all InfoSec news
Integrating Yara with RegRipper
Malware Analysis, News and Indicators - Latest topics malware.news
A lot of writing and training within DFIR about the Registry refers to it as a database where configuration settings and information is maintained. There's really a great deal of value in that, and there is also so much more in the Registry than just "configuration information". Another aspect of the Registry, one we see when discussing "fileless" malware, is its use as a storage facility. As Prevailion stated in their DarkWatchman write-up:
Various parts of DarkWatchman, including configuration strings …
aspect configuration database deal dfir great information registry settings training value writing yara