How would you conduct a threat hunt focused on network traffic to identify potential command and control communication? What patterns and anomalies would you look for?

Sample answer preview

Hunting for command and control communication in network traffic requires looking beyond individual connections and analyzing traffic patterns over time. C2 channels are designed to blend in with normal traffic, so detection depends on identifying subtle anomalies that automated…