- Tactics
- Exfiltration
- Platforms
- ESXi, Linux, macOS, Windows
- Reference
- attack.mitre.org/techniques/T1041
Description
Adversaries may steal data by exfiltrating it over an existing command and control channel. Stolen data is encoded into the normal communications channel using the same protocol as command and control communications.
How GTK Cyber trains on this
GTK Cyber's hands-on training programs cover detection engineering across the MITRE ATT&CK framework, including the Exfiltration tactic this technique falls under. Our practitioner-led courses focus on building real detections, not just memorizing technique IDs.
Related techniques
- T1011 — Exfiltration Over Other Network Medium
- T1020 — Automated Exfiltration
- T1029 — Scheduled Transfer
- T1030 — Data Transfer Size Limits
- T1048 — Exfiltration Over Alternative Protocol
- T1052 — Exfiltration Over Physical Medium
- T1537 — Transfer Data to Cloud Account
- T1567 — Exfiltration Over Web Service