IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [registry]

The Microsoft Windows Registry is a database for storing settings and data for the Microsoft Windows operating system and Windows applications.

The Microsoft Windows Registry is a database for storing settings and data for the Microsoft Windows operating system and Windows applications.

19 questions
4
votes
2 answers

Does this registry entry for implementing custom protocol handlers in Windows present a security risk?

Background Some features are not yet available on the web platform and thus require cooperation with a native application in order to provide them. One method for a web application and a native application to communicate with each other is a custom…
Aaron Cicali
  • 422
  • 2
  • 9
3
votes
0 answers

Korean/Chinese glyphs in registry key

I'm seeing a strange key HKEY_CLASSES_ROOT\핵樦Ḁ耀 in my registry. I've seen a few issues like this (here and here) that relate to a UTF-16 <-> ASCII encoding bug, and I've tried translating encodings to see if this helps, but it doesn't seem to. I…
drognisep
  • 131
  • 3
1
vote
4 answers

Is doc file really modifying registry in Windows?

Been given a .docx file to check whether it has a virus or something, ran McAfee and SuperAntiSpyware on it and results came back negative so I though it was good and proceeded to open it, just a file with some text, few .jpg and .png files and a…
Docfieguy
  • 11
  • 3
1
vote
0 answers

Is the ability to export HKEY_LOCAL_MACHINE\SAM and HKEY_LOCAL_MACHINE\SYSTEM as .reg files a security concern?

I am concerned that if it is possible to copy these as .reg files (without privs) and then (on another machine) reverse the .hiv files from them... this would probably be bad, which makes me think it's likely not possible. Has this/is this done to…
PlasticCasio
  • 93
  • 7
1
vote
1 answer

How to disable/block Microsoft Store on Windows 10 Pro by firewall?

I want to block Microsoft Store on Windows 10 pro in a corporate environment. Having read relevant articles about this matter and tested on my machine, I see that Windows 10 Pro does not support this function (either through Group Policy [not…
sanba06c
  • 103
  • 9
1
vote
1 answer

What does "windows_view" attribute of registry object in OVAL?

I've seen somewhere that in 32-bit and 64-bit Windows registry structure is different so you need to use flag windows_view="32_bit" in registry object behaviors tag. But i forgot about it and tested my files with OVALdi on 32-bit Windows and then on…
DenisNovac
  • 139
  • 7
1
vote
1 answer

How are malware able to start on boot on windows without administrator rights?

I know that a malware could create a new Run registry key to make itself start at boot, but an user could simply remove the registry key and reboot and that would stop the virus, but this is usually not the case. I know that if a malware has…
ddev
  • 55
  • 1
  • 4
1
vote
0 answers

Is there any key in HKEY_CURRENT_USER which sad when user was login on pc?

Try to find information about user login time. Has no any events for searched time saved in windows security events. Thing that maybe registry can help me for that. Is there any key in HKEY_CURRENT_USER which sad when user was login on pc?
Gudsaf
  • 121
  • 1
1
vote
1 answer

What tools can recover or do forensic analysis on deleted registry entry?

I'm reading this article, in the Deleted Recovery Example it has the following picture, Figure 8 shows an example of a data recovery error by a popular registry forensics tool I have two questions Does anyone know what software this is? I've tried…
daisy
  • 1,735
  • 3
  • 25
  • 39
1
vote
1 answer

Help with viewing hidden registry entries

Like the title says, I need help with viewing hidden registry entries that are not normally accessible through the default windows regedit. To start off, my friends son tried downloading a free game but was instead blasted with a…
JohnAnon
  • 21
  • 3
0
votes
0 answers

Is there a way to get Windows login password hint from SAM hive with volatility?

We know that every user in Windows has a password hint. This password hint is stored in the SAM hive, more specifically in the SAM\Domains\Account\Users path. Is there a way to extract this password hint of a user with volatility if we have a memory…
bd55
  • 1
  • 1
0
votes
0 answers

Strange Chinese Characters in Registry

I was just taking a look at my registry editor when I noticed some strange folders in the bottom of the HKEY_CLASSES_ROOT section. These folders are named 칞ꊟጀ耀 (No translation), 縀䆁 (No Translation, but is pronounced Xiá gāo) and 䈍麉ᄏ洳祕ā (translates…
user274528
0
votes
0 answers

Secure Registry Keys

Is it possible to restrict access to the registry keys, just like Microsoft does on some of the keys(ex. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend)? I was able to get a similar result by setting SYSTEM owner to the key, giving…
pepperoni
  • 1
  • 1
0
votes
1 answer

How do I stop local users from bypassing the UAC on Windows 10?

I'm the admin for a Windows 10 machine with a few local users. While I understand there are other ways to bypass security with access to the physical machine, I'd like to protect against hacks that bypass the UAC by running some trick of…
Hooked
  • 305
  • 2
  • 9
0
votes
0 answers

Powershell (WinRM) and cmd.exe: reg query output deviation

during a CTF I encountered the following anomaly regarding PS & cmd.exe: I got access to a Windows x86 server through WinRM Port 5985 using evil-winrm. (https://github.com/Hackplayers/evil-winrm) This spawns a PS shell. Via the PS shell I…
Andres R
  • 1
  • 2
1
2