8000 Validate all instances where HKCU is being referenced iterate across all user hives · Issue #87 · joeavanzato/Trawler · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Validate all instances where HKCU is being referenced iterate across all user hives #87

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
joeavanzato opened this issue Oct 14, 2024 · 0 comments
Open

Validate all instances where HKCU is being referenced iterate across all user hives #87

joeavanzato opened this issue Oct 14, 2024 · 0 comments
Labels
bug Something isn't working good first issue Good for newcomers help wanted Extra attention is needed

Comments

@joeavanzato
Copy link
Owner
joeavanzato commented Oct 14, 2024
edited
Loading

Any time where we are expecting to use HKCU registry hive, we should setup the base bath as HKCU or similar and perform a replacement/addition operation like below:

$paths = @(
    "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices"
)

foreach ($tmpbase in $paths){
    if ($tmpbase -match "HKCU.*"){
        foreach ($p in $regtarget_hkcu_list){
            $newpath = $tmpbase.Replace("REPLACE", $p)
            $paths += $newpath
        }
    }
}

This needs to be validated across the code base for all possible options, then we would iterate through $paths variable for all usage within the detection. $regtarget_hkcu_list is a global variable available to all detections and is setup when execution begins before any detection logic executes.
@joeavanzato joeavanzato added bug Something isn't working help wanted Extra attention is needed good first issue Good for newcomers labels Oct 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working good first issue Good for newcomers help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@joeavanzato
0