1 article with this tag
C2 is the channel a compromised device uses to call back to an attacker's server (a beacon) to receive commands and exfiltrate data — the stage after a breach. The keys to spotting it are suspicious periodic outbound traffic and known-bad destinations. Defenses: egress filtering, DNS monitoring, IOC/IOA matching, least privilege. Confirming 'no resident C2' is a key part of breach investigation.