Skip to content
/ SwiftMover Public

Source code for a deprecated "LOTL file transfer technique" which would utilize the Windows BITS subsystem

License

GPL-3.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

PlatinumVoyager/SwiftMover

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
swiftheader.h
swiftheader.h
 
 
swiftmover.c
swiftmover.c
 
 

Repository files navigation

image

SwiftMover

Source code for a deprecated "LOTL file transfer technique" which would utilize the Windows BITS subsystem

  • What is LOTL (Living Off The Land) is a generalized technique in which Cyber operators utilize pre-existing tools/infrastructure upon a targeted host to reduce to likelyhood that any footprints/metadata of the initial operation took place.
  • In particular SwiftMover would have used the Windows 10/11 "Background Intelligent Transfer Service (BITS)" in C to upload/download remote files.

image

The nice thing about BITS is that it cares for the end user.

  • Developing a separate custom subsystem for taking account into user bandwidth in order to not arouse suspicion is not needed.
  • Creating additional lower-level file transfer/access methods is no longer needed.
  • Appearing as a legitimate Windows internal service is no longer needed.
  • Clandestine Process Injection techniques deployed to local processes to move data to/from the internal network is no longer needed.

image

About

Source code for a deprecated "LOTL file transfer technique" which would utilize the Windows BITS subsystem

Topics

c windows-10 cybersecurity file-transfer windows-11 lotl

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages