This chapter is all about playing with different C2 frameworks you could use as an attacker against your Linux targets. You will focus on different types of payloads and listeners, and various types of execution methods including sideloading, process injection/hiding, and C2 armoring to execute malicious code even in a more stealthy manner. The detection part comes in next as you will use PurpleLabs host and network visibility to learn more about different C2 behaviors, their TTPs, implant process structures, and configurations.