Introduction

What?

Practice data exfiltration techniques (in the THM Lab environment set up for it) to emulate normal network activities, such as DNS, HTTP, SSH, etc.

Why?

Data exfiltration over common protocols is challenging to detect and distinguish between legitimate and malicious traffic.

How?

• Exfiltration using TCP socket

• Exfiltration using FTP/SSH/SCP/SFTP

• Data exfiltration over HTTP

• HTTP tunneling

• Data exfiltration over ICMP

• ICMP C2 communication

• Exfiltration over DNS

• DNS tunneling