Antonius
Security Researcher

Low Level · Hardware Hacking · w1sdom

A former 1990s assembly virus writer. As a polymath security researcher, I combine multidisciplinary expertise in low-level vulnerability research and hardware hacking, supported by a solid foundation in mechatronics, mathematics, and deep learning to provide a rare skillset.

Read Research Vulnerability Research
Low-Level Vulnerability Research | Hardware Hacking | Robotics | Indonesia
AVAILABLE FOR RESEARCH COLLABORATION & OPEN TO WORK
Antonius w1sdom
bluedragonsec.com

documentations

docs
security (indonesian language)
docs-en
security (english language)
robotics
mechatronic
math
mathematics
ai
artificial intelligence
VULNERABILITY RESEARCH

CVE & Non CVE

CVE-2026-23416
Linux mm/mseal - Stale curr_end After VMA Merge
curr_end becomes stale after VMA merge in mseal_apply(), leading to incorrect sealing state. Affects Linux kernels 6.17–7.0-rc5. Fix authored by Lorenzo Stoakes (Oracle). Vulnerability discovered by Antonius
MEDIUM Linux 6.17 – 7.0-rc5
CVE-2026-30658
Reserved
bftpd 6.4 FTP daemon parsing bug
LOW bftpd 6.4
CVE-2026-27831
rldns 1.3 — Heap Out-of-Bounds Read
Heap OOB read vulnerability in rldns 1.3 DNS server. Fixed in rldns 1.4 with comprehensive fuzzing via honggfuzz and improved input validation. Vulnerability discovered by Antonius.
MEDIUM rldns 1.3
CVE-2026-31429
Linux Kernel >= 6.3 < 6.12.82 Slab Cross-Cache Confusion
Type Confusion / Cross-Cache Free (Slab Cache Confusion) in the Linux Kernel (versions ≥ 6.3 and < 6.12.82). This vulnerability involves a pointer allocated within Cache A but subsequently freed into Cache B. Discovered by Antonius.
MEDIUM Linux net/bpf · fix: 0f42e3f4fe2a
No CVE Reported
LiteDNS: Out-of-Bounds Read in DNS Name Parsing Leads to Denial of Service (DoS)
Out-of-bounds Read leading to Denial of Service (DoS). Vulnerability discovered by Antonius.
MEDIUM
No CVE Reported
Remote Heap-Based Buffer Underflow Vulnerability at BuptLab dns relay server
Remote Heap-Based Buffer Underflow, 1-byte Heap Underwrite / Out-of-Bounds Write, Network-triggerable via crafted UDP DNS packet. Vulnerability discovered by Antonius.
MEDIUM
RESEARCH ARTICLES

Writing & Research

security
Physical-Layer Biometric Evasion: A Personal Experiment Against ConvNet-Based Face Recognition
Unconventional bio hacking technique to defeat convnet face recognition algorithm ! The Art of Creativity !
2026-05-13 Read More
exploitation
Linux Kernel Use-After-Free Exploitation in Linux Kernel 7 Using slab_sheaf Union State Confusion
Novel UAF exploitation technique targeting the new SLUB sheaves architecture introduced in Linux 7, leveraging union state confusion in slab_sheaf objects for kernel privilege escalation.
2026-04-22 Read More
exploitation
Linux Kernel Stack Overflow Exploitation: Defeating SMEP Using kROP (Kernel 6.17)
Step-by-step walkthrough of constructing a kernel ROP chain to bypass SMEP & SMAP on Linux Kernel 6.17.
2026-04-22 Read More
vulnerability
CVE-2026-23416: mm/mseal Stale curr_end After VMA Merge - Discovery & PoC
Deep-dive into the discovery of CVE-2026-23416 - a stale curr_end pointer bug in mseal_apply() affecting Linux 6.17-7.0-rc5, including root cause analysis, exploitation scenario, and PoC. Vulnerability discovered by Antonius (w1sdom).
2026-04-22 Read More
vulnerability
Remote Heap-Based Buffer Underflow in BuptLab dns relay server
Analysis of a remotely-triggerable heap buffer underflow vulnerability discovered in BuptLab's DNS relay server, including crash analysis and proof-of-concept development. Vulnerability discovered by Antonius (w1sdom).
2026-04-22 Read More
vulnerability
Linux Kernel v7.0-rc1 - v7.0-rc3 Vulnerabilities
Linux Kernel v7.0-rc1 - v7.0-rc3 Vulnerabilities discovered during fuzzing with syzkaller (non novel).
2026-04-22 Read More
vulnerability
LiteDNS: Out-of-Bounds Read in DNS Name Parsing Leads to Denial of Service (DoS)
Stack-based OOB read vulnerability in LiteDNS triggered during DNS name parsing, causing denial of service. Full technical analysis with fuzzing methodology. Vulnerability discovered by Antonius (w1sdom).
2026-04-22 Read More
exploitation
Linux Kernel Exploitation for Beginners: Ret2User
Linux kernel exploitation for beginner, exploiting arbitrary function pointer call using ret2user in Linux Kernel 5.15
2026-04-22 Read More
writing
A Short Guide on 8086 Architecture
A Classic Foundational walkthrough of 8086 architecture: interrupt handling via the IVT and 8259A PIC, key BIOS and DOS interrupt services, and x86 real-mode addressing modes with working TASM examples.
2026-04-22 Read More
vulnerability
Heap Based Buffer Over-Read Vulnerability in Rldns-1.3
I identified a heap-based buffer over-read vulnerability within an open-source project that I maintain.
2026-04-22 Read More
security
Container Escape to Full Kubernetes Takeover
Solo penetration test walking a four-node Kubernetes cluster from an exposed Jenkins instance to complete compromise — container breakout, credential looting, and vertical movement to the control plane using a rogue privileged pod.
2026-04-22 Read More
security
SIM CARD SWAPPING & SIM CARD RECYCLING ATTACK
Breakdown of two phone-number takeover techniques: SIM swap fraud via forged ID and social engineering at operator flagship stores, and SIM recycling attacks that hijack expired numbers still bound to victims' online accounts.
2026-04-22 Read More
exploitation
Linux Kernel Dirty Pipe Exploitation (Logic Bug - CVE-2022-0847)
Deep dive into CVE-2022-0847: how an uninitialized PIPE_BUF_FLAG_CAN_MERGE flag in copy_page_to_iter_pipe() allows unprivileged users to overwrite read-only files via page-cache corruption on Linux 5.8–5.15.24.
2026-04-22 Read More
exploitation
Linux Kernel Exploitation for Beginner - Arbitrary Read & Write
Cred overwrite attack: converting arbitrary kernel read/write primitives into root by traversing the init_task doubly-linked list, locating the exploit's own task_struct via its comm field, dereferencing the cred pointer, and zeroing UID/GID/EUID — all without hijacking a single instruction pointer
2026-04-22 Read More
exploitation
Linux Kernel Exploitation for Beginner - Modprobe Path Attack
Classic modprobe_path overwrite attack: using an arbitrary kernel write primitive to replace the hardcoded /sbin/modprobe string with a path to an attacker-controlled script, then triggering call_usermodehelper via a socket() call with an unrecognized protocol — causing the kernel to execute attacker code as root.
2026-04-22 Read More

OPEN SOURCE

Releases, Exploits & POC

Linux pkexec / polkitd 0.96 Race Condition Privilege Escalation Exploit

Linux pkexec and polkitd 0.96 race condition privilege escalation exploit. Developed in 2011 by Antonius (ev1lut10n / w1sdom)
Apache Range Header Denial of Service Exploit

This exploit triggers a denial of service condition in Apache versions 1.3.x, 2.0.64 and below and 2.2.19 and below. Developed in 2011 by Antonius (ev1lut10n / w1sdom)
KNet Web Server 1.04b Remote Buffer Overflow SEH Exploit

KNet Web Server 1.04b Remote Buffer Overflow SEH Exploit for x86 Windows XP SP3, this exploit needs some adjustment ! edit the code before run ! 

 
CVE 2026 31429 PoC - Linux Kernel Cross Cache Confusion Vulnerability

Proof-of-concept code for CVE-2026-31429, affecting Linux Kernel versions 6.3 through 6.12.81
rldns v1.4

Lightweight DNS server · Linux / NetBSD / FreeBSD / OpenBSD · x86 / x86_64
BDS LKM Ftrace Rootkit

Ftrace-based LKM rootkit · Linux Kernel 5.x–6.2 · x86_64 - developed in 2023
BDS FreeBSD KLD Rootkit

FreeBSD 13 KLD rootkit · file / process / port hiding · bind shell - developed in 2023
BDS LKM Rootkit

LKM rootkit · Linux Kernel 5.x–6.2 · persistent - developed in 2023
BDS Userland Rootkit

Linux userland rootkit · file / process / port hiding
Evil-Cowrie SSH MITM

Modified Cowrie for SSH man-in-the-middle attacks
Dirty Pipe 2 Exploit

LPE variant · Linux 5.8 - 5.15.25
CVE-2026-23416 PoC

mseal stale curr_end Proof of Concept · Linux Kernel 6.17–7.0-rc5
Minalic Web Server 2.0 Remote Buffer Overflow Exploit

I developed this remote buffer overflow exploit in 2013, targeting Minalic Web Server 2.0 running on Windows Server 2003 SP3
Xingyiquan Linux Kernel Rootkit

Developed in 2014, this legendary Linux Kernel Rootkit was engineered to target Linux kernel versions 2.6.x through 3.x. Developed by Antonius a.k.a Sw0rdm4n a.k.a Ringlayer a.k.a w1sdom
ABOUT

Who is Antonius (w1sdom)?

This is the personal web of Antonius Wisdom, a security researcher based in Indonesia. I do low level vulnerability research & hardware hacking.

Nicknames : w1sdom, sw0rdm4n, ringlayer, robotsoft, bluedragonsec, ev1lut10n

Low-Level Vulnerability Research | Hardware Hacking | Robotics | Indonesia | Polymath


Curriculum Vitae




Hobbies

music (fingerstyle guitar & keyboard)
martial art (muay thai, tae kwon do, boxing, bjj).

Music Channel
Martial Art Channel

Skills & Expertise
Vulnerability Research Static Source Code Analysis Kernel Exploitation Userland Exploitation Heap Exploitation Stack Exploitation Fuzzing Hardware Hacking Network Security Reverse Engineering Modern Mitigation Bypass Deep Learning Mechatronics Electronics Robotics Tactical Hacking Device Development Mathematics Machine Learning

Documentations
Github

Now Playing: ...