REGISTRY
This is a FLAGGED OPERATION, dumping registry hives notifies Blue Teamers
EVENT IDs
4656 - Password hashes are dumped from the registry using tools such as as Mimikatz, Pysecdump, or Metasploit
We can dump secrets from the machine using REGISTRY HIVES
Saving SAM hive into the local machine
Saving SYSTEM hive into the local machine
Saving SECURITY hive into the local machine
After dumping registry hives and transferring it into our local machine
Last updated