From The Hunter Diaries - Detecting C2 Servers
Command and Control servers, AKA C2 servers, are servers operated by threat actors and are used for maintaining communications with compromised systems within a target network. With the recent rise in double extortion ransomware campaigns, attackers are also sending exfiltrated data to C2 servers.
Needless to say, one of our most important tasks of a threat hunter is to identify potential C2 servers which are communicated to from within a corpor...