Regstoration

RustRegstoration is a proof-of-concept tool written in Rust to demonstrate registry modification through RegRestoreKey and the Windows Offline Registry Library.

The project was built to accompany my Origin HQ research on registry tradecraft and detection coverage. Instead of creating keys or setting values through the usual registry APIs, the tool constructs a registry hive representation and restores it over a target key, exercising a path that sits outside many common registry telemetry strategies.

The released code is intentionally demonstrative rather than operational tooling. The associated writeup documents the detection implications, the registry callback and ETW visibility considerations, and the stability risks of restoring over sensitive registry paths such as Services.