- Tactics
- Exfiltration
- Platforms
- Linux, macOS, Windows, ESXi
- Reference
- attack.mitre.org/techniques/T1030
Description
An adversary may exfiltrate data in fixed size chunks instead of whole files or limit packet sizes below certain thresholds. This approach may be used to avoid triggering network data transfer threshold alerts.
How GTK Cyber trains on this
GTK Cyber's Threat Hunting with Data Science course teaches you to build machine-learning detections for techniques like this across the MITRE ATT&CK framework, including the Exfiltration tactic this technique falls under. Practitioner-led, focused on real detections, not memorizing technique IDs.
Related techniques
- T1011 — Exfiltration Over Other Network Medium
- T1020 — Automated Exfiltration
- T1029 — Scheduled Transfer
- T1041 — Exfiltration Over C2 Channel
- T1048 — Exfiltration Over Alternative Protocol
- T1052 — Exfiltration Over Physical Medium
- T1537 — Transfer Data to Cloud Account
- T1567 — Exfiltration Over Web Service