Available for work

Maliq Barnard — Full-Stack Developer & Security Researcher. I build the systems you will rely on,
and find the vulnerabilities in the ones you already use.

Maliq Barnard — second-year university student and self-taught developer. I build production software and conduct independent security research across Apple, HackerOne, and Zoho.

View Work Resume
Security Research
macOS internals, XPC reversing, sandbox escapes. Active across Apple, HackerOne, and Zoho.
Production Software
Full-stack platforms built and shipped. PHP, Python, React, Swift. Whatever the job needs.
Photography
Editorial landscape work. BC to the Northwest Territories, mostly shot from the side of the road.
Writing
Technical research, opinion pieces, and the occasional essay that has nothing to do with code.
Selected Work

Selected work

Production systems built from the ground up. Self-taught, self-directed, all shipped.

farpsec.xyz
FARPSEC landing page
farpsec.xyz/intelligence
FARPSEC intelligence feed with CVE publications
01
Security Research Vulnerability Discovery

FARPSEC

Security research lab focused on operating system internals and architectural vulnerability discovery. 57 submissions across 12 vendors including Apple, Zoho, and HackerOne. Multiple confirmed vulnerabilities and an active CVE publication pipeline.

IPC surface tracing, memory management auditing, state-aware exploit development. Responsible vendor disclosure throughout.

Python / LLDB / Ghidra / macOS Internals
Independent Research

Finding what scanners miss.

Reverse-engineering OS internals, tracing IPC surfaces, building exploit primitives. Then reporting responsibly. Vulnerabilities confirmed by Apple Security Engineering, CVEs published, patches merged upstream.

Apple Zen Browser Zoho HackerOne
$ scope: macOS internals, IPC, crypto, auth
$ tools: LLDB, Ghidra, Python, Frida
$ status: active
02
SafeGuard home screen
SafeGuard panic attack response card
03
iOS Harm Reduction

SafeGuard

Harm reduction toolkit with 62 response cards covering overdose, de-escalation, first aid, and mental health crises. Clear guidance when it matters.

Swift / iOS / CoreData
SharePanel Support landing page
04
AI-Powered Support

SharePanel Support

AI-powered support system with automated resolution, smart routing via Gemini API, and role-based dashboards serving the entire SharePanel ecosystem.

PHP / SQLite / Gemini API
MyADHD landing page
MyADHD login screen
05
iOS Neurodivergence

MyADHD

Energy-based task manager for ADHD minds. No guilt, no overdue warnings. Calm structure that works with your brain instead of yelling at it.

Swift / React / PHP
Cloud SaaS Architecture

SharePanel Host

Cloud hosting platform powering 2,400+ sites. Multi-tenant architecture, automated provisioning, integrated webmail, SSL management, six first-party integrations. Built from bare metal to UI.

Live chat, analytics, forms, auth, scheduling, CMS. All built in, zero third-party dependencies.

PHP / MySQL / Docker / Nginx
sharepanel.host
SharePanel Host landing page
sharepanel.host/dashboard
SharePanel admin dashboard
06
MTA community feed
07
Social Platform

MTA SharePanel

University social network with real-time messaging, events, groups, and file sharing.

PHP / SQLite / WebSocket
View all 29 projects
Security Research

Security research

Independent vulnerability research across major vendors. Findings confirmed by engineering teams, CVEs published, patches merged.

Apple
macOS security research. Findings reproduced by Apple Security Engineering.
Zen Browser
Signature verification bypass. GHSA accepted, patches merged upstream.
Zoho
Cryptographic and authentication vulnerabilities across enterprise products.
HackerOne
Bug bounty programs. Active engagement with vendor triage teams.

Reverse Engineering

Binary analysis with Ghidra and LLDB. XPC protocol reversing, daemon auditing, sandbox policy analysis on macOS.

Exploit Development

Proof-of-concept development targeting privilege escalation, symlink races, info disclosure, auth bypass.

Responsible Disclosure

Reports across multiple vendors. Findings reproduced by engineering teams. Clean disclosure process maintained throughout.

Writing

Thinking out loud

Research, analysis, and personal essays outside the technical work.

You cannot shoot down a narrative. A missile has a return address. A disinformation campaign shared by thousands of unwitting citizens does not.
Disinformation as the Single Greatest Threat to Canadian Security
POLS 1001B — Foundations of Politics · 9 pages · 13 sources · Winter 2026
FARPSEC · Security Advisory
CVE-2026-41431 · GHSA-qpj9-m8jc-mw6q
Zen Browser MAR Updater Ships with Signature Verification Removed
The auto-update mechanism accepted unsigned MAR files. No cryptographic verification, no signing keys, no channel enforcement. A compromised update server could push arbitrary code to every installation. Structural proof across 4 independent layers. GHSA accepted, patches merged upstream.
4-layer proof Patched GHSA accepted
Medium

My Hot Take On Social Media

Social media has become a net negative. It strips away authentic connection and genuine friendship while creating an unhealthy dependence on devices.

April 2, 2025 Read on Medium
Medium

What University Taught Me (That High School Never Could)

After nine months at Mount Allison University. Key lessons on discipline, showing up to class, sleeping properly, and figuring things out yourself.

March 17, 2025 Read on Medium
Medium

I've graduated... Woo Woo!?

High school graduation feeling anticlimactic despite years of anticipation. Reflections on rebellious behavior and practical advice for what comes next.

August 4, 2024 Read on Medium
Photography

Through the North

Landscapes and sunsets from a road trip across western Canada. BC to the Northwest Territories.

Crimson mackerel sky over marina
Crimson mackerel sky
Surfer entering misty Pacific
Into the Mist
Turquoise alpine lake
Emerald Waters
Suspension bridge in rainforest
Suspension
Waterfall into teal coastal inlet
Hidden Falls
View full gallery
Maliq Barnard
About

Three years building.
Two months breaking.

Second-year university student with three years of self-taught development behind me. Production hosting platforms, university-scale social networks, automation pipelines. Real systems serving real users.

The security work started recently, but the foundation it draws on didn't. Understanding how production systems are built is the best preparation for finding where others fail.

Build Stack
  • Python / PHP / JavaScript
  • React / Node.js
  • Linux / Docker / Nginx
  • MySQL / SQLite / PostgreSQL
Break Stack
  • LLDB / Ghidra
  • XPC / NSXPC Reversing
  • macOS Internals
  • Binary Analysis / Fuzzing
Contact

Let's talk.

Available for development work, system architecture, or security consultation.

Email
maliq.barnard@gmail.com
Links
LinkedIn GitHub Resume
Location
Canada, AST/ADT
Send a message