Command and Control (C2)
A technique used by cybercriminals to remotely control compromised systems.
Understanding Command and Control
Command and Control (C2) is a crucial stage in cyberattacks where threat actors establish communication with compromised systems. C2 infrastructure allows attackers to remotely execute commands, exfiltrate data, and maintain persistent access within a target network.
Types of Command and Control Techniques
Domain Fronting
Hides malicious traffic behind legitimate domains to evade detection.
2. Encrypted C2 Channels
Uses SSL/TLS, VPNs, or Tor networks to mask communication.
3. Social Media C2
Attackers embed commands in social media posts, which infected systems retrieve.
4. DNS Tunneling
Uses the Domain Name System (DNS) to exfiltrate data and send commands.
Challenges and Considerations
Encrypted C2 Traffic: Attackers use encryption to evade detection.
Rapid Infrastructure Changes: Malicious domains frequently change.
Detection Evasion Techniques: Advanced C2 frameworks mimic legitimate traffic.