Featured resource
pluralsight tech forecast
2025 Tech Forecast

Which technologies will dominate in 2025? And what skills do you need to keep up?

Check it out
Hamburger Icon
  • Course
    • Libraries: If you want this course, consider one of these libraries.
    • Security

OS Analysis with RegRipper

RegRipper is an open-source application for extracting, correlating, and displaying specific information from Windows Registry hive files. In this course, you will learn to detect adversary activity on a Windows host using RegRipper.

Shoaib Arshad - Pluralsight course - OS Analysis with RegRipper
by Shoaib Arshad

What you'll learn

Windows Registry analysis is a fundamental step during any incident response scenario, as it provides conclusive evidence needed to support or deny any suspicious activity on a Windows system. In this course, you’ll cover how to utilize RegRipper to detect adversary endpoint attack techniques in an enterprise environment. First, you’ll demonstrate the RegRipper plugins which are a unique approach for Registry analysis. Next, you’ll operate RegRipper to run against various registry hives using a custom set of plugins. Finally, you’ll analyze Windows Registry to detect adversary activity on a Windows host. When you’re finished with this course, you’ll have the skills and knowledge to detect these techniques: Create or Modify System Process (T1543), Boot or Logon Autostart Execution (T1547), Exfiltration Over Physical Medium (T1052), using RegRipper.

Table of contents

About the author

Shoaib Arshad - Pluralsight course - OS Analysis with RegRipper
Shoaib Arshad

Shoaib is a Senior Cyber Security Professional with a strong background in the Information Security domain. He has worked in various roles such as Security Engineer, Pentester, Forensic Examiner, Incident Handler, IT Auditor and also as a Cyber Security Consultant.

More Courses by Shoaib