Project 6x: Registry Hunt (60 pts extra credit

Challenge

Download this registry image:

reghunt.zip

Find these four flags inside it, which all contain holiday names. The first three require nothing more than Registry Explorer and your textbook's Chapter 12: Investigating Windows Systems.

Alternative download link

Tip: Extract it with 7-Zip, not the Windows extract utility.

The last flag is harder to find, and will require additional tools.


6x.1 Run Key (10 pts. extra)

Find the holiday name in the malicious Run key.

Use the form below to record your score in Canvas.

If you don't have a Canvas account, see the instructions here.

Name or Email:
Holiday Name:


6x.2 AppInit_DLLs (10 pts. extra)

Find the holiday name in the malicious AppInit_DLLs key.

Use the form below to record your score in Canvas.

If you don't have a Canvas account, see the instructions here.

Name or Email:
Holiday Name:


6x.3 Start Menu Run MRU (10 pts. extra)

Find the holiday name in the Start Menu Run MRU.

Use the form below to record your score in Canvas.

If you don't have a Canvas account, see the instructions here.

Name or Email:
Holiday Name:


6x.4 Shim Cache (30 pts. extra)

Find the holiday name in the malicious Shim cache entry.

Use the form below to record your score in Canvas.

If you don't have a Canvas account, see the instructions here.

Name or Email:
Holiday Name:


Posted 10-24-18
Registry Explorer links changed 12-12-18