The Registry Rundown for Red Teams
02-12, 14:15–15:15 (Europe/Amsterdam), Rembrandt

The talk will cover the basics of the Windows Registry and its structure, including the different hives (e.g. HKEY_LOCAL_MACHINE, HKEY_CURRENT_USER) and their purpose. We will then delve into the different ways the registry can be accessed, both locally and remotely, and the information that can be gleaned from these operations. We will also examine the potential information leakage that can occur and provide examples of interesting information that can be gathered from a remote system, such as installed software, configuration, and user activity. This information can be used by red teams to gain a deeper understanding of target systems, identify vulnerabilities, and plan successful attacks. We will share some interesting findings that we came across relating to information leakage, lateral movement possibilities via the registry (bypassing remote UAC), as well as ADCS (Active Directory Certificate Services).

Max knows a thing or two about software engineering, cloud environments and DevOps practices. He has a background in security testing and Red Teaming and has a keen interest in designing and hacking (embedded) hardware devices. He applies that knowledge building the Outflank Security Tooling (OST).

Cedric loves solving offensive computer security puzzles, researching new attack vectors, and finding vulnerabilities in obscure technologies. At Outflank, he performs Red Teaming projects and works on the Outflank Security Tooling (OST).