Description
Scheduled tasks / cron jobs are one of the most common persistence mechanisms (MITRE T1053). The current check_persistence tool does basic detection but does not enumerate scheduled tasks in detail.
On Windows, schtasks /query is needed; on Linux, crontab -l plus /etc/cron.* directories.
Proposal
Add a list_scheduled_tasks tool that:
- On Windows: runs
schtasks /query /fo CSV /v and parses results
- On Linux: reads
crontab -l for all users + /etc/cron.* directories
- Flags tasks with suspicious characteristics (running as SYSTEM, recently created, pointing to temp dirs)
- Returns structured output with task name, schedule, command, user, status
Affected Files
cyber_tools/src/lib.rs (new tool)core_engine/src/lib.rs (tool registry, priv-esc-review template)
Description
Scheduled tasks / cron jobs are one of the most common persistence mechanisms (MITRE T1053). The current
check_persistencetool does basic detection but does not enumerate scheduled tasks in detail.On Windows,
schtasks /queryis needed; on Linux,crontab -lplus/etc/cron.*directories.Proposal
Add a
list_scheduled_taskstool that:schtasks /query /fo CSV /vand parses resultscrontab -lfor all users +/etc/cron.*directoriesAffected Files
cyber_tools/src/lib.rs(new tool)core_engine/src/lib.rs(tool registry,priv-esc-reviewtemplate)