| 2022-07-28 | Johannes Ullrich | Exfiltrating Data With Bookmarks |
| 2022-03-09 | Xavier Mertens | Infostealer in a Batch File |
| 2021-12-01 | Xavier Mertens | Info-Stealer Using webhook.site to Exfiltrate Data |
| 2021-03-31 | Xavier Mertens | Quick Analysis of a Modular InfoStealer |
| 2021-02-04 | Bojan Zdrnja | Abusing Google Chrome extension syncing for data exfiltration and C&C |
| 2021-02-01 | Rob VandenBrink | Taking a Shot at Reverse Shell Attacks, CNC Phone Home and Data Exfil from Servers |
| 2020-08-18 | Xavier Mertens | Using API's to Track Attackers |
| 2020-01-10 | Xavier Mertens | More Data Exfiltration |
| 2019-09-19 | Xavier Mertens | Agent Tesla Trojan Abusing Corporate Email Accounts |
| 2019-03-06 | Xavier Mertens | Keep an Eye on Disposable Email Addresses |
| 2018-11-27 | Rob VandenBrink | Data Exfiltration in Penetration Tests |
| 2018-06-15 | Lorna Hutcheson | SMTP Strangeness - Possible C2 |
| 2018-05-19 | Xavier Mertens | Malicious Powershell Targeting UK Bank Customers |
| 2018-05-10 | Bojan Zdrnja | Exfiltrating data from (very) isolated environments |
| 2017-04-20 | Xavier Mertens | DNS Query Length... Because Size Does Matter |
| 2016-07-26 | Johannes Ullrich | Command and Control Channels Using "AAAA" DNS Records |
https://www.sans.edu
