We live in a security industry where the best mindset is to assume compromise. The hackers are already inside our network—but then what happens? In some cases, they might exfiltrate data or run post-exploitation with their C2 or “Command and Control” access.

In this session, we’ll explore artifacts from a real security incident where evidence of a hacker’s custom C2 framework was left behind. Watch as we pull back the curtain and highlight how this threat actor maintained their access and controlled their victims—and why understanding the offense can help you bolster your defense.