Security Researcher · Web3 & Clinical AI

I audit protocols, break systems, and ship applied security tools.

Security researcher and builder working across Web3, application security, and clinical AI. Active on audit platforms and CTFs, with published work spanning smart contracts, web exploitation, cryptography, RF/SDR, forensics, and clinical agent systems.

Contact GitHub Security Blog Sherlock

60+published writeups and security notes

100+CTF challenges solved across 30+ contests

4public competitive audit platform profiles

6selected shipped projects wired from GitHub

Audit Portfolio

Public researcher profiles across competitive smart contract audit platforms.

Sherlock kudaliar Watson profile CodeHawks / Cyfrin kudaliar auditor profile Code4rena kudaliar warden profile Cantina kudaliar researcher profile

Selected Projects

Original repositories selected from GitHub for security, Web3, clinical AI, and OSINT relevance.

Midnight Network Hackathon · Healthcare Track2026

NightRx

Privacy-preserving medication eligibility system using Midnight Compact smart contracts, zero-knowledge proofs, nullifiers, React, Node.js, and QR credential flows.

MidnightZKHealthcare

Solana MagicBlock Hackathon2026

Sealdex

Sealed-bid auction infrastructure for autonomous bidding agents on Solana using Anchor, MagicBlock Private Ephemeral Rollups, TDX-sealed bids, Claude agents, and Next.js.

SolanaMagicBlockAgents

Claude Code Opus 4.7 Hackathon2026

Anamnesa

Citation-first clinical QA system over 81 public guideline documents and 9,000+ chunks, with hybrid retrieval, MCP tools, verifier loop, FastAPI, Next.js, and 165 passing tests.

RAGMCPClinical AI

AI Agent Olympics 20262026

Patiently

Multi-agent pre-visit intake and clinic queue system with Gemini triage, Featherless reminders, Speechmatics transcription, FastAPI, PostgreSQL, SSE, and Next.js.

AgentsFastAPIHealthcare

PIDI x Digdaya Hackathon · BI + OJK2026

SHARK-Fin

OSINT financial threat-intelligence platform for Indonesian banking data leaks, with Telegram/Paste/GitHub/Google collectors, risk scoring, PII masking, OJK draft reports, Docker, and 93 tests.

OSINTThreat IntelDocker

Solana Colosseum Agent Hackathon2025

Constable

On-chain forensics and investigation toolkit for Solana that recursively traces token flows across wallets and exports transaction paths for investigators.

SolanaForensicsFlask

Experience

2025 — Present

Web3 Security Researcher

Independent · Remote

Participating in competitive smart contract audits and maintaining public profiles on Sherlock, CodeHawks, Code4rena, and Cantina.
Researching EVM and Solana failure modes, including DeFi mechanics, proxy and ABI edge cases, CPI verification, access control, and oracle assumptions.
Building Web3 security tools and prototypes across Solidity, Solana/Anchor, Midnight Compact, zero-knowledge proofs, and on-chain transaction analysis.

2024 — Present

CTF Player — TCP1P

ctftime.org/user/242912

Solved 100+ challenges across 30+ competitions spanning web, Web3, cryptography, RF/SDR, forensics, pwn, and reverse engineering.
Authored Web3 challenges for the TCP1P CTF Platform.
Published 60+ challenge writeups and security notes at blog.kudaliar.id.

Achievements

1stMidnight Network Hackathon, Healthcare Track (2026)

3rdSolana MagicBlock Hackathon (2026)

Top 5HackerRank Orchestrate Hackathon

Top 10Paradigm Optimization Hackathon

Top #1CodeHawks First Flight #56 (2025)

3rdRITSEC CTF, team TCP1P (2026)

Top 15CyberAcademy Helium Challenge (2026)

100+CTF challenges across 30+ competitions with 10+ categories

Skills

Languages

Python, TypeScript, JavaScript, Solidity, Rust/Anchor, Compact, SQL, Bash

Web3 / ZK

EVM security, Solana CPI review, Midnight Compact, zero-knowledge credential flows, DeFi mechanics, on-chain forensics

AI / Agents

FastAPI agent backends, MCP/FastMCP, RAG, hybrid retrieval, verifier loops, structured JSON outputs, SSE, vLLM, Gemini, Anthropic, Featherless

Security Research

Web exploitation, XSS, SSRF, SSTI, SQLi, JWT/session flaws, parser differentials, cryptography, RF/SDR, forensics, Linux privilege escalation

Healthcare / Data

FHIR R4/HAPI, clinical guideline retrieval, medical workflow agents, PostgreSQL, SQLite, Pydantic, PDF ingestion, OSINT classifiers, data masking

Tooling

Docker, Git, GitHub Actions, pytest, ruff, Playwright/Passmark, React, Next.js, Vite, Tailwind CSS, shadcn/ui

Certifications

Cyfrin Updraft: Smart Contract Security
Cyfrin Updraft: Uniswap V4
Cyfrin Updraft: Advanced Web3 Wallet Security