Botnets have continuously evolved since their inception as a malicious entity. Attackers come up with new botnet designs that exploit the weaknesses in existing defense mechanisms and continue to evade detection. It is necessary to analyze the weaknesses of existing defense mechanisms to find out the lacunae in them. This research exposes a weakness found in an existing bot detection method (BDM) by implementing a specialized P2P botnet model and carrying out experiments on it. Weaknesses that are found and validated can be used to predict the development path of botnets, and as a result, detection and mitigation measures can be implemented in a proactive fashion. The main contribution of this work is to demonstrate the exploitation pattern of an inherent weakness in local-host alert correlation (LHAC) based methods and to assert that current LHAC implementations could allow pockets of cooperative bots to hide in an enterprise size network. This work suggests that additional monitoring capabilities must be added to current LHAC-based methods in order for them to remain a viable bot detection mechanism. This paper takes a forward-looking approach and presents a specific botnet development path based on a weakness evident in a successful BDM. This BDM will be defined as a local-host alert correlation (LHAC) based method. Further, this paper elaborates on the design and implementation of a different model for P2P botnet communication and describes the experiments conducted. The experiments demonstrate that the proposed botnet model can effectively hide from an LHAC-based BDM without having to rely on additional communication hiding tactics.It is often necessary to create a "proof-of-concept" that validates that a given vulnerability is exploitable. Therefore, this botnet model is tested against BotHunter [7]. BotHunter is a successful LHAC-based BDM. BotHunter is able to map a host's behavior to a malware infection life-cycle in order to flag compromised hosts as malware. The covert-botnet model tested in this work is able to circumvent BotHunter, and is implemented with this specific intent. The concept behind this model is extensible. Slight modifications to the covert-botnet framework would enable it to hide from any LHAC-based BDM that does not have the ability to account for all of a local host's network activity. Any botnet that is able to, somehow, circumvent the monitoring points employed by a BDM would be able to avoid detection in a similar manner.