Skip to content
View zahidoverflow's full-sized avatar
WINNING OR LEARNING
WINNING OR LEARNING
12 followers · 71 following

Highlights

  • Pro

Block or report zahidoverflow

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
zahidoverflow/README.md

Mohammad Zahidul Islam

Security researcher specializing in web3 and blockchain security. I find vulnerabilities in smart contracts, audit decentralized infrastructure, and build tools that help secure the next generation of financial systems.

contact = {
    "x": "zahidoverflow",
    "linkedin": "zahidoverflow"
}

What I Do

I focus on high-impact security work at the intersection of cryptography, distributed systems, and adversarial thinking:

  • Smart contract auditing — identifying logic flaws, access control issues, and economic attack vectors in Solidity/Vyper codebases
  • Web3 infrastructure security — auditing crypto wallets, RPC nodes, bridges, and protocol implementations
  • Vulnerability research — discovering zero-days and coordinating responsible disclosure with project teams
  • Security tooling — building analyzers, fuzzers, and automation frameworks for blockchain security testing

Current Research

  • Smart contract vulnerability patterns across DeFi protocols
  • Attack surface analysis of blockchain nodes and consensus mechanisms
  • Security-critical components in cross-chain bridges and interoperability layers

Technical Stack

Languages: Solidity, Vyper, Python, JavaScript/TypeScript, Rust
Tools: Foundry, Hardhat, Slither, Echidna, Manticore, Mythril
Domains: EVM internals, DeFi protocols, cryptographic primitives, threat modeling

Approach

Security isn't about checkboxes. It's about understanding how systems break under adversarial conditions—and building defenses that hold up when money is on the line. I combine deep technical knowledge with real-world attack modeling to identify risks others miss.

Collaboration

Open to:

  • Security audits and consulting for web3 projects
  • Research partnerships on novel attack vectors
  • Contributing to open-source security tooling
  • Speaking engagements on blockchain security

Reach out via X or LinkedIn.

Popular repositories Loading

  1. shadowcam shadowcam Public

    Android virtual camera controller with root Camera1 sync and Compose UI

    Kotlin 8 1

  2. oneshot oneshot Public

    Forked from kimocoder/OneShot

    Run WiFi WPS PIN attacks (Pixie Dust, online bruteforce, PIN prediction) without monitor mode with the wpa_supplicant

    Python 3 1

  3. sensitive-scanner sensitive-scanner Public

    scans JavaScript files for sensitive data (e.g., API keys, tokens) using my custom regex patterns. Features concurrent scanning, adjustable concurrency (default: 5), and JSON output

    Go 1

  4. raidscanner raidscanner Public

    A web vulnerability scanner for detecting LFI, SQLi, XSS, Open Redirect, and CRLF vulnerabilities. Features a modern Web Dashboard, Interactive CLI, and complete Docker support.

    Python 1

  5. perplexity-cli perplexity-cli Public

    Forked from redscorpse/perplexity.ai-cli

    A powerful command-line tool that brings Perplexity AI's web-search powered conversational AI directly to your terminal.

    Python 1

  6. html-practise html-practise Public

    Learning html with git and github

    HTML