Data Exfiltration
Data Exfiltration describes the way we communicate with our Command & Control Server (TA0011). It also describes general data exfiltration out of the network, such as the goal (e.g. a dummy database) set in the assessment (TA0010).
Communication with the Command & Control server is done in various ways. This includes standard protocols such as HTTP and more bespoke protocols, if we identify that they are in use by our target. For example, if we identify that Microsoft Teams is in use and Chats with people outside the organization are allowed, then we could use this as a communication channel.
The way data is send to the Command & Control Server is fully customized to fit into the environment. Adapting network traffic helps us to remain hidden in the general network noise while performing the attack simulation.
As part of our simulations we also perform data exfiltration of (randomized) datasets to discover if higher amounts of data can be exfiltrated out of the network, either in chunks or via a constant network stream.