Available for work

I build the systems you will rely on,
and find the vulnerabilities in the ones you already use.

Second-year university student and self-taught developer. I build production software and conduct independent security research across Apple, HackerOne, and Zoho.

View Work Resume
0
Submissions
0
Vendors
0
Projects Built
0
Years Building
Selected Work

Selected work

Production systems built from the ground up — self-taught, self-directed, all shipped.

Cloud SaaS Architecture

SharePanel Host

End-to-end cloud hosting platform powering 2,400+ sites. Multi-tenant architecture, automated provisioning, integrated webmail, SSL management, and six first-party integrations — built from bare metal to UI.

Live chat, analytics, forms, auth, scheduling, and CMS — all built in, zero third-party dependencies.

PHP / MySQL / Docker / Nginx
sharepanel.host
SharePanel Host landing page
sharepanel.host/dashboard
SharePanel admin dashboard
01
MTA community feed
02
Social Platform

MTA SharePanel

University social network with real-time messaging, events, groups, and file sharing.

PHP / SQLite / WebSocket
SafeGuard home screen
SafeGuard panic attack response card
03
iOS Harm Reduction

SafeGuard

Harm reduction toolkit with 62 response cards covering overdose, de-escalation, first aid, and mental health crises. Step-by-step guidance when it matters most.

Swift / iOS / CoreData
SharePanel Support landing page
04
AI-Powered Support

SharePanel Support

AI-powered support system with automated resolution, smart routing via Gemini API, and role-based dashboards serving the entire SharePanel ecosystem.

PHP / SQLite / Gemini API
farpsec.com
FARPSEC landing page
farpsec.com/intelligence
FARPSEC intelligence feed with CVE publications
05
Security Research Vulnerability Discovery

FARPSEC

Security research laboratory focused on operating system internals and architectural vulnerability discovery. 57 submissions across 12 vendors including Apple, Zoho, and HackerOne — with multiple confirmed vulnerabilities and an active CVE publication pipeline.

IPC surface tracing, memory management auditing, state-aware exploit development, and responsible vendor disclosure.

Python / LLDB / Ghidra / macOS Internals
MyADHD landing page
MyADHD login screen
06
iOS Neurodivergence

MyADHD

Energy-based task manager for ADHD minds. No guilt, no overdue warnings — just calm structure that works with your neurology, not against it.

Swift / React / PHP
View all 28 projects
Security Research

Security research

Independent vulnerability research across major vendors. Findings confirmed by engineering teams, CVEs published, patches merged.

Apple
macOS security research — findings reproduced by Apple Security Engineering.
Zen Browser
Signature verification bypass. GHSA accepted, patches merged upstream.
Zoho
Cryptographic and authentication vulnerabilities across enterprise products.
HackerOne
Bug bounty programs — active engagement with vendor triage teams.

Reverse Engineering

Binary analysis with Ghidra and LLDB. XPC protocol reversing, daemon auditing, and sandbox policy analysis across macOS internals.

Exploit Development

Proof-of-concept development targeting privilege escalation, symlink races, information disclosure, and authentication bypass vulnerabilities.

Responsible Disclosure

Reports across multiple vendors. Findings reproduced by engineering teams. Clean disclosure process maintained throughout.

Writing

Thinking out loud

Research, analysis, and personal essays beyond the technical work.

You cannot shoot down a narrative. A missile has a return address. A disinformation campaign shared by thousands of unwitting citizens does not.
Disinformation as the Single Greatest Threat to Canadian Security
POLS 1001B — Foundations of Politics · 9 pages · 13 sources · Winter 2026
FARPSEC · Security Advisory
CVE-2026-41431 · GHSA-qpj9-m8jc-mw6q
Zen Browser MAR Updater Ships with Signature Verification Removed
The auto-update mechanism accepted unsigned MAR files — zero cryptographic verification, zero signing keys, zero channel enforcement. A compromised update server could push arbitrary code to every installation. Structural proof across 4 independent layers. GHSA accepted, patches merged upstream.
4-layer proof Patched GHSA accepted
Medium

My Hot Take On Social Media

Social media has become a net negative — stripping away authentic human connection and genuine friendship while creating an unhealthy dependence on devices.

April 2, 2025 Read on Medium
Medium

What University Taught Me (That High School Never Could)

After nine months at Mount Allison University — key lessons on discipline, attending classes, prioritizing sleep, and developing self-reliance.

March 17, 2025 Read on Medium
Medium

I've Graduated... Woo Who?

High school graduation feeling anticlimactic despite years of anticipation — reflections on rebellious behavior and practical advice for what comes next.

August 4, 2024 Read on Medium
Maliq Barnard
About

Three years building.
Two months breaking.

Second-year university student with three years of self-taught development behind me. Production hosting platforms, university-scale social networks, automation pipelines — real systems serving real users.

The security work started recently, but the foundation it draws on didn't. Understanding how production systems are built is the best preparation for finding where others fail.

Build Stack
  • Python / PHP / JavaScript
  • React / Node.js
  • Linux / Docker / Nginx
  • MySQL / SQLite / PostgreSQL
Break Stack
  • LLDB / Ghidra
  • XPC / NSXPC Reversing
  • macOS Internals
  • Binary Analysis / Fuzzing
Contact

Let's talk.

Available for development work, system architecture, and security consultation.

Email
maliq.barnard@gmail.com
Links
LinkedIn GitHub Resume
Location
Canada — AST/ADT
Send a message