dissect.target.plugins.os.windows.tasks#

Module Contents#

Classes#

Task

TasksPlugin

TODO.

Functions#

strip_namespace

Attributes#

TaskRecord

ExecRecord

ComHandlerRecord

SendEmailRecord

ShowMessageRecord

LogonTriggerRecord

BootTriggerRecord

IdleTriggerRecord

TimeTriggerRecord

TriggerRecord

EventTriggerRecord

SessionStateChangeTriggerRecord

CalendarTriggerRecord

dissect.target.plugins.os.windows.tasks.TaskRecord#
dissect.target.plugins.os.windows.tasks.ExecRecord#
dissect.target.plugins.os.windows.tasks.ComHandlerRecord#
dissect.target.plugins.os.windows.tasks.SendEmailRecord#
dissect.target.plugins.os.windows.tasks.ShowMessageRecord#
dissect.target.plugins.os.windows.tasks.LogonTriggerRecord#
dissect.target.plugins.os.windows.tasks.BootTriggerRecord#
dissect.target.plugins.os.windows.tasks.IdleTriggerRecord#
dissect.target.plugins.os.windows.tasks.TimeTriggerRecord#
dissect.target.plugins.os.windows.tasks.TriggerRecord#
dissect.target.plugins.os.windows.tasks.EventTriggerRecord#
dissect.target.plugins.os.windows.tasks.SessionStateChangeTriggerRecord#
dissect.target.plugins.os.windows.tasks.CalendarTriggerRecord#
dissect.target.plugins.os.windows.tasks.strip_namespace(data)#
class dissect.target.plugins.os.windows.tasks.Task(xml_data)#
get_element(path, xml_data=None)#
get_raw(path)#
get_triggers()#
get_actions()#
class dissect.target.plugins.os.windows.tasks.TasksPlugin(target)#

Bases: dissect.target.plugin.Plugin

TODO.

PATHS = ['sysvol/windows/system32/tasks', 'sysvol/windows/system32/tasks_migrated',...#
check_compatible()#

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:

UnsupportedPluginError – If the plugin could not be loaded.

tasks()#

Return all scheduled tasks on a Windows system.

On a Windows system, a scheduled task is a program or script that is executed on a specific time or at specific intervals. An adversary may leverage such scheduled tasks to gain persistence on a system.

References

parse_task(entry)#