Exfiltration
Details
| ID | PT0011 |
| MITRE ATT&CK ID | TA0010 |
| Created | 2026-06-22 |
| Last Modified | 2026-06-22 |
| Contributors | slashsec |
| Version Permalink | Link |
Description
The adversary is trying to leave the premises with people, assets, or intelligence.
Exfiltration consists of techniques for exiting facilities or controlled areas without detention or attribution. This includes departing through normal egress points, loading areas, or emergency routes while carrying collected materials or maintaining cover.
Techniques
| ID | Name | Description |
|---|---|---|
| P0010 | Exploit Physical Access Weaknesses | Adversaries may take advantage of misconfigurations, poor maintenance, or unintended gaps in physical security. Exploitation targets weaknesses such as unsecured perimeter controls or openings left unrestricted. |
| P0010.001 | Exploit Perimeter Controls | Adversaries may exploit weaknesses in perimeter controls such as gaps in fencing, inoperative sensors, misaligned gates, or schedules that leave boundaries unmonitored. Exploitation uses the control failure rather than direct force against the barrier. |
| P0010.002 | Exploit Unrestricted Opening | Adversaries may exploit doors, windows, loading docks, or other openings left unlocked, propped open, or without required access controls. Unrestricted openings allow entry without defeating hardware or credentials. |
| P0010.003 | Exploit Request-to-Exit Sensor | Adversaries may exploit request-to-exit sensors that unlock doors from the secure side without credential validation. Triggering motion detectors, pressure mats, or push plates from outside the controlled area can unlock secured doors without valid credentials. |
| P0031 | Exfiltrate via Entry Route | Adversaries may exit through the same controlled entry points used for access, such as main doors, turnstiles, or visitor checkpoints. Departing via the entry route preserves cover when the adversary still appears authorized or follows normal egress flow. |
| P0032 | Exfiltrate via Emergency Route | Adversaries may leave through emergency exits, fire doors, or other egress paths intended for evacuation. Emergency routes may have fewer credential checks or monitoring than primary entries during an operation. |
| P0033 | Exfiltrate via Alternative Route | Adversaries may exit through paths other than the primary entry or designated emergency egress, such as loading docks, service doors, utility tunnels, or perimeter gaps. Alternative routes can avoid checkpoints where the adversary would be challenged on departure. |