Exfiltration (9 techniques)
Stealing data from the network.
The Exfiltration tactic groups MITRE ATT&CK techniques used by adversaries to stealing data from the network. Each technique below has its own page with detection guidance, platforms, and sub-techniques.
- T1011 — Exfiltration Over Other Network Medium Linux, macOS, Windows
- T1020 — Automated Exfiltration Linux, macOS, Network Devices, Windows
- T1029 — Scheduled Transfer Linux, macOS, Windows
- T1030 — Data Transfer Size Limits Linux, macOS, Windows, ESXi
- T1041 — Exfiltration Over C2 Channel ESXi, Linux, macOS, Windows
- T1048 — Exfiltration Over Alternative Protocol ESXi, IaaS, Linux, macOS, Network Devices, Office Suite, SaaS, Windows
- T1052 — Exfiltration Over Physical Medium Linux, macOS, Windows
- T1537 — Transfer Data to Cloud Account IaaS, Office Suite, SaaS
- T1567 — Exfiltration Over Web Service ESXi, Linux, macOS, Office Suite, SaaS, Windows
Detection engineering training, taught by practitioners.
Learn how to build real detections across the MITRE ATT&CK framework.
View Courses