8 - Windows System Enumeration

Question 1

Explain the difference between a registry hive and a registry key.

Answer 1

Both “Hives” and registry keys have folders in the Window Registry; however, a registry Hive is the first folder in the registry and it contains the registry keys.

Question 2

Describe the process of Enumeration, as it related to Cyber.

Answer 2

It is a process of extracting user names, machine names, network resources, shares and services from a system.

Question 3

The global configuration for the system, application and hardware settings that would apply to all users. This is the most commonly accessed Hive for changing the system and obtaining high value information.

Answer 3

HKEY_LocalMachine

(HKLM)

Question 4

Contains user-specific configuration information for all currently active users on the computer. This means the user logged in at the moment as well as any other users who have also logged in but have since “switched users.”

Answer 4

HKEY_USERs

(HKU)

Question 5

Contains configuration information for Windows and software specific to the currently logged in user.

Controls user-level settings like the installed printers, desktop wallpaper, display settings, environment variables, keyboard layout, mapped network drives, and more.

Answer 5

HKEY_CURRENT USER

(HKCU)

Question 6

This registry hive contains the necessary information for Windows to know what to do when you ask it to do something, like to view the contents of a drive, or open a certain type of file, etc.

Answer 6

HKEY_CLASSES_ROOT

Question 7

This is a registry hive that’s a part of the Windows Registry. It doesn’t store any information itself but instead acts as a pointer, or a shortcut, to a registry key that keeps the information about the hardware profile currently being used.

Answer 7

HKEY_CURRENT CONFIG

(HKCC)