Assuming the exfiltration can be differentiated from normal behavior! | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		drb91 on May 1, 2019 \| parent \| context \| favorite \| on: Hackers went undetected in Citrix’s internal netwo... Assuming the exfiltration can be differentiated from normal behavior!

auiya on May 2, 2019 [–]

Seeing large amounts of encrypted traffic leaving via a DNS tunnel during non-standard business hours for instance would be an example of such an anomaly. It's not always that easy to detect however.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact