LetsDefend Academy

Online practicing and training platform for blue team members








28%

๐Ÿ”นHow to Create Incident Response Plan

๐Ÿ”นScheduled Tasks

๐Ÿ”นUsers

๐Ÿ”นRegistry

๐Ÿ”นProcess

๐Ÿ”นStartup

๐Ÿ”นActive Ports

๐Ÿ†Quiz


Scheduled Tasks

Hackers often use scheduled task for persistence.With "Task Scheduler", scheduled tasks can be listed.

Or you can use the โ€œschtasksโ€ command via cmd.

If you want to access the logs associated with the task scheduler, you can access it from "Applications and Services Logs-Microsoft-Windows-TaskScheduler%4Operational.evtx" on the Event viewer.

Or you can follow โ€œSecurityโ€ logs like:
Event ID 4698 - A scheduled task was created
Event ID 4702 - A scheduled task was updated



Log file for questions:

Task.zip Pass=321


Questions