The windows registry isn’t the backbone of Windows. Still, you could argue that the registry hives are the arteries of the Windows anatomy. Instead of controlling the blood flow, the hives control how Windows operates by storing various configurations. But that isn’t all the registry is good for. Both defenders and attackers can make use of the repository for their own ends: the blue team can find forensic artifacts and the red team can create persistence.
In this blog, we explore the architecture of the Windows 10 Registry and what it means to an infosec practitioner.