Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

NTUSER.MAN - Windows Registry Persistence Technique Demo

John Hammond via YouTube

Start learning Write review
Coursera Ad

Save 43% on 1 Year of Coursera Plus

Learn More → Boot.dev Ad

Learn Backend Development Part-Time, Online

Learn More →

Overview

Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a Windows persistence technique through a hands-on cybersecurity demonstration that showcases the NTUSER.MAN registry hijacking method. Break a Windows login using an empty user profile, establish initial access with a Sliver C2 implant, and learn to export, download, and hijack existing target user profiles by manipulating NTUSER.DAT or HKCU Registry hives. Master the process of converting registry hives from plaintext .reg format to binary using the HiveSwarming.exe tool, then establish persistent access by uploading a backdoored NTUSER.MAN profile. Discover how this technique operates without requiring registry writes, API calls, or registry callbacks since it involves only placing a single file on disk, making it a particularly stealthy persistence method for red team operations and penetration testing scenarios.

Syllabus

NTUSER.MAN

Taught by

John Hammond

Reviews

Start your review of NTUSER.MAN - Windows Registry Persistence Technique Demo

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.