Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

The registry stores important user information in memory. Based on what you have

ID: 3887987 • Letter: T

Question

The registry stores important user information in memory. Based on what you have learned about the registry and memory, what are some potential areas that an attacker could compromise and how would a memory analysis yield potential evidence? The registry stores important user information in memory. Based on what you have learned about the registry and memory, what are some potential areas that an attacker could compromise and how would a memory analysis yield potential evidence? The registry stores important user information in memory. Based on what you have learned about the registry and memory, what are some potential areas that an attacker could compromise and how would a memory analysis yield potential evidence?

Explanation / Answer

A system registry is a computer database where information about computer configuration is stored.

The registry keeps the data to which a Windows OS refers when operating:

i) User's Profiles

ii )Information about the installed programs and information about each document in the program.

iii) Properties of folders and program icons.

iv) Configuration of the drivers installed.

v) Inforamation about the used ports.

To protect the registry we should do the following things:

i) Set the administrator permissions to full control and make sure no other users or groups are listed.

ii) Set the security permissions(ACL) to make sure which users and groups can connect to the device for remote registry.

iii) Ensure the system is configured to prevent anonymous access to your device's registry. Maintain the following default permissions of the following registry key:

HKEY_LOCAL_MACHINESystemCurrentControlSetControlSecurePipeServersWinreg .

The attacker can look for the powershell and will try to inject a variant of Kovter Malware from where the Trojan will download multiple files to enhance the attack and affect the user device more compromising the security of the registry.

The attacker can also look for registry run key value, through which Lovter adds one or more values to the registry run keys to execute a javascript using legitiamate MSHTA program.

Once executed, this javascript runs another javascript from different Kovter registry entry. This second JavaScript decodes and executes a malicious Kovter PowerShell script stored within the same JavaScript.

If you suspect of any kind of malware or anonymous access to your system. Run a Malware detection tool on your device and then run the malware removal tool for the same threat.

Related Questions

The reduction potential for methylene blue is such that it can be reduced by com
Question #172475
The reduction potential for methylene blue is such that it can be reduced by com
Question #224136
The reductionist view of tumors: a. does not take into account heterotypic signa
Question #51600
The reel has radius R and moment of inertia I. One end of the the block of mass
Question #1699585
The reel shown in the figure above has radius R and moment of inertia I. One end
Question #1684520
The reel shown in the figure below has radius R and moment of inertia I. One end
Question #1453236
The reel shown in the figure below has radius R and moment of inertia I. One end
Question #1699756
The reference desk of a university library receives requests for assistance. Ass
Question #449779
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
The registration advisors Western College (WC) help 4,000 students develop their
Next
The regression analysis at the bottom relates average annual per capita beef con

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.