MITRE ATT&CK technique T1012
Tactic: Discovery
Platform: Windows
- Create fake registry objects and monitor access to them using Windows Registry Auditing.
- Create registry objects containing breadcrumbs or honeytokens.
- Audit Registry - Audit Registry allows you to audit attempts to access registry objects