Netflow analysis is honestly an art. So many artifacts to pivot off of to create a trail of connections. Finding out who and what got compromised, C2 beacon connections, and if you're lucky enough you may find the C2 controller (which I did).

Tools I can't go without: Augury, Maxmind, @DomainTools , Censys
#SignalsIntelligence #ThreatHunting #NetflowAnalysis #CobaltStrike