The final phase of the Unified Kill Chain. These TTPs will depend on the goals and objectives of the exercise.

  • As a red teamer, you need to find the “objective” of your operation and then prove access to that objective to your client.

1. Collection

  • Tactic used to identify and gather data from target network.

2. Data Staging

  • Move collected data to a central location for exfiltration.

3. Exfiltration

  • Tactic that results in removing data from target network.
  • Is an important step to gauge how effectively an organisation can detect and respond to their sensitive data being removed.
  • Can prove access to real data, but carry out an exfiltration exercise with dummy data.