Introduction

What?

Data exfiltration is a non-traditional approach for copying and transferring data from a compromised to an attacker’s machine. The data exfiltration technique is used to emulate the normal network activities, and relies on common network protocols such as DNS, HTTP, SSH, etc.

Why?

Data Exfiltration over common protocols is challenging to detect and distinguish between legitimate and malicious traffic.

How?