In this talk, Mateusz Jurczyk from Google dives into the Windows registry, one of the oldest subsystems in the Windows kernel. Despite its 30-year history, the registry continues to serve as the main configuration storage for the system and third-party applications. Mateusz discusses the security implications of the registry’s code versatility and kernel privileges, which make it a prime target for memory corruption and local privilege escalation attacks. He shares his journey of understanding the mechanics of the codebase, which led to the discovery of over 35 CVEs, ranging from classical memory corruption issues to registry-specific bug patterns.