Movere does query the Windows registry. Whether Movere is scanning the targeted endpoint locally or remotely, it uses the .NET System.Win32.RegistryKey which represents a key-level node in the Windows Registry. This class offers registry encapsulation and Movere only opens it in non-writable mode (read-only) so that Movere cannot change the registry. Movere’s access to the registry is governed by Windows permissions and both 32 and 64-bit connection methods are used to account for older Windows systems. If the targeted endpoint is scanned remotely then the connection is made via Windows Management Instrumentation (WMI).
Articles in this section
- Movere Access Tooling
- Scheduling a Windows Rescan
- ARC Scanning Windows Manually
- Terminating a Windows ARC Scan
- Testing Windows 443 Connectivity
- Running Movere Without Domain Administrator Privileges
- Scanning a Windows Subnet
- Uploading ARC Payloads via the Console
- Does Movere query the Windows Common Information Model?
- Does Movere query the Windows registry?