Overview
C2 is a critical component of advanced persistent threats (APTs) and botnets. It allows attackers to send commands, download additional malware, and exfiltrate stolen data from infected systems.
Techniques
- HTTP/HTTPS: Using standard web traffic to hide C2 communications.
- DNS Tunneling: Encoding commands and data within DNS queries.
- Social Media/Cloud Services: Using legitimate platforms to host C2 instructions.
Detection
Security teams look for unusual network patterns, connections to known malicious IPs, and 'beaconing' (regular check-ins from infected devices).