Command and Control

A Backdoor is a hidden access mechanism that allows attackers to bypass standard authentication and security controls. This SECMONS glossary entry explains how backdoors are installed, how they differ from web shells, and why they are critical in post-compromise persistence.

A Botnet is a network of compromised devices remotely controlled by an attacker for coordinated malicious activity. This SECMONS glossary entry explains how botnets operate, how they are built, and how they are used in DDoS attacks, spam campaigns, and ransomware distribution.

Command and Control (C2) refers to the infrastructure and communication mechanisms attackers use to remotely manage compromised systems. This SECMONS glossary entry explains how C2 works, common techniques, and how defenders detect and disrupt malicious control channels.

A Loader or Dropper is a malware component designed to install or execute additional malicious payloads on a compromised system. This SECMONS glossary entry explains how loaders and droppers function, how they differ, and why they are central to modern malware campaigns.

A Remote Access Trojan (RAT) is malware that provides attackers with covert remote control over compromised systems. This SECMONS glossary entry explains how RATs operate, how they are deployed, and why they are central to espionage, credential theft, and long-term persistence.

Threat actors exploited a zero-day vulnerability in Cisco IOS XE web management interfaces, compromising enterprise network infrastructure worldwide.

A Domain Generation Algorithm (DGA) is a malware technique that programmatically generates large numbers of domain names used to locate command-and-control infrastructure, making attacker communications resilient against domain blocking or takedowns.

Beaconing is a network communication pattern used by malware and attackers where compromised systems periodically connect to command-and-control infrastructure to receive instructions or transmit data.

DNS Tunneling is a technique that abuses the Domain Name System protocol to covertly transmit data between a compromised system and attacker infrastructure, often bypassing network security controls.

Technical explanation of command and control infrastructure, an attack technique used by threat actors to communicate with compromised systems and coordinate malicious operations.