We are looking for tasks that are run by a privileged user and we can change their commands or paths.

Via GUI

Open task scheduler

taskschd.msc

control schedtasks

VIa CLI

**Output for all tasks: **

schtasks /query /fo LIST /v | findstr /v "\\Microsoft" > tasks.txt

Or in a Table:

schtasks /query /fo TABLE

**Specific task: **

schtasks/query /fo LIST /v /tn TaskName

Start Scheduled tasks:

PS> Start-ScheduledTask -TaskName "ScanSoftware"

Stop Scheduled task:

PS> Stop-ScheduledTask -TaskName "ScanSoftware"

PowerUP (In PowerSploit)

Get-ModifiableScheduledTaskFile