Re: Help with Exploit

I've done some googling and am finding that the
new RR version checks the
security hive(which I believe to be 'invisible' to
regedit-can someone
correct me if I'm wrong?).

On a live system, the Security hive is not accessible
by default. You need to change the ACLs so that the
Admin has the ability to read the hive.

I know I am coming late on this one, but registry
keys that contain NULL
characters cannot be accessed through REGEDIT. You
have to rely on the
low-level NTDLL API to access them. It is known
"copy protection" trick :)


Harlan Carvey, CISSP
author: "Windows Forensic Analysis"

Relevant Pages