BSides Iowa 2018: "BITS and pieces: Abusing BITS for persistence and privilege escalation"

BSides Iowa 2018 - Track 1 Speakers: Dan O’Day & Ilya Kobzar As incident responders / reverse engineers, we often learn new things about how Windows works from malware authors. We’ll share how threat actors are leveraging the Windows Background Intelligent Transfer Service (BITS) for persistence and privilege escalation. We’ll present proof-of-concept code demonstrating how this could be abused further, and we’ll show what you’d expect to see both from static and dynamic reverse engineering of this code as well as system artifacts. We’ll be sharing what we’ve learned in our experiences and research in a way that benefits both blue and red team members (insert your favorite “purple team” one-liner here).