000 Bounty] M365 Phish: Power Platform Privilege Escalation and Pivoting (29 Feb 2024)

Oracle [1]

My First Wordpress Site: olgastherapy.com (04 Jan 2022)

Optimization [1]

Optimizing Multi-Destination Routes with Google Maps and a Chrome Extension (07 Nov 2022)

OneDrive [1]

[$15,000 Bounty] M365 Phish: Power Platform Privilege Escalation and Pivoting (29 Feb 2024)

Microsoft-Teams [1]

[$15,000 Bounty] M365 Phish: Power Platform Privilege Escalation and Pivoting (29 Feb 2024)

Microsoft-Edge [1]

Debugging a Race Condition Between Microsoft Edge and SharePoint (23 Nov 2021)

M365-Services [1]

M365 Internal Phish: Abusing the Power Platform for SharePoint/OneDrive Privilege Escalation (13 May 2022)

M365 [1]

[$15,000 Bounty] M365 Phish: Power Platform Privilege Escalation and Pivoting (29 Feb 2024)

Java [1]

Android Hacking Tips and Tricks with Frida & BurpSuite (10 Oct 2021)

Image-Manipulation [1]

Image Slicing with Python (25 Jan 2022)

HackerOne [1]

Download and Sort HackerOne Hacktivity Reports Using GraphQL Introspection (12 Jan 2022)

GraphQL [1]

Download and Sort HackerOne Hacktivity Reports Using GraphQL Introspection (12 Jan 2022)

Google-Maps [1]

Optimizing Multi-Destination Routes with Google Maps and a Chrome Extension (07 Nov 2022)

GitHub [1]

Resolving Undocumented AWS Codebuild Errors and Discussing CI/CD GitHub Integration Security (17 Jun 2025)

Frida [1]

Android Hacking Tips and Tricks with Frida & BurpSuite (10 Oct 2021)

ExpressVPN [1]

[$1250 - High Severity] Bypassing Brower Extension's Geolocation Spoofing with a Malicious Website (Location Guard & ExpressVPN) (28 Aug 2023)

Email [1]

My First Wordpress Site: olgastherapy.com (04 Jan 2022)

Electron.js [1]

Debugging a Race Condition Between Microsoft Edge and SharePoint (23 Nov 2021)

Dynamic-Testing [1]

Scanning and Hooking Dynamic, Client-Side Data in Modern Web Applications (22 Nov 2021)

CodeQL [1]

[$1250 - High Severity] Bypassing Brower Extension's Geolocation Spoofing with a Malicious Website (Location Guard & ExpressVPN) (28 Aug 2023)

CodeBuild [1]

Resolving Undocumented AWS Codebuild Errors and Discussing CI/CD GitHub Integration Security (17 Jun 2025)

CTF [1]

Image Slicing with Python (25 Jan 2022)

CICD [1]

Resolving Undocumented AWS Codebuild Errors and Discussing CI/CD GitHub Integration Security (17 Jun 2025)

BurpSuite [1]

Android Hacking Tips and Tricks with Frida & BurpSuite (10 Oct 2021)

BugCrowd [1]

[$1250 - High Severity] Bypassing Brower Extension's Geolocation Spoofing with a Malicious Website (Location Guard & ExpressVPN) (28 Aug 2023)

Blender [1]

Game Hacking: Extracting Meshes to Make a Minimap HUD (08 Dec 2021)

Azure-DevOps [1]

Resolving Undocumented AWS Codebuild Errors and Discussing CI/CD GitHub Integration Security (17 Jun 2025)

Android [1]

Android Hacking Tips and Tricks with Frida & BurpSuite (10 Oct 2021)

AWS [1]

Resolving Undocumented AWS Codebuild Errors and Discussing CI/CD GitHub Integration Security (17 Jun 2025)

.apk [1]

Android Hacking Tips and Tricks with Frida & BurpSuite (10 Oct 2021)