One of the most evasive and hardest threats to detect are in memory frameworks using malleable command and control (C2) beacons to hide in benign traffic. They enable attackers to get in and remain invisible with hidden reconnaissance, discovery, C2, and data exploitation. For more than a decade, traditional security defenses using static signatures, IP address ranges, and URLs/domains have mostly failed to detect these evasive threats, plus being in memory on endpoints, these attacks can evade anti-virus and endpoint detection designed mainly to analyze file and disk activity for malware files. Original