`dissect.target.plugins.os.windows.tasks`#

Module Contents#

Classes#

TasksPlugin

Plugin for retrieving scheduled tasks on a Windows system.

Attributes#

TaskRecord

dissect.target.plugins.os.windows.tasks.TaskRecord#

class dissect.target.plugins.os.windows.tasks.TasksPlugin(target: dissect.target.target.Target)#

Bases: dissect.target.plugin.Plugin

Plugin for retrieving scheduled tasks on a Windows system.

Parameters:: target – The target system.

PATHS#

GLOB_PATHS = ['sysvol/windows/system32/GroupPolicy/DataStore/*/Machine/Preferences/ScheduledTasks/*',...#

check_compatible() → None#

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:: UnsupportedPluginError – If the plugin could not be loaded.

tasks() → Iterator[TaskRecord | flow.record.GroupedRecord]#

Return all scheduled tasks on a Windows system.

On a Windows system, a scheduled task is a program or script that is executed on a specific time or at specific intervals. An adversary may leverage such scheduled tasks to gain persistence on a system.

References

https://en.wikipedia.org/wiki/Windows_Task_Scheduler

Yields:: The scheduled tasks found on the target.

dissect.target.plugins.os.windows.tasks#

Module Contents#

Classes#

Attributes#

`dissect.target.plugins.os.windows.tasks`#