Skip to content

r00m33/test2

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
Properties
Properties
 
 
obj/Debug
obj/Debug
 
 
Interop.cs
Interop.cs
 
 
Privileges.cs
Privileges.cs
 
 
Program.cs
Program.cs
 
 
README.md
README.md
 
 
Reg.cs
Reg.cs
 
 
RegSave.csproj
RegSave.csproj
 
 
RegSave.sln
RegSave.sln
 
 
appveyor.yml
appveyor.yml
 
 

Repository files navigation

RegSave

A .NET 3.5 application that will dump SAM / SYSTEM / SECURITY registry keys to a path of your choosing.

Usage

regsave.exe c:\Users\USER\Appdata\Local
execute-assembly /opt/CS/toolkit/regsave.exe c:\Users\USER\Appdata\Local

Collect the files and then parse them with Impacket secretsdump

secretsdump.py -sam samantha.txt -security secundum.txt -system systemless.txt LOCAL

Detection

MITRE 1003.002

Look for Event ID 4656 after configuring audit policy.

More info at Detecting Attempts to steal passwords from the registry

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages