Aggregation and Exfiltration Phase
Data is transferred from machine to machine.
Internally [Aggregation] it can be done using existing channels.
Externally [Exfiltration].
It can be done directly using existing channels.
File copy, email, file sharing, etc ...
Can be detected.
It can be done by hiding information within existing/allowed channels and licit communications.
Slower data transfer, harder (impossible ?) to detect.
Examples:
Usage of steganography in photos (via social networking).
Usage of embedded data in text and voice messages.
...
Last updated