TaskHound is a Windows Privileged Scheduled Task Discovery Tool designed to identify attack opportunities. It enumerates tasks over SMB, parses XMLs, and integrates with BloodHound for visualizing attack paths.
Key Features:
- Tier 0 & High Value Detection: Identifies tasks running as privileged accounts.
- BloodHound Integration: Connects to live BloodHound instances or ingests exports for attack path analysis.
- OpenGraph Support: Visualizes tasks as graph entities in BloodHound Community Edition.
- DPAPI Support: Collects and decrypts DPAPI blobs from scheduled tasks.
- SID Resolution: Supports LDAP for SID lookups.
- Password Analysis: Analyzes password age relative to task creation date.
- Offline Analysis: Processes previously collected XML files.
- BOF: BOF implementation for AdaptixC2.
Use Cases:
- Red Team Operations: Discovering lateral movement and privilege escalation opportunities.
- Security Audits: Identifying misconfigured scheduled tasks that pose a security risk.
- Active Directory Security: Mapping out attack paths involving privileged task execution.
