OS Analysis with RegRipper
RegRipper is an open-source application for extracting, correlating, and displaying specific information from Windows Registry hive files. In this course, you will learn to detect adversary activity on a Windows host using RegRipper.
What you'll learn
Windows Registry analysis is a fundamental step during any incident response scenario, as it provides conclusive evidence needed to support or deny any suspicious activity on a Windows system. In this course, you’ll cover how to utilize RegRipper to detect adversary endpoint attack techniques in an enterprise environment. First, you’ll demonstrate the RegRipper plugins which are a unique approach for Registry analysis. Next, you’ll operate RegRipper to run against various registry hives using a custom set of plugins. Finally, you’ll analyze Windows Registry to detect adversary activity on a Windows host. When you’re finished with this course, you’ll have the skills and knowledge to detect these techniques: Create or Modify System Process (T1543), Boot or Logon Autostart Execution (T1547), Exfiltration Over Physical Medium (T1052), using RegRipper.
Table of contents
About the author
Shoaib is a Senior Cyber Security Professional currently based in Saudi Arabia. He has more than a decade of experience in the Information Security domain, and worked in various roles such as Security Engineer, Pentester, Forensic Examiner, Incident Handler, IT Auditor and also as a Cyber Security Consultant. His certifications include GCCC, GCFE and Lead Auditor for ISO - 27001/22301/20000. He is also a member of the GIAC Advisory Board. Shoaib is passionate about teaching and finds value in sh... more