Infosec Institute -
The MITRE ATT&CK framework is a tool developed by the MITRE Corporation to build an understanding of how cyberattacks work. It breaks the lifecycle of a cyberattack into distinct objectives that the attacker may need to achieve (called tactics). For each of these, MITRE ATT&CK describes specific ways to achieve that objective (techniques).
One of the tactics in the MITRE ATT&CK framework is exfiltration. This tactic describes how an attacker can take data collected within a target network and exfiltrate it outside the network to systems under the attacker’s control.
Introduction to exfiltration over alternative protocols
Exfiltrating data without being detected can be difficult. Certain protocols are well-suited to data exfiltration, a fact that is known to cyberattackers and defenders alike. Cybersecurity tools and defenders commonly monitor these protocols for signs of data exfiltration, enabling them to detect and respond to intrusions.
However, while certain protocols are better suited to data exfiltration, this does not mean that they are the only options. The alternative protocols technique in the MITRE ATT&CK framework discusses how an attacker can use a non-standard protocol for data exfiltration.
The protocols most used for data exfiltration are usually the ones that are capable