BITS and Pieces: Abusing BITS for Persistence and Privilege Escalation

This is a past event

88 people went


Abstract: As an incident responder, Dan O'Day, often learns new things about how Windows works from malware authors. He will share how threat actors are leveraging the Windows Background Intelligent Transfer Service (BITS) for persistence and privilege escalation. Dan will present a proof-of-concept method demonstrating how this could be abused further, and he'll show what you’d expect to see from analysis of system artifacts left behind. Dan will share what he's learned in his experience and research in a way that benefits both blue and red team members. This will be a beginner-friendly talk that has stuff for advanced folks too.

Bio: Dan O’Day is a cyber response professional in KPMG's Cyber Security Services practice, where he provides services to clients in the areas of digital forensics and incident response (DFIR) and solves related technical challenges. Dan used to do cool stuff for the government, has taught in academic and corporate settings, loves reading, and likes tacos al pastor.

Pizza and drinks will be provided.


Robert Half Technology was launched in 1994 and today has more than 100 offices. We offer a full spectrum of technology staffing services – from project, contract-to-hire and full-time staffing services to IT Managed Services and IT Solution consulting, we have you covered. Our skilled technology professionals work on a project and full-time basis for initiatives ranging from web development and systems integration to network security and technical support. Robert Half Technology takes a specialized approach to IT staffing which enables us to provide highly skilled technology professionals with leading-edge skills to our clients as part of meeting their overall staffing needs.