Scheduled Tasks for Cyber Security Professionals

What are Scheduled Tasks?

Scheduled tasks are a feature of the Windows operating system that allows users to schedule certain programs or processes to run automatically at a specified time or date. This can be useful for running programs that need to be executed on a regular basis, such as backups or maintenance tasks. Scheduled tasks are managed through the Task Scheduler program, which can be accessed through the control panel or by typing “Task Scheduler” in the search box on the Start menu.

What can Cyber Criminals do with Scheduled tasks?

Scheduled tasks are used by cyber criminals to automate certain actions or processes that they have set up on a victim’s computer. For example, a cyber criminal may use a scheduled task to automatically download and install malware on a victim’s computer at a specific time, or to periodically exfiltrate data from the victim’s system to a remote server under the attacker’s control. This can make it difficult for the victim to detect the malicious activity, and can allow the attacker to continue to compromise the system even if the victim is not actively using the computer.

Get a list of scheduled tasks on you system:

To list all scheduled tasks on a system with PowerShell, you can use the Get-ScheduledTask cmdlet. This cmdlet allows you to retrieve a list of all scheduled tasks on the system, or to filter the list to only show tasks with specific properties or that match certain criteria. For example, to list all tasks on the system, you can use the following command:

To list only tasks that are currently enabled, you can use the -TaskState parameter, like this:

To list tasks that are set to run at a specific time, you can use the -StartBoundary parameter, followed by the time you want to search for, like this:

You can also combine multiple parameters to create more complex searches. For example, to list only tasks that are enabled and set to run at a specific time, you can use the following command:

These are just a few examples of the many different ways you can use the Get-ScheduledTask cmdlet to list scheduled tasks on a system with PowerShell. For more information and a full list of available parameters, you can type “Get-Help Get-ScheduledTask” in a PowerShell window to view the cmdlet’s documentation.

Creating a scheduled task

To create a scheduled task on a Windows system with PowerShell, you can use the New-ScheduledTaskAction cmdlet to specify the action that the task will perform, the New-ScheduledTaskTrigger cmdlet to specify when the task will be triggered, and the Register-ScheduledTask cmdlet to register the task with the Task Scheduler.

Here is an example of how you might use these cmdlets to create a scheduled task that runs a PowerShell script at a specific time each day:

This will create a scheduled task named “MyTask” that runs the script located at C:\Scripts\MyScript.ps1 at 3:00 PM each day.