SANSFIRE is right around the corner June 13-20 - Live Online, Register today!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right.Once you register, you can download the presentaion slides below.

Hacker Techniques: Covert Command and Control

  • Monday, September 17, 2018 at 1:00 PM EST (2018-09-17 17:00:00 UTC)
  • Derek Rook

You can now attend the webcast using your mobile device!



Being able to peak behind the curtain of an adversary's communications can break a case wide open, allowing for a more complete and confident response to an incident. We'll take a look at two covert command and control (C2, C&C, CnC) channels, and explore methods of detection.

Derek Rook is co-teaching, SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling, with John Strand at SANS Pen Test HackFest Summit & Training in Bethesda, MD in November 2018.

Speaker Bio

Derek Rook

Derek is an industry veteran with over 15 years of experience spanning system administration and engineering, web development, security engineering, and offensive security. In the office, he devotes his time to building and running an internal offensive security practice for a large data analytics company. Out of the office, he splits time between his family, video games, martial arts, and creating free educational security content online. A NetWars Tournament of Champions winner, he can often be found participating in whatever CTF competitions he can find. Derek holds several security certifications, including GCIA, GNFA, GCIH, GWAPT, and OSCP. @_r00k_

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.