Re: It had to happen
PS using stuff like Reddit or Google docs or Google calendar or facebook or even posted in slack (or IRC!) is all C2 methods I've seen for years and years....
The bad guys will do anything to try and hide their comms, which is why ETDR is a much better way of combatting them than trying to use network tools - and I say that as a network person as much as a security one.
