Detecting Command and Control Over DNS When to Use - Investigating suspected DNS tunneling used for C2 communication or data exfiltration - Analyzing DNS query logs for signs of encoded payloads in subdomain strings - Classifying domains as DGA-generated vs. legitimate using statistical or ML methods - Detecting DNS beaconing patterns (regular intervals, consistent query sizes) - Hunting for Iodine, dnscat2, dns2tcp, Cobalt Strike DNS, or Sliver DNS traffic - Monitoring TXT record abuse for command delivery or staged payload download - Building DNS anomaly detection rules for SOC/SIEM deploym…