DLL Injection on https://n9o.xyz/tags/dll-injection/ Recent content in DLL Injection on Hugo -- gohugo.io en © 2026 Vaishnav Baraskar Wed, 21 Feb 2024 00:00:00 +0000 Phantom Libraries: DLL Hijacking in OfficePort Scheduler https://n9o.xyz/reverseengineering/officeport/ Wed, 21 Feb 2024 00:00:00 +0000 https://n9o.xyz/reverseengineering/officeport/ <h1 class="relative group"><strong>Prologue — The Ghost in the Folder</strong> <div id="prologue--the-ghost-in-the-folder" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 ltr:-left-6 rtl:-right-6 not-prose group-hover:opacity-100"> <a class="group-hover:text-primary-300 dark:group-hover:text-neutral-700 !no-underline" href="#prologue--the-ghost-in-the-folder" aria-label="Anchor">#</a> </span> </h1> <p>DLL hijacking never really died. It&rsquo;s just waiting for the right developer to forget a LoadLibrary call. That’s exactly what happened with OfficePort Scheduler, a scheduling utility built for enterprise task planning on Windows 11.</p> Signed Once, Loaded Twice: Plugin Signature Bypass in CodeWorks IDE https://n9o.xyz/reverseengineering/codeworks/ Tue, 11 Apr 2023 00:00:00 +0000 https://n9o.xyz/reverseengineering/codeworks/ <h1 class="relative group">Signature Bypass in CodeWorks IDE Plugin Loader <div id="signature-bypass-in-codeworks-ide-plugin-loader" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 ltr:-left-6 rtl:-right-6 not-prose group-hover:opacity-100"> <a class="group-hover:text-primary-300 dark:group-hover:text-neutral-700 !no-underline" href="#signature-bypass-in-codeworks-ide-plugin-loader" aria-label="Anchor">#</a> </span> </h1> <h2 class="relative group">Prologue: Not All Checks Are Made Equal <div id="prologue-not-all-checks-are-made-equal" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 ltr:-left-6 rtl:-right-6 not-prose group-hover:opacity-100"> <a class="group-hover:text-primary-300 dark:group-hover:text-neutral-700 !no-underline" href="#prologue-not-all-checks-are-made-equal" aria-label="Anchor">#</a> </span> </h2> <p>It started with curiosity, like it usually does. I wasn’t even targeting CodeWorks specifically. I was just bouncing around dev tools I had lying around — checking how they loaded plugins, how they validated them, and if they did anything&hellip; out of order.</p>