What is the Windows Remote Registry service and how can an attacker enable it for lateral movement?

The Remote Registry service allows remote users to modify the registry of a local machine. An attacker with administrator privileges can start it using `net start remoteregistry` and then add ACL entries to grant specific users or 'Everyone' access to the `SecurePipeServers\winreg` key, enabling remote connections. This technique is detailed in Penetration Techniques - Remote Registry in Windows.