./Alec Maly's Tech Blog

Tag: Security [3]

My AI Use Cases | Retrospective (Mar 15, 2026)
From blog re-platforming, static/taint analysis across multiple languages, SAST tooling + AI Assisted code review. I discuss my use cases and experiences with AI.
M365 Internal Phish: Abusing the Power Platform for SharePoint/OneDrive Privilege Escalation (May 13, 2022)
An internal phishing POC leveraging Microsoft 365 citizen development tools (Power Platform). Phish for access to a target user's OneDrive and all SharePoint sites they own.
Finding Vulnerabilities in an 18 Year Old MMO (Nov 12, 2021)
Finding and abusing size constrained XSS and a payment gateway bypass in an 18 year old MMO.

All Tags

Web (10) Hacking (10) POC (10) JavaScript (7) BugBounty (5) BugReports (5) reverse-engineering (4) Cloud (4) Development (3) Debugging (3) Security (3) Browser (3) Electronjs (2) Joplin (2) TypeScript (2) SharePoint (2) Chromium (2) Game-Hacking (2) Tutorial (2) XSS (2) PowerApps (2) Microsoft (2) Power-Platform (2) Privilege-Escalation (2) Browser-Extension (2) Credential-Dumping (2) Microsoft-Edge (1) Electron.js (1) Race-Condition (1) Unity (1) Blender (1) Payment-Gateway (1) Paypal (1) Dynamic-Testing (1) PowerShell (1) WinDbg (1) WinDbg-Preview (1) x32dbg (1) x64dbg (1) mona.py (1) pykd (1) Android (1) Frida (1) BurpSuite (1) .apk (1) Java (1) linux (1) il2cpp (1) adb (1) mobile (1) GraphQL (1) HackerOne (1) Pentesting (1) Python (1) CTF (1) Image-Manipulation (1) Wordpress (1) Email (1) Oracle (1) VPS (1) M365-Services (1) Phishing (1) Google-Maps (1) Optimization (1) CodeQL (1) BugCrowd (1) ExpressVPN (1) Power-Automate (1) M365 (1) Outlook (1) OneDrive (1) Microsoft-Teams (1) AWS (1) CodeBuild (1) Azure-DevOps (1) CICD (1) GitHub (1) TextMeshPro (1) Injection (1) C# (1) AI (1) Claude-Code (1) Static-Analysis (1) SAST (1) Code-Review (1) Astro (1) MCP (1) Tooling (1) Vibe-Coding (1)