I published the following diary on isc.sans.org: “Investigating Microsoft BITS Activity“:
Microsoft BITS (“Background Intelligent Transfer Service”) is a tool present[1] in all modern Microsoft Windows operating systems. As the name says, you can see it as a “curl” or “wget” tool for Windows. It helps to transfer files between a server and a client but it also has plenty of interesting features. Such a tool, being always available, is priceless for attackers. They started to use BITS to grab malicious contents from the Internet… [Read more]
[The post [SANS ISC] Investigating Microsoft BITS Activity has been first published on /dev/random]
Article Link: https://blog.rootshell.be/2018/01/26/sans-isc-investigating-microsoft-bits-activity/