ReverseEngineerings on

Haunting the Heap: Use-After-Free in AuthenKey Login Handler (x64)

Mon, 12 May 2025 00:00:00 +0000

Prologue — Heap Echoes in an AuthenKey Login Night
#

It was one of those times when I wasn’t actively hunting—just casually skimming through binaries like I was flipping through a security archive. The target: AuthenKey, a multi-factor login handler used by corporate VPN portals. As I browsed its binary, I found a small routine involved in processing post-login session keys.

Overflow in Silence: Stack Smash in MedBoard Log Viewer (x64)

Sun, 20 Apr 2025 00:00:00 +0000

Prologue — The Calm Before the Buffer Break
#

I wasn’t looking for trouble. Just bouncing between binaries on a slow weekend, half-interested in what outdated software still lingers in hospital networks. That’s when I stumbled on MedBoard Log Viewer — a quiet little utility meant to process and display logs in a fancy UI. But it was the backend log-loading routine that caught my eye. And once I spotted strcpy, I leaned forward.

Copy, Paste, Exploit: Buffer Overflow in EduGrade Import Engine

Wed, 18 Sep 2024 00:00:00 +0000

4. Buffer Overflow in EduGrade Import Engine (x64)
#

Platform: Windows 10 x64
Target: EduGrade Desktop (Import Engine Parser)
Discovered: August 2024
Status: Local Privilege Escalation (unpatched)
CVSS (Est.): 7.6 – Local overflow leads to code execution

Strings Unleashed: Unsafe Length Handling in BookPro Reader

Sat, 22 Jun 2024 00:00:00 +0000

3. Unsafe Length Handling in BookPro Reader (x64)
#

Platform: Windows 10 x64
Target: BookPro Reader (EPUB/ZIP Parser)
Discovered: May 2024
Status: Unreported – no known disclosure policy
CVSS (Est.): 8.1 (High) – Stack corruption via overlong metadata entry

Phantom Libraries: DLL Hijacking in OfficePort Scheduler

Wed, 21 Feb 2024 00:00:00 +0000

Prologue — The Ghost in the Folder
#

DLL hijacking never really died. It’s just waiting for the right developer to forget a LoadLibrary call. That’s exactly what happened with OfficePort Scheduler, a scheduling utility built for enterprise task planning on Windows 11.

Heap Drift: Misaligned Write in SafeMail’s Attachment Parser

Thu, 08 Feb 2024 00:00:00 +0000

Prologue
#

Started out just poking at SafeMail’s desktop client because I was curious how they handled attachments. It’s always those small parsing subsystems where things fall apart. I loaded up the binary in IDA and watched the way filenames were processed when attachments were being saved.

Racing the Kernel: Use-After-Free in SnapBackup.sys

Sat, 02 Dec 2023 00:00:00 +0000

Prologue — Ring-0 and the Need for Speed
#

Most people ignore backup software. I don’t. Especially when it’s running in the kernel and handling file operations with zero context verification.

Stacking Bytes: Heap Overflow in PrintSecure’s Spooler

Mon, 06 Nov 2023 00:00:00 +0000

Prologue — Midnight Layers & Metadata Games
#

I’d been reverse engineering some internal RPC routines on a lightly documented print management service—PrintSecure, used across several enterprise Windows Server 2019 deployments. The kind of service that hums quietly in the background, doing menial job routing, completely overlooked. That’s usually a good place to find something sharp.

Overflowing Authority: Stack Smash in LocalAdminTool.exe

Mon, 02 Oct 2023 00:00:00 +0000

Prologue — Pipes, Stacks, and Hidden Elevation
#

I was digging around Windows 10 utilities installed on a workstation used for internal admin scripting. One tool stood out — LocalAdminTool.exe. It used a named pipe to receive commands, and the binary hadn’t seen a patch in years.

Chaining Control: ROP Exploitation in HealthDesk Report Viewer

Thu, 14 Sep 2023 00:00:00 +0000

Prologue — CSVs, Gadgets & Shells
#

It started with a curiosity hit—an old install of HealthDesk Report Viewer, still alive on a legacy Windows 7 x86 box. Binary hadn’t been touched since 2010. And it was one of those static base address builds, no ASLR, no DEP, no nothing. Just waiting.

Echoes of Control: Format String Exploit in DevMon

Fri, 18 Aug 2023 00:00:00 +0000

Prologue — Strings, Stacks, and Legacy Tricks
#

Legacy systems are a goldmine. I was rummaging through an old factory control rig running Windows XP and found a small utility called DevMon Status Tool. No ASLR, no stack cookies, no DEP. Real 2003 energy.

From Blob to Boom: Insecure Deserialization in FinPro CRM

Fri, 04 Aug 2023 00:00:00 +0000

Insecure Deserialization in FinPro CRM Client (x86)
#

Prologue: Old Habits, Unsafe Casts
#

I was poking through a legacy CRM tool called FinPro — the kind your dad’s office might still be using. Clunky GUI, startup splash screen, and an installer that required admin rights. Perfect vintage.

Signed to Compromise: Kernel Overflow in XLogDriver.sys

Sat, 10 Jun 2023 00:00:00 +0000

Signed Driver Exploit in XLogDriver.sys (x64 Kernel)
#

Prologue: A Signed Invitation to Ring-0
#

This one hit different. I was sifting through a bunch of random vendor drivers, most of them dusty utilities for things like USB logs and peripheral diagnostics. Nothing fancy. But one caught my eye: XLogDriver.sys.

Signed Once, Loaded Twice: Plugin Signature Bypass in CodeWorks IDE

Tue, 11 Apr 2023 00:00:00 +0000

Signature Bypass in CodeWorks IDE Plugin Loader
#

Prologue: Not All Checks Are Made Equal
#

It started with curiosity, like it usually does. I wasn’t even targeting CodeWorks specifically. I was just bouncing around dev tools I had lying around — checking how they loaded plugins, how they validated them, and if they did anything… out of order.

Swipe to Shell: Exploiting a Buffer Overflow in PaySafeTech Daemon

Fri, 17 Mar 2023 00:00:00 +0000

Buffer Overflow in PaySafeTech Payment Daemon
#

Prologue: The Ghost in the Machine
#

The smell of late-night coffee and burnt solder still hung in the air. It was one of those nights — quiet, focused, and laced with the promise of uncovering something… forgotten.

ReverseEngineerings on

Haunting the Heap: Use-After-Free in AuthenKey Login Handler (x64)

Prologue — Heap Echoes in an AuthenKey Login Night #

Overflow in Silence: Stack Smash in MedBoard Log Viewer (x64)

Prologue — The Calm Before the Buffer Break #

Copy, Paste, Exploit: Buffer Overflow in EduGrade Import Engine

4. Buffer Overflow in EduGrade Import Engine (x64) #

Strings Unleashed: Unsafe Length Handling in BookPro Reader

3. Unsafe Length Handling in BookPro Reader (x64) #

Phantom Libraries: DLL Hijacking in OfficePort Scheduler

Prologue — The Ghost in the Folder #

Heap Drift: Misaligned Write in SafeMail’s Attachment Parser

Prologue #

Racing the Kernel: Use-After-Free in SnapBackup.sys

Prologue — Ring-0 and the Need for Speed #

Stacking Bytes: Heap Overflow in PrintSecure’s Spooler

Prologue — Midnight Layers & Metadata Games #