What is Command and Control (C2) in cybersecurity?
D2 ยท Threats ยท CompTIA Security+ SY0-701C2 (Command and Control) refers to the infrastructure โ servers, channels, protocols โ that attackers use to communicate with and remotely control compromised systems (bots, backdoors, implants) after gaining initial access.
C2 channels can use: HTTP/HTTPS (blends with normal traffic), DNS (covert channel via DNS queries), social media, encrypted messaging apps.
C2 framework examples: Cobalt Strike (legitimate red team tool, abused by attackers), Metasploit, Covenant, Sliver.
C2 channels can use: HTTP/HTTPS (blends with normal traffic), DNS (covert channel via DNS queries), social media, encrypted messaging apps.
C2 framework examples: Cobalt Strike (legitimate red team tool, abused by attackers), Metasploit, Covenant, Sliver.
C2 traffic often uses HTTPS to blend with normal web traffic and evade firewalls. DNS tunneling is a covert C2 method (data encoded in DNS queries/responses). Detection: behavioral analysis, DNS monitoring, SSL/TLS inspection, network flow analysis (unusual beaconing patterns).