During the resource development phase of some operations, threat actors need to set up a central control point. This control point is often a CnC server that manages and orchestrates the actions of an army of remote hosts or bots. Some CnC servers will integrate the functionality of malicious download servers. Other servers provide scanning and compromise functionality used to stage payloads onto discovered vulnerable systems during the initial access phase. To avoid detection of their critical CnC servers, threat actors may leverage application layer protocols, data encoding or data obfuscation techniques for communications. Other times, threat actors may leverage techniques such as ingress tool transfer or other web services to transfer data to and from a compromised system.