C3CM: the acronym for command- control- and communications countermeasures. Ripe for use in the information security realm- C3CM takes us past C2 analysis and to the next level. Initially- C3CM was most often intended to wreck the command and control of enemy air defense networks- a very specific military mission. We’ll apply that mindset in the context of combating bots and other evil. Our version of C3CM therefore is to identify- interrupt- and counter the command- control- and communications capabilities of our digital assailants. The three phases of C3CM will utilize: Nfsight with Nfdump- Nfsen- and fprobe to conduct our identification phase- Bro with Logstash and Kibana for the interruption phase- and ADHD for the counter phase.Converge these on one useful platform and you too might have a chance deter those who would do you harm. We’ll discuss each of these three phases (identify- interrupt- and counter) with tooling and tactics- complete with demonstrations and methodology attendees can put to use in their environments. Based on the three part ISSA Journal Toolsmith series: http://holisticinfosec.blogspot.com/search?q=c3cm&max-results=20&by-date=true.