Registry Furrensics - (Advent of Cyber 2025-Day 16)

Follow along at : https://tryhackme.com/andrew-aoc

Welcome to Day 16 of the Advent of Cyber 2025 Day 16 ! Registry Furrensics !!

TBFC is under attack. Systems are exhibiting weird behavior, and the company is now feeling the absence of its lead defender, McSkidy. However, McSkidy made sure the legacy continues.

Can we help out and get the security team on track to kick out the King Malhare’s bandits of bunnies out of out systems !

Lets look for some IOCs and dive into some Registry Furrensics !!

Timecodes:
0:00 -start
00:49 -intro to Story
7:10 Practical
10:20 Investigation beings !
11:02 Registry tables don't forget !
11:11 Software Registry Dive in
14:45 NTUSER HIVE Dive in
16:26 well what do we have HERE!!!
18:00 BACK to Software we GO
19:38 WE DID IT !!
19:57 Windows Forensics 1 Room check it out !
20:30Thanks !



If you're just starting out in your Cyber career or aiming to break into this field, you represent the future of Cyber Security. Aspiring professionals like you will become the decision-makers shaping our industry. I'm passionate about mentoring and would love to connect !

Donate to the GingerHacker Initiative

https://hcb.hackclub.com/donations/st...

The Ginger Hacker Initiative exists to shepherd individuals seeking to break into cybersecurity by illuminating clear and accessible pathways into the field. We connect newcomers with supportive communities, such as Discord groups, free resources, and learning platforms, to help de-clutter the often overwhelming maze of entry points.

Through Ask-Me-Anything (AMA) sessions, we provide direct guidance and actionable next steps toward a first role in cybersecurity. Our programs include mentorship, resume reviews, and scholarship opportunities to sponsor certifications and training for those who demonstrate both need and commitment. By doing so, we empower aspiring professionals with the knowledge, confidence, and support to launch meaningful cybersecurity careers.


Support the channel and check out the Swag Shop !!

https://gingerhacker-swag-shop.printi...


You can reach me at any of the links below⬇
Links

Linkedin
linkedin.com/in/andrew-crotty-377b3466

YouTube
   / @gingerhacker  

FaceBook
facebook.com/profile.php?id=61558055534844

Twitter
twitter.com/AZGingerHacker

Instagram
instagram.com/az_ginger_hacker