Get-SecurityDescriptor

1.1

This script reviews the Registry Hive and identifies any scheduled tasks without SD (security descriptor) Value within the Task Key. We recommend that you perform analysis on these tasks as needed. The absence of SecurityDescriptor is a Defense Evasion and Persistence technique as these tasks will remain hidden from regular tasks queries results except an examiner man
This script reviews the Registry Hive and identifies any scheduled tasks without SD (security descriptor) Value within the Task Key. We recommend that you perform analysis on these tasks as needed. The absence of SecurityDescriptor is a Defense Evasion and Persistence technique as these tasks will remain hidden from regular tasks queries results except an examiner manually reviews the registry path


Show more

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Script -Name Get-SecurityDescriptor

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Copyright

Copyright (c) 2022 Adebola Ige

Package Details

Author(s)

  • adebolaige

Tags

Tarrask malware Hafnium Registry SecurityDescriptor Scheduledtasks tasks Windows MITRE T1036 Persistence T1053 schtasks scheduler

Functions

Get-SecurityDescriptor

Dependencies

This script has no dependencies.

FileList

Version History

Version Downloads Last updated
1.1 (current version) 178 4/22/2022
1.0 19 4/20/2022