Transmission Control Protocol (TCP) is one of the most common protocols that are used in networking. We can use it as a C2 covert channel because of its connection-oriented nature. As there are many TCP communications happening on the wire, the C2 covert channel used can blend in with other TCP communications. The biggest disadvantage of using TCP as the covert channel, however, is the persistent connection that is established. When checking for active connections on the system, the ESTABLISHED state that is displayed by the netstat command can reveal the communication between the C2 and the target server. This type of indicator can tell the blue teamer the subnet of the red team, the IP address of the C2 server(s), the port its connecting ...