scheduled-tasks▌
4 indexed skills · max 10 per page
hunting-for-scheduled-task-persistence
mukul975/Anthropic-Cybersecurity-Skills · hunting-for-scheduled-task-persistence
Hunt for adversary persistence via Windows Scheduled Tasks by analyzing task creation events, suspicious task actions, and unusual scheduling patterns.
performing-malware-persistence-investigation
mukul975/Anthropic-Cybersecurity-Skills · performing-malware-persistence-investigation
Systematically investigate all persistence mechanisms on Windows and Linux systems to identify how malware survives reboots and maintains access.
hunting-for-suspicious-scheduled-tasks
mukul975/Anthropic-Cybersecurity-Skills · hunting-for-suspicious-scheduled-tasks
Hunt for adversary persistence and execution via Windows scheduled tasks by analyzing task creation events, suspicious task properties, and unusual execution patterns that indicate T1053.005 abuse.
detecting-malicious-scheduled-tasks-with-sysmon
mukul975/Anthropic-Cybersecurity-Skills · detecting-malicious-scheduled-tasks-with-sysmon
Detect malicious scheduled task creation and modification using Sysmon Event IDs 1 (Process Create for schtasks.exe), 11 (File Create for task XML), and Windows Security Event 4698/4702. The analyst correlates task creation with suspicious parent processes, public directory paths, and encoded command arguments to identify persistence and lateral movement via scheduled tasks. Activates for requests involving scheduled task detection, Sysmon persistence hunting, or T1053.005 Scheduled Task/Job analysis.