C2 stands for Command and Control Infrastructure, which is a set of tools and techniques that attackers use to maintain communication with compromised devices following initial exploitation. C2 is a critical component of many cyberattacks, allowing attackers to remotely control and manipulate compromised systems. The specific mechanisms of C2 vary greatly between attacks, but C2 generally consists of one or more covert communication channels between devices in a victim organization and a platform that the attacker controls. Attackers use these communication channels to deliver instructions to the compromised device to download additional malware, create botnets, or exfiltrate data. C2 comes in many different forms, and the MITRE ATT&CK framework lists 16 different command and control techniques, each with a number of sub-techniques that have been observed in past cyberattacks. The goal of C2 is to avoid being detected, and attackers may take actions to disguise their C&C callbacks, such as using encryption or unusual types of data encoding.