Where: IIT Rice Campus 201 E Loop Rd, Wheaton, IL 60189 in Room 103.
Title: BITS and pieces: Abusing BITS for persistence and privilege escalation
Abstract: As incident responders / reverse engineers, we often learn new things about how Windows works from malware authors. We’ll share how threat actors are leveraging the Windows Background Intelligent Transfer Service (BITS) for persistence and privilege escalation. We’ll present proof-of-concept code demonstrating how this could be abused further, and we’ll show what you’d expect to see both from static and dynamic reverse engineering of this code as well as system artifacts. We’ll be sharing what we’ve learned in our experiences and research in a way that benefits both blue and red team members (insert your favorite “purple team” one-liner here).
Bio: Dan O’Day is a cyber response professional for a large global consulting firm that provides services to clients in the areas of digital forensics and incident response (DFIR) and whatever related technical challenges clients want to pay him to solve. Dan used to do cool stuff for the government, has taught in academic and corporate settings, loves reading, and likes tacos al pastor.
Ilya Kobzar works for a large multinational company and provides incident response, computer forensics, and malware reverse engineering services, in other words: he enjoys finding bad guys in your network, understanding what they’ve done, and how their tools work. Ilya likes reading books and playing video games. He was born and raised in Moscow, Russia.