diversenok
@diversenok.bsky.social
Aspiring Windows security researcher & system programmer; student.
GitHub: https://github.com/diversenok
GitHub: https://github.com/diversenok
I wanted to understand what information is available in .pdb files, so I made a tool for it 🔎🐛
Welcome DiaSymbolView - a debug symbol hierarchy and properties viewer based on MSDIA: github.com/diversenok/D...
Welcome DiaSymbolView - a debug symbol hierarchy and properties viewer based on MSDIA: github.com/diversenok/D...
November 10, 2025 at 9:04 PM
I wanted to understand what information is available in .pdb files, so I made a tool for it 🔎🐛
Welcome DiaSymbolView - a debug symbol hierarchy and properties viewer based on MSDIA: github.com/diversenok/D...
Welcome DiaSymbolView - a debug symbol hierarchy and properties viewer based on MSDIA: github.com/diversenok/D...
Here are my RomHack slides about low-privileged attack vectors against PsSetLoadImageNotifyRoutine and drivers that rely on it. Enjoy!
diversenok.github.io/slides/RomHa...
diversenok.github.io/slides/RomHa...
September 29, 2025 at 11:29 PM
Here are my RomHack slides about low-privileged attack vectors against PsSetLoadImageNotifyRoutine and drivers that rely on it. Enjoy!
diversenok.github.io/slides/RomHa...
diversenok.github.io/slides/RomHa...
I think the list of unloaded modules (aka. RtlGetUnloadEventTraceEx) is underappreciated. Ntdll records metadata about DLLs that unloaded from the process and even includes modules that attempted to load but failed their DllMain.
learn.microsoft.com/en-us/window...
learn.microsoft.com/en-us/window...
April 18, 2025 at 6:34 PM
I think the list of unloaded modules (aka. RtlGetUnloadEventTraceEx) is underappreciated. Ntdll records metadata about DLLs that unloaded from the process and even includes modules that attempted to load but failed their DllMain.
learn.microsoft.com/en-us/window...
learn.microsoft.com/en-us/window...
Better socket handle visibility coming soon to System Informer! 🔥
When viewing a process handle table, SI will recognize files under \Device\Afd and retrieve information about their state, protocol, addresses, and more. Also works on Bluetooth and Hyper-V sockets 🤩
When viewing a process handle table, SI will recognize files under \Device\Afd and retrieve information about their state, protocol, addresses, and more. Also works on Bluetooth and Hyper-V sockets 🤩
March 25, 2025 at 1:30 PM
Better socket handle visibility coming soon to System Informer! 🔥
When viewing a process handle table, SI will recognize files under \Device\Afd and retrieve information about their state, protocol, addresses, and more. Also works on Bluetooth and Hyper-V sockets 🤩
When viewing a process handle table, SI will recognize files under \Device\Afd and retrieve information about their state, protocol, addresses, and more. Also works on Bluetooth and Hyper-V sockets 🤩