Being able to peak behind the curtain of an adversary's communications can break a case wide open, allowing for a more complete and confident response to an incident. We'll take a look at two covert command and control (C2, C&C, CnC) channels, and explore methods of detection.
Derek Rook is co-teaching, SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling, with John Strand at SANS Pen Test HackFest Summit & Training in Bethesda, MD in November 2018.