Command and control is the communication channel an attacker uses to issue instructions to compromised systems and receive data or execution results from them.
What Is Command and Control?
After gaining access to a target, attackers often need a reliable way to manage implants, move laterally, run commands, or extract information. C2 infrastructure can use standard web traffic, cloud services, DNS, messaging platforms, or custom protocols to blend into normal operations.
Common C2 Goals
- Remote Execution: Running commands on compromised assets
- Tasking: Updating instructions and payloads over time
- Persistence Support: Maintaining operational control after initial compromise
- Data Movement: Preparing or enabling later exfiltration stages
Why It Matters
C2 detection is a critical defensive opportunity because attackers usually need repeatable communication after compromise. Identifying beaconing, suspicious outbound patterns, or covert channels can break an intrusion before objectives are completed.
How FourCore ATTACK Relates
FourCore ATTACK helps validate whether network and endpoint controls detect or interrupt simulated C2 behaviors during controlled adversary emulation exercises.