this post was submitted on 27 Dec 2025
4 points (100.0% liked)
blueteamsec
628 readers
31 users here now
For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Well that's gross. Copy the text export of the registry, build a man file and place it appropriately, watch the system inhale fully with no logging and use your man file as registry hive next login, all without privilege.
Maybe a login script to check for specific important registry values and have it create a custom windows event log? This sucks for detection I feel like jank might be the only option.