Skip to content

Latest commit

 

History

History
32 lines (17 loc) · 775 Bytes

T1030.md

File metadata and controls

32 lines (17 loc) · 775 Bytes

T1030 - Data Transfer Size Limits

An adversary may exfiltrate data in fixed size chunks instead of whole files or limit packet sizes below certain thresholds. This approach may be used to avoid triggering network data transfer threshold alerts.

Atomic Tests


Atomic Test #1 - Data Transfer Size Limits

Take a file/directory, split it into 5Mb chunks

Supported Platforms: macOS, Linux

Attack Commands: Run with sh!

cd /tmp/
dd if=/dev/urandom of=/tmp/victim-whole-file bs=25M count=1
split -b 5000000 /tmp/victim-whole-file
ls -l