I’ve always been fascinated by the information maintained in the Windows Registry. But in order to understand this, to really get a view into this, you have to know a little bit about my background. The first computer I remember…
Category: Windows Incident Response
Keeping Grounded
As 2022 comes to a close, I reflect back over the past year, and the previous years that have gone before. I know we find it fascinating to hear “experts” make predictions for the future, but I tend to believe…
Persistence and LOLBins
Grzegorz/@0gtweet tweeted something recently that I thought was fascinating, suggesting that a Registry modification might be considered an LOLBin. What he shared was pretty interesting, so I tried it out. First, the Registry modification: reg add “HKLM\System\CurrentControlSet\Control\Terminal Server\Utilities\query” /v LOLBin…