![]() ![]() An example would be remotely querying the registry to see if any remote access tools (RAT) are installed, such as TeamViewer, VNC, or simply Terminal Services. This data could very quickly be used against you by a malicious actor or by data-mining software. Tactic 1: Using Registry keys for malware attacksĪs we have already mentioned, the registry is a core part of Windows and contains a plethora of raw data. With that in mind, I’ll walk you through a few common attack vectors and tactics using the Windows Registry. Since it is so ingrained into the operating system, it’s a prime target for attacks and getting around standard security controls. Like so many other administrative tools and processes out there, the Windows Registry can be used as intended or for nefarious purposes. Of course, attackers are aware of its power as well. Once I let go of the stigma surrounding the Windows Registry, I realized how powerful it can be. But not only is it simple to fix (backups, backups, backups!), you would also have to be fairly careless in what changes you were making. ![]() Granted, if you do not know what you are doing, there is ample opportunity for you to severely mess up installed software and the operating system itself. ![]() Turns out, the Windows registry is not as scary as everyone makes it out to be. ![]() Let’s talk about the Windows Registry… yes, that mysterious and oh-so-dangerous piece of the Windows operating system that we were warned against messing with from the moment we booted up our first PC. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |