Getting it out¶

Exfiltration is the riskiest phase: the moment data moves from the target environment to attacker infrastructure, it crosses detection boundaries designed specifically to catch it. Modern exfiltration avoids those boundaries by using channels the organisation already trusts.