24 matches found
Windows BITS Persistence Tool
This script implements a BITS-based persistence mechanism with an embedded HTTP server and remote payload delivery for Windows...
Windows Persistence Bits Job
This Metasploit module establishes persistence through a BITS job that downloads and executes a payload. Background Intelligent Transfer Service BITS is a Windows service for transferring files in the background using idle network bandwidth. BITS jobs are persistent and will resume across reboots...
EUVD-2020-11999
Malware in sbrugna...
CVE-2020-1255
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service BITS IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'...
CVE-2020-1112
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service BITS IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'...
CVE-2020-0787
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service BITS improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'...
New Windows Backdoor BITSLOTH Exploits BITS for Stealthy Communication
Cybersecurity researchers have discovered a previously undocumented Windows backdoor that leverages a built-in feature called Background Intelligent Transfer Service BITS as a command-and-control C2 mechanism. The newly identified malware strain has been codenamed BITSLOTH by Elastic Security Lab...
Hackers Using a Windows OS Feature to Evade Firewall and Gain Persistence
A novel technique adopted by attackers finds ways to use Microsoft's Background Intelligent Transfer Service BITS so as to deploy malicious payloads on Windows machines stealthily. In 2020, hospitals, retirement communities, and medical centers bore the brunt of an ever-shifting phishing campaign...
Back in a Bit: Attacker Use of the Windows Background Intelligent Transfer Service
In this blog post we will describe: How attackers use the Background Intelligent Transfer Service BITS Forensic techniques for detecting attacker activity with data format specifications Public release of the BitsParser tool A real-world example of malware using BITS persistence --- Introduction...
Background Intelligent Transfer Service CVE-2020-0787 - Privilege Escalation
This Metasploit module exploits CVE-2020-0787, an arbitrary file move vulnerability This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Background Intelligent Transfer Service Arbitrary File Move...
Background Intelligent Transfer Service Arbitrary File Move Privilege Elevation Vulnerability
This module exploits CVE-2020-0787, an arbitrary file move vulnerability in outdated versions of the Background Intelligent Transfer Service BITS, to overwrite C:\Windows\System32\WindowsCoreDeviceInfo.dll with a malicious DLL containing the attacker's payload. To achieve code execution as the...
Microsoft Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability
Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. An elevation of privilege vulnerability exists in the IIS module of the Microsoft Windows Background Intelligent Transfer Service BITS, which arises from the program's failure to...
CVE-2020-1255
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service BITS IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'...
KLA11806 Multiple vulnerabilities in Microsoft Products (ESU)
Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges, cause denial of service, bypass security restrictions. Below is a complete list of...
KLA11773 Multiple vulnerabilities in Microsoft Windows
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, cause denial of service, execute arbitrary code, bypass security restrictions, spoof user interface. Below is a complete list of...
KLA11777 Multiple vulnerabilities in Microsoft Products (ESU)
Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, execute arbitrary code, cause denial of service, bypass security restrictions. Below is a complete list of...
CVE-2020-0787
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service BITS improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'...
PT-2020-1912
Name of the Vulnerable Software and Affected Versions Windows Background Intelligent Transfer Service BITS versions prior to the fixed version Description The issue is related to errors in handling symbolic links that display paths to files and directories. This can allow an attacker to elevate...
KB4540670: Windows 10 Version 1607 and Windows Server 2016 March 2020 Security Update
The remote Windows host is missing security update 4540670. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when the Windows Device Setup Manager improperly handles file operations. An attacker who successfully exploited this vulnerability...
LOLBITS - C# Reverse Shell Using Background Intelligent Transfer Service (BITS) As Communication Protocol
LOLBITS is a C reverse shell that uses Microsoft's Background Intelligent Transfer Service BITS to communicate with the Command and Control backend. The Command and Control backend is hidden behind an apparently harmless flask web application and it's only accesible when the HTTP requests receive...