US Patent 9565202 System and method for detecting exfiltration content

Techniques for detecting exfiltration content are described herein. According to one embodiment, a malicious content suspect is executed within a virtual machine that simulates a target operating environment associated with the malicious content suspect. A packet inspection is performed on outbound network traffic initiated by the malicious content suspect to determine whether the outbound network traffic matches a predetermined network traffic pattern. An alert is generated indicating that the malicious content suspect should be declared as malicious, in response to determining that the outbound network traffic matches the predetermined network traffic pattern.