The latest articles on DEV Community by Shreyas Hainalkar - (@shreyas_void). https://dev.to/shreyas_void https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3151643%2F7321cf6f-a518-4616-abf4-9f8e1a2abfc6.jpg https://dev.to/shreyas_void en Shreyas Hainalkar - Fri, 16 May 2025 09:42:57 +0000 https://dev.to/shreyas_void/5-layer-windows-registry-anomaly-detection-using-python-lfi https://dev.to/shreyas_void/5-layer-windows-registry-anomaly-detection-using-python-lfi <p>🧠 Project Overview</p> <p>I built a <strong><em>Python-based Windows Registry anomaly detection tool</em></strong> using a <strong>5-layer rule system</strong> to detect unauthorized changes.</p> <p>Core Layers of Detection</p> <ol> <li>Hash Verification – Detect any change by comparing stored vs current registry value hash</li> <li>Timestamp Monitoring – Identify unusual modification times</li> <li>User Activity Logging – Check which user made changes</li> <li>Behavioral Patterns – Track irregular or unexpected change patterns</li> <li>Access Frequency – Spot suspicious high-frequency access</li> </ol> <p>Tools Used</p> <ul> <li>Python</li> <li>Windows Registry Access (<code>winreg</code>)</li> <li>Event Logs (via Sysmon)</li> <li>Log Analysis Scripts</li> <li>Planned SIEM integration (e.g., Wazuh)</li> </ul> <h1> Why I Built This </h1> <p>I wanted to explore how intrusion detection could be implemented at the registry level without relying on full EDR tools, as a lightweight research-based security project.</p> <p>Future Plans</p> <ul> <li>Integrate with Wazuh for automated alerting</li> <li>Package as an open-source CLI utility</li> <li>Enhance with machine learning for anomaly classification</li> </ul> <p>I'd love to hear your thoughts and suggestions.</p> security cybersecurity python career Shreyas Hainalkar - Wed, 14 May 2025 11:53:48 +0000 https://dev.to/shreyas_void/-a8l https://dev.to/shreyas_void/-a8l