- Tactics
- Exfiltration
- Platforms
- ESXi, Linux, macOS, Windows
- Reference
- attack.mitre.org/techniques/T1041
Description
Adversaries may steal data by exfiltrating it over an existing command and control channel. Stolen data is encoded into the normal communications channel using the same protocol as command and control communications.
How GTK Cyber trains on this
GTK Cyber's Threat Hunting with Data Science course teaches you to build machine-learning detections for techniques like this across the MITRE ATT&CK framework, including the Exfiltration tactic this technique falls under. Practitioner-led, focused on real detections, not memorizing technique IDs.
Related techniques
- T1011 — Exfiltration Over Other Network Medium
- T1020 — Automated Exfiltration
- T1029 — Scheduled Transfer
- T1030 — Data Transfer Size Limits
- T1048 — Exfiltration Over Alternative Protocol
- T1052 — Exfiltration Over Physical Medium
- T1537 — Transfer Data to Cloud Account
- T1567 — Exfiltration Over Web Service