C2: Command and Control in Cybersecurity
C2 stands for Command and Control. Command and Control is the infrastructure and communication channel an attacker uses to send instructions to compromised systems and receive stolen data. C2 channels use protocols like HTTP, HTTPS, DNS, and custom encryption to blend with normal traffic and evade detection.
How C2 Is Used in Cybersecurity
SOC analysts hunt for C2 beaconing patterns in network traffic and DNS logs to detect compromised hosts. Incident responders identify and block C2 channels to cut off attacker access during active breaches. Penetration testers set up C2 frameworks like Cobalt Strike and Sliver to simulate real adversary operations.
Read the full glossary entry: Command and Control in Cybersecurity
Cybersecurity Roles That Work with C2
Related Cybersecurity Acronyms
Frequently Asked Questions
What does C2 stand for?
C2 stands for Command and Control. Command and Control is the infrastructure and communication channel an attacker uses to send instructions to compromised systems and receive stolen data. C2 channels use protocols like HTTP, HTTPS, DNS, and custom encryption to blend with normal traffic and evade detection.
What is C2 used for in cybersecurity?
SOC analysts hunt for C2 beaconing patterns in network traffic and DNS logs to detect compromised hosts. Incident responders identify and block C2 channels to cut off attacker access during active breaches. Penetration testers set up C2 frameworks like Cobalt Strike and Sliver to simulate real adversary operations.
Definitions are original explanations written for career development purposes. For authoritative technical definitions, refer to NIST, ISO, or the relevant standards body.
Get cybersecurity career insights delivered weekly
Join cybersecurity professionals receiving weekly intelligence on threats, job market trends, salary data, and career growth strategies.
Get Cybersecurity Career Intelligence
Weekly insights on threats, job trends, and career growth.
Unsubscribe anytime. More options