Get-SecurityDescriptor

1.1

This script reviews the Registry Hive and identifies any scheduled tasks without SD (security descriptor) Value within the Task Key. We recommend that you perform analysis on these tasks as needed. The absence of SecurityDescriptor is a Defense Evasion and Persistence technique as these tasks will remain hidden from regular tasks queries results except an examiner man
This script reviews the Registry Hive and identifies any scheduled tasks without SD (security descriptor) Value within the Task Key. We recommend that you perform analysis on these tasks as needed. The absence of SecurityDescriptor is a Defense Evasion and Persistence technique as these tasks will remain hidden from regular tasks queries results except an examiner manually reviews the registry path


Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Script -Name Get-SecurityDescriptor

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Author(s)

adebolaige

Copyright

Copyright (c) 2022 Adebola Ige

Version History

Version Downloads Last updated
1.1 (current version) 35 4/22/2022
1.0 8 4/20/2022