BITS Jobs
File upload to the compromised system.
Execution
attacker@victim
Observations
Commandline arguments monitoring can help discover bitsadmin usage:
Application Logs > Microsoft > Windows > Bits-Client > Operational
shows logs related to jobs, which you may want to monitor as well. An example of one of the jobs:
References
Last updated