● SYS · IDENTITY · PUBLIC RECORD OPERATOR-ID // BDS-001 · TANGERANG · ID ▸ SCAN 05.26 ● LIVE

OPERATOR · SECURITY · LOW-LEVEL · POLYMATH

ANTONIUS // handle: w1sdom · since 1998

Independent low-level security researcher and hardware hacker, operating from Indonesia. Specialized in Linux kernel exploitation, rootkit development, and CVE discovery. A former 1990s 16-bit assembly virus writer turned modern kernel-internals researcher. Operating publicly as bluedragonsec.com.

▸ access arsenal ↗ visit home base

27YRS

offensive R&D

42REPO

public github

04CVE

2026 catalogue

24REL

packetstorm releases

LINUX KERNEL EXPLOITATION SLUB SHEAVES // KERNEL 7.0 HARDWARE HACKING UAF // DOUBLE-FREE // RACE ROOTKIT DEVELOPMENT FTRACE // KLD // LKM CVE DISCOVERY SMEP // SMAP // KASLR BYPASS REVERSE ENGINEERING X86 // X64 ASSEMBLY LINUX KERNEL EXPLOITATION SLUB SHEAVES // KERNEL 7.0 HARDWARE HACKING UAF // DOUBLE-FREE // RACE ROOTKIT DEVELOPMENT FTRACE // KLD // LKM CVE DISCOVERY SMEP // SMAP // KASLR BYPASS REVERSE ENGINEERING X86 // X64 ASSEMBLY

$ 01 // sector

DISCIPLINES

three crafts. one operator.

Low-level security is not a single discipline. It is the intersection of kernel internals, hardware reality, and code that runs without abstractions. I have practiced all three since 1998.

// SECTOR 01

KERNEL land

Linux kernel internals — SLUB allocator, the new sheaves caching architecture in 7.0, race conditions, UAF and double-free chains. Modern mitigation bypass: KASLR, SMEP, SMAP, hardened slab. Static audit paired with targeted fuzzing.

slab sheaves uaf df race kaslr-bypass

// SECTOR 02

USER land

Heap and stack corruption on hardened userland. Daemon and parser bug-class research at the low level. ROP / JOP chain construction, one-gadget exploitation, modern mitigation bypass on DNS servers, FTP daemons, and parsers.

heap stack rop jop honggfuzz asan

// SECTOR 03

HARDWARE land

Hardware hacking and tactical robotics. Embedded systems, sensor and biometric evasion, custom offensive hardware. Electronics work since 1996 — treated as a first-class discipline, not an afterthought to the software work.

embedded mechatronics biometric robotics iot tactical

$ 02 // sector

ARSENAL // PUBLIC

pinned repositories

Six pinned projects out of 42 public repositories. From legendary archive code to active 2026 research — everything below is open source and reachable on GitHub.

REPO_01 // ROOTKIT // LIVE ↗

bds_lkm_ftrace

Ftrace-based Linux Loadable Kernel Module rootkit for kernel 5.x up to 6.2 on x86_64. Hides files, processes, bind & reverse shell ports. Privilege escalation. Modern Linux kernel target.

★ 39 stars ⑂ 9 forks LKM ROOTKIT

REPO_02 // ROOTKIT // BSD ↗

bds_freebsd

FreeBSD KLD rootkit for FreeBSD 13. Hides files, processes, ports; ships with a bind-shell backdoor. Developed manually by Antonius in 2023.

★ 16 stars ⑂ 2 forks KLD ROOTKIT

REPO_03 // CVE // 2026 ↗

CVE-2026-23416-POC

Proof-of-concept for CVE-2026-23416 — vulnerability discovered by Antonius. Affects Linux kernel 6.17 through 7.0-rc5. mm/mseal stale pointer after VMA merge.

★ 8 stars ⑂ 1 fork CVE POC

REPO_04 // RESEARCH // FRONTIER ↗

slab-sheaf union state confusion

Technical research on a theoretical weaponization path for Linux kernel 7.0-rc7 memory corruption primitives via slab_sheaf union state confusion in the SLUB Sheaves architecture.

★ 9 stars ⑂ 6 forks KERNEL 7.0

REPO_05 // ROOTKIT // LEGEND ↗

xinyiquan-rc

Xingyiquan — a legendary Linux kernel rootkit for kernel 2.6 and 3.x. Developed by Antonius (sw0rdm4n / w1sdom) in 2014. Featured in academic literature and rootkit indices.

★ 2 stars ⑂ 2 forks ARCHIVE · 2014

REPO_06 // EXPLOIT // ARCHIVE ↗

exploits

Legacy exploit collection — historical proofs-of-concept from the early career as ev1lut10n / sw0rdm4n. Includes the polkitd race-condition LPE released in 2011.

★ 2 stars ⑂ 0 forks ARCHIVE

$ 03 // sector

VERIFIED RECORD

CVE catalogue

Public CVEs and responsibly-disclosed vulnerabilities, recent and archival. Full archive lives on bluedragonsec.com.

CVE-2026-23416 mm/mseal — stale curr_end pointer after VMA merge MEDIUM Linux 6.17 – 7.0-rc5

CVE-2026-31429 Linux Kernel — SLUB cross-cache confusion in net/bpf MEDIUM Linux 6.3 – 6.12.82

CVE-2026-27831 rldns 1.3 — heap OOB read in DNS server MEDIUM rldns 1.3

CVE-2026-30658 bftpd 6.4 — FTP daemon parsing bug LOW bftpd 6.4

DISCLOSURE LiteDNS — OOB read in DNS name parsing MEDIUM LiteDNS

DISCLOSURE BuptLab dns_relay — remote heap underflow MEDIUM BuptLab relay

ARCHIVE · 2011 polkitd 0.96 — race condition local privilege escalation ARCHIVE polkitd 0.96

$ 04 // sector

TRAJECTORY

twenty-seven years.

From 16-bit assembly viruses in 1998 to kernel 7.0 exploitation in 2026. A continuous, uninterrupted track in offensive R&D.

1998

x86 ASM & 16-bit virus research// origin

2003

SDF Lonestar · Solhack communities// network

2009

Devilzc0de co-founder// community

2014

Xingyiquan rootkit · LKM// landmark

2023

bds_freebsd · KLD rootkit// bsd

2026

Kernel 7.0 · SLUB sheaves// active

$ 05 // sector

CHANNELS

public footprint

Where to find the operator. All channels are monitored. bluedragonsec.com is the canonical home address.

// CH_01 · HOME ↗

bluedragonsec.com

www.bluedragonsec.com

// CH_02 · CODE ↗

GitHub primary

github.com/bluedragonsecurity

// CH_03 · CODE ↗

GitHub robotics

github.com/antoniusrobotsoft

// CH_06 · PROFESSIONAL ↗

linkedin.com/in/antonius-bluedragonsec

// CH_07 · RELEASES ↗

PacketStorm #10292

packetstorm.news/files/author/10292

// CH_08 · VIDEO ↗

YouTube robotics

youtube.com/@antoniusringlayer

// CH_09 · COMMUNITY ↗

0x00sec @w1sdom

forum.0x00sec.org/u/w1sdom

initiate uplink

open for research
and engagement.

Available for vulnerability research collaboration, contract engagement, and international recruitment as a low-level specialist. Channels above are open.

▸ visit bluedragonsec.com ↗ github · primary