Search This Blog

Tuesday, August 6, 2019

The Windows Registry Auditing Cheat Sheet update! Aug 2019, v2.5


The Windows Registry Auditing Cheat Sheet has been updated to include a few new items to monitor for malicious activity. Keep in mind when applying to the users space, that the current user (HKCU) is the one logged in. Any other users you want to set Registry auditing on you must do so under HKU/GUID, so you must know their user GUID or use a script that crawls all the GUID and applies the settings.