ITSEC Newsletter 2026-01-01

Author

Henrik Falk
January 01, 2026

Registry Writes Without Registry Callbacks

Registry persistence remains one of the most reliable ways to survive a reboot. Run keys, shell extensions, COM hijacks: the patterns are well documented and the detection coverage reflects this. This post explores a technique for establishing registry persistence and registry writes against HKCU at medium integrity without triggering registry callbacks.

deceptiq.com/blog/ntuser-man-registry-persistence

Mapping Deception with BloodHound OpenGraph

TL;DR As defensive postures continue to mature, deception technologies provide organizations the opportunity to harden defenses and take a more proactive approach in securing their environment. In large enterprises, it can be difficult to determine where and how to deploy effective deception techniques which are discoverable and believable for attackers. By utilizing OpenGraph, we can visualize attack paths in both AD and third-party technologies. Using OpenGraph can be beneficial for planning and understanding potential deception paths, utilizing a small utility like deceptionClone can help with this process.

specterops.io/blog/2025/12/23/mapping-deception-with-bloodhound-opengraph

The Thought Emporium Explores IMSI Cell Phone Tracking and Other Advanced Cell Phone Attacks with Software Defined Radios

They also show how it's possible to use a more advanced TX-capable SDR like a USRP B210 to create a Stingray device, which is a fake cell-tower base station that you can force nearby cell phones to connect to. Once connected to the Stingray, all communications from your phone can be tapped. Finally, they discuss SS7 attacks, which, while difficult and/or expensive to gain access to the SS7 walled garden, can allow malicious actors to easily reroute security-related messages, such as 2-factor authentication.

www.rtl-sdr.com/the-thought-emporium-explores-imsi-cell-phone-tracking-and-other-advanced-cell-phone-attacks-with-software-defined-radios