How can Process Monitor be used to identify DLL hijacking vulnerabilities in an application?

Process Monitor can filter for operations like `CreateFile` and `LoadImage` with paths containing `.dll`, and exclude results of `SUCCESS` to show only `NAME NOT FOUND` events. This reveals which DLLs the application tries to load from its directory but cannot find. For example, testing NDP461-KB3102438-Web.exe showed it attempted to load `CRYPTSP.dll` with a `NAME NOT FOUND` result, indicating a potential hijacking point. By placing a malicious `CRYPTSP.dll` in the same directory and rerunning the application, Process Monitor confirms successful loading (Result: SUCCESS), as detailed in the Rattler testing article.