A brand new open-source safety device, TaskHound, helps penetration testers and safety professionals establish high-risk Home windows scheduled duties that would expose programs to assaults.
The device mechanically discovers duties working with privileged accounts and saved credentials, making it a worthwhile addition to safety assessments.
What Makes TaskHound Completely different?
TaskHound stands out by automating the invention of harmful scheduled duties throughout Home windows networks.
As a substitute of manually looking via system logs, the device scans distant machines over SMB and parses process XML recordsdata to establish safety weaknesses.
FeatureUse CaseTier 0 DetectionIdentify high-value administrative account exposureBloodHound IntegrationCorrelate duties with assault paths for danger assessmentPassword AnalysisWork with the present BloodHound infrastructureOffline AnalysisAnalyze duties in OPSEC-conscious environmentsBOF ImplementationBeacon-based operations with out direct community accessCredential Guard DetectionEvaluate DPAPI dump success likelihoodSID ResolutionImprove readability in combined SID/username environmentsMulti-format SupportWork with current BloodHound infrastructureFlexible AuthenticationFlexible authentication for numerous community scenariosMultiple Output FormatsIntegrate findings into safety workflows and reporting
It seems for duties working as administrative accounts, privileged customers, or Tier 0 accounts, usually the highest-value targets for attackers.
The device integrates with BloodHound, a well-liked community safety visualization platform.
This integration permits safety groups to mechanically correlate scheduled duties with BloodHound’s assault path knowledge, revealing which duties pose essentially the most important danger of their surroundings.
TaskHound consists of a number of highly effective options for menace hunters. It mechanically detects duties assigned to Tier 0 customers, reminiscent of Area Admins and Enterprise Admins.
The device analyzes when credentials have been final modified in comparison with when duties have been created, serving to establish outdated passwords that may very well be weak to offline cracking.
The platform helps each trendy BloodHound Group Version and legacy BloodHound codecs, making it appropriate with current safety infrastructure.
TaskHound can even work offline, analyzing beforehand collected XML recordsdata with out requiring direct community entry.
For operators utilizing AdaptixC2, the device features a Beacon Object File implementation. Throughout a penetration take a look at, TaskHound rapidly identifies exploitation alternatives.
Duties working underneath compromised accounts might be manipulated to realize system entry.
The device gives detailed reporting displaying process places, related credentials, creation dates, and really useful subsequent steps for every discovering.
Taskhound device output
The creator emphasizes strict OPSEC (operational safety) concerns. For the reason that device depends on customary SMB operations, community defenders may detect its exercise.
For delicate assessments, customers can make use of the standalone BOF model or manually accumulate duties for offline evaluation.
The undertaking roadmap features a direct BloodHound database connector and a devoted NetExec module to broaden integration with different fashionable safety frameworks.
The GitHub developer additionally plans automated credential extraction for offline decryption.
TaskHound fills a vital hole in Home windows privilege-escalation evaluation, automating a tedious handbook course of whereas offering actionable intelligence to safety groups defending enterprise networks.
Comply with us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to function your tales.
