- Tactics
- Exfiltration
- Platforms
- Linux, macOS, Windows, ESXi
- Reference
- attack.mitre.org/techniques/T1030
Description
An adversary may exfiltrate data in fixed size chunks instead of whole files or limit packet sizes below certain thresholds. This approach may be used to avoid triggering network data transfer threshold alerts.
How GTK Cyber trains on this
GTK Cyber's hands-on training programs cover detection engineering across the MITRE ATT&CK framework, including the Exfiltration tactic this technique falls under. Our practitioner-led courses focus on building real detections, not just memorizing technique IDs.
Related techniques
- T1011 — Exfiltration Over Other Network Medium
- T1020 — Automated Exfiltration
- T1029 — Scheduled Transfer
- T1041 — Exfiltration Over C2 Channel
- T1048 — Exfiltration Over Alternative Protocol
- T1052 — Exfiltration Over Physical Medium
- T1537 — Transfer Data to Cloud Account
- T1567 — Exfiltration Over Web Service