This talk presents an analysis of security shortfalls in the implementation of the Remote Registry protocol by the latest Windows operating systems (such as Windows 10). The analysis shows how these weaknesses can be used by an attacker applying a man in the middle technique to write arbitrary data to the victim’s Windows registry, and consequently execute code remotely. The article also describes a tool capable of intercepting the Windows Registry protocol packets and modifying them. The insertion of these values is not trivial, since the modification of the length of a field in a certain packet layer causes inconsistency in the control fields of the lower layers (such as lengths or checksums). Additionally, the following sequence number of a packet in a session is based on the length of the packet, causing the connection to break. The tool automatically recalculates all control fields for the TCP / IP / SMB2 / RPC layers of the different protocol packets, and applies an algorithm for correcting the sequence numbers of all packets so that, once a value has been entered by an attacker, the connection will not break. This tool is the only public application capable of performing a man in the middle attack on the Remote Windows Registry protocol.