17:I[78196,["/_next/static/chunks/863f3544dde029b5.js","/_next/static/chunks/4ca441a9dd0dec38.js","/_next/static/chunks/5409064bf16640ba.js"],"default"] 18:T40b,

Data exfiltration is the final stage of many attacks.

Large Uploads: Unusual outbound traffic volume

DNS Tunneling: Abnormally long DNS queries

Cloud Storage: Uploads to Dropbox/Google Drive

f:["$","$L17",null,{"module":{"slug":"module-12","title":"Data Exfiltration Hunting","description":"Detecting large data transfers, DNS tunneling, and cloud storage uploads.","order":12,"sections":[{"id":"exfiltration","title":"Exfiltration Indicators","type":"content","content":"$18"},{"id":"quiz","title":"Exfiltration Quiz","type":"quiz","quizQuestions":[{"id":1,"type":"multiple-choice","question":"What is a common indicator of DNS tunneling?","options":["Short DNS queries","Abnormally long DNS queries","No DNS queries","Encrypted DNS queries"],"correct":"Abnormally long DNS queries"}]}]},"courseSlug":"advanced-threat-hunting","nextModuleSlug":"module-13"}]