Analyzing Command-and-Control Communication When to Use - Reverse engineering a malware sample has revealed network communication that needs protocol analysis - Building network-level detection signatures for a specific C2 framework (Cobalt Strike, Metasploit, Sliver) - Mapping C2 infrastructure including primary servers, fallback domains, and dead drops - Analyzing encrypted or encoded C2 traffic to understand the command set and data format - Attributing malware to a threat actor based on C2 infrastructure patterns and tooling Do not use for general network anomaly detection; this is specif…