13. Exfiltration
Exfiltration (TA0010)
Exfiltration consists of techniques that adversaries may use to steal data from your network. Once theyβve collected data, adversaries often package it to avoid detection while removing it. This can include compression and encryption. Techniques for getting data out of a target network typically include transferring it over their command and control channel or an alternate channel and may also include putting size limits on the transmission.
Strategy
- Low and Slow: Trickle data out over days to avoid spikes in network traffic.
- Alternate Channels: Use non-monitored protocols (DNS, ICMP) or services (Google Drive).
Section Contents
-
Exfiltration Over C2 Channel
Stealing data by sending it through the existing Command and Control channel.
-
Exfiltration Over Web Service
Uploading stolen data to legitimate external web services.
