detecting-command-and-control-over-dns

SUSPICIOUS from a policy/risk standpoint because it is a high-capability cybersecurity detection skill, but not malicious. Its capabilities, data access, and outputs are internally consistent with DNS C2 detection, with low install-trust and credential risk and no evident credential harvesting or covert exfiltration.