My Games
Account 🔐
Sign Up
Login
Global Leaderboard
Case Vault
Badge Backpack
Blue Team Glossary
Login and start playing
Leaving so soon?
×
You really want to log out? We were having so much fun!
Home
›
Glossary
›
bytes;exfil
Bytes;exfil
Definition
Refers to the **amount and pattern of data being sent out of a system during data exfiltration**. Analysts examine **byte size and flow** to identify when data is being stolen in ways designed to **avoid detection**. **Why it matters** Attackers often: * Send data in **small or fixed-size chunks** * **Limit transfer speed** (intentionally sending data slowly to avoid detection) * **Distribute data across multiple transfers** **Unusual outbound byte volume**, especially when a system sends **more data than it receives**, can indicate **exfiltration activity**, even if no alert is triggered.
Explore More Terms
Hostname
Moonstone-Sleet
Insider-Threat
Plink
Process_commandline
Examples & Use Cases
* Analysts observe **consistent outbound transfers with the same byte size** occurring at regular intervals, which may indicate **stealthy data exfiltration**. * A client system sends **significantly more data than it receives**, creating an **uncommon data flow** that signals possible exfiltration. * Attackers break stolen information into **multiple small fragments**, increasing the **total number of bytes and packets** to evade detection over time. * During investigation, analysts compare **expected protocol behavior** to actual traffic and flag **byte patterns that do not match normal use**. * Byte analysis is also used to identify **Command and Control (C2) communication**, where malware expects or sends **specific byte counts** to exchange commands.
.png)
