From 852f395f861e8134cf23cf2335e918862f00f3fe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ossi=20V=C3=A4=C3=A4n=C3=A4nen?= <ossi.vaananen@sanoma.com>
Date: Sun, 7 Oct 2018 13:54:53 +0300
Subject: [PATCH 1/2] Schtasks

---
 OSBinaries/Schtasks.md | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 OSBinaries/Schtasks.md

diff --git a/OSBinaries/Schtasks.md b/OSBinaries/Schtasks.md
new file mode 100644
index 0000000..823bbcc
--- /dev/null
+++ b/OSBinaries/Schtasks.md
@@ -0,0 +1,24 @@
+## schtasks.exe
+
+* Functions: Execute, Persistence
+
+```
+schtasks /create /sc minute /mo 1 /tn "Reverse shell" /tr c:\some\directory\revshell.exe
+```
+
+Acknowledgements:
+* 
+
+Code sample:
+* 
+
+Resources:
+* https://isc.sans.edu/forums/diary/Adding+Persistence+Via+Scheduled+Tasks/23633/
+
+Full path:
+```
+c:\windows\system32\schtasks.exe
+```
+
+Notes:
+Create a recurring task to provide persistence, eg. to start a reverse shell
\ No newline at end of file

From 31d7b4aa7702f20dd7427eae1643c6f09cc9c199 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ossi=20V=C3=A4=C3=A4n=C3=A4nen?= <ossi.vaananen@sanoma.com>
Date: Wed, 24 Oct 2018 11:55:52 +0300
Subject: [PATCH 2/2] Failed to RTFM -- removed .md, added .yml

---
 OSBinaries/Schtasks.md      | 24 ------------------------
 yml/OSBinaries/Schtasks.yml | 22 ++++++++++++++++++++++
 2 files changed, 22 insertions(+), 24 deletions(-)
 delete mode 100644 OSBinaries/Schtasks.md
 create mode 100644 yml/OSBinaries/Schtasks.yml

diff --git a/OSBinaries/Schtasks.md b/OSBinaries/Schtasks.md
deleted file mode 100644
index 823bbcc..0000000
--- a/OSBinaries/Schtasks.md
+++ /dev/null
@@ -1,24 +0,0 @@
-## schtasks.exe
-
-* Functions: Execute, Persistence
-
-```
-schtasks /create /sc minute /mo 1 /tn "Reverse shell" /tr c:\some\directory\revshell.exe
-```
-
-Acknowledgements:
-* 
-
-Code sample:
-* 
-
-Resources:
-* https://isc.sans.edu/forums/diary/Adding+Persistence+Via+Scheduled+Tasks/23633/
-
-Full path:
-```
-c:\windows\system32\schtasks.exe
-```
-
-Notes:
-Create a recurring task to provide persistence, eg. to start a reverse shell
\ No newline at end of file
diff --git a/yml/OSBinaries/Schtasks.yml b/yml/OSBinaries/Schtasks.yml
new file mode 100644
index 0000000..7b3deff
--- /dev/null
+++ b/yml/OSBinaries/Schtasks.yml
@@ -0,0 +1,22 @@
+---
+Name: Schtasks.exe
+Description: Schedule periodic tasks
+Author: 'Ossi Vaananen'
+Created: '2018-10-24'
+Commands:
+  - Command: schtasks /create /sc minute /mo 1 /tn "Reverse shell" /tr c:\some\directory\revshell.exe
+    Description: Create a recurring task to execute every minute.
+    Usecase: Create a recurring task, to eg. to keep reverse shell session(s) alive
+    Category: Persistence
+    Privileges: User
+    OperatingSystem: Windows
+Full Path:
+- Path: c:\windows\system32\schtasks.exe
+Code Sample: 
+- Code:
+Resources:
+ - Link: https://isc.sans.edu/forums/diary/Adding+Persistence+Via+Scheduled+Tasks/23633/
+ Acknowledgement:
+  - Person: Ossi Vaananen
+    Handle:
+---