c2-hygienelisted

# C2 Hygiene > **Sandbox/lab-only and RoE-strict**: this skill describes architecture and hygiene discipline for C2 infrastructure in red-team engagement context. Specific beacon configurations, malleable-profile strings for named C2 frameworks, or EDR-bypass recipes do not live here — those belong in a closed engagement vault. The skill provides architectural patterns, OPSEC checklists, and a detection perspective, all verifiable in a lab. ## When to use C2 (Command and Control) is the operational backbone of every red-team engagement or APT simulation: how you talk to placed implants without getting caught, and how you make the traffic realistic enough that detection tuning has something to bite on. This skill provides the architecture and hygiene lens, not framework-specific setup. Triggers on: - A question like "how do I set up C2 redirectors", "is domain fronting still feasible in 2026", "what is a reasonable beacon jitter", "OPSEC review of our C2 stack", "how do we test detection against our C2". - Red-team engagement preparation where C2 infra needs to be designed or assessed. - A purple-team exercise where the defensive side wants to test detection against realistic beacons. - Defensive context: a SOC team wants to know which patterns to detect — this skill gives the offensive lens, `detection-engineer` provides the rule side. - Threat emulation against specific threat actors (CIS / MITRE Adversary Emulation Plans) — this skill provides the C2 layer; threat inte