Hunting for Beaconing with Frequency Analysis When to Use - When proactively searching for compromised endpoints calling back to C2 infrastructure - After threat intelligence reports indicate active C2 frameworks targeting your sector - When network logs show periodic outbound connections to unfamiliar destinations - During purple team exercises validating C2 detection capabilities - When investigating a potential breach and need to identify active C2 channels Prerequisites - Network proxy/firewall logs with timestamps and destination data (minimum 24 hours) - Zeek conn.log, dns.log, and ssl.…