Windows Registry for Threat Hunting | CySA+ CS0-003 Domain 1.1 #examprep #comptia #cysa

The Windows Registry shows up under CySA+ CS0-003 Domain 1.1 OS concepts — but the exam tests it from the defender lens, not the hardening lens. This Short covers what a SOC analyst does with the registry: hunt persistence, baseline Run keys, and correlate Sysmon writes.
What you will learn:

Why CySA+ frames the registry as a detection source
MITRE ATT&CK T1547.001 — Registry Run Keys and Startup Folder
The exact Run keys to know by name for the exam
A three-step hunt workflow analysts use in the SOC
Sysmon Event ID 13 — RegistryValueSet — and why it matters

This concept maps to CompTIA CySA+ CS0-003 Domain 1.1 (Explain the importance of system and network architecture concepts in security operations) under Operating system (OS) concepts - Windows Registry.
Free CySA+ study resources:
https://kandibrian.com
More CySA+ CS0-003 Shorts:
https://www.youtube.com/@kandi-brian
#CySAPlus #CS0003 #CompTIA #ThreatHunting #SOCAnalyst

Видео Windows Registry for Threat Hunting | CySA+ CS0-003 Domain 1.1 #examprep #comptia #cysa канала Kandi Brian

Комментарии отсутствуют

Информация о видео

14 мая 2026 г. 18:32:18

00:01:51

Kandi Brian

Теги

Правообладателям

Жалоба на материал Недопустимый материал Нарушение авторских прав

Комментарии

Другие видео канала

Windows Registry for Threat Hunting | CySA+ CS0-003 Domain 1.1 #examprep #comptia #cysa

3,000-Year-Old Greek Deception in Modern Malware: Trojans | Security+ SY0-701

Subnetting - Simple Explanation

Data Owner vs Data Custodian: Don't Mix Them Up on Security+ SY0-701 #comptia

Port Security vs 802.1X — Two Ways to Control Network Access #SecurityPlus #SY0701

LSB Steganography Plus Encryption: Two Barriers Not One | Security+ SY0-701 #comptia

Preventive Controls Explained: Stop Incidents Before They Happen | Security+ SY0-701 #comptia

Policy Enforcement Point — Zero Trust Architecture Security+ SY0-701 #SecurityPlus #ZeroTrust

Piggybacking vs Tailgating: The Consent Distinction | Security+ SY0-701 #comptia

The Hacktivist Song: A Cringe Mnemonic for Security+ SY0-701 #comptia

How VLANs Stop Attacks: Network Segmentation for Security+ SY0-701 #comptia

Full Disk Encryption: What Protects Your Laptop When It's Stolen | Security+ SY0-701 #comptia

When a Data Scientist Says "Boring Claim," This Is What They Mean #datascience #statistics

Hardware Architecture CySA+ #comptia

AH (Authentication Header) and the NAT Problem | Security+ SY0-701 Domain 4.5 #comptia

Compensating Controls Explained: When the Primary Control Won't Work | Security+ SY0-701 #comptia

RBAC Explained in under 60 Seconds | Security+ SY0-701 Domain 1.2 #comptia

True vs Logical Memory Leaks Explained

--help Output Too Long? Pipe It to less in Linux

The Security+ Question About Device Location You Need to Know

Privileged Access Management (PAM) Explained | Security+ SY0-701 Domain 1.2 #cybersecurity #comptia

BC vs DR, RTO vs RPO, Hot/Warm/Cold Sites | Security+ SY0-701 Domain 3.4 #comptia