analyzing-command-and-control-communication
Installation
SKILL.md
Analyzing Command-and-Control Communication
When to Use
- Reverse engineering a malware sample has revealed network communication that needs protocol analysis
- Building network-level detection signatures for a specific C2 framework (Cobalt Strike, Metasploit, Sliver)
- Mapping C2 infrastructure including primary servers, fallback domains, and dead drops
- Analyzing encrypted or encoded C2 traffic to understand the command set and data format
- Attributing malware to a threat actor based on C2 infrastructure patterns and tooling
Do not use for general network anomaly detection; this is specifically for understanding known or suspected C2 protocols from malware analysis.