APT Hands-on-Keyboard Interactive Discovery Burst

Identifies APT operators with interactive access by detecting rapid successive execution of multiple native Windows reconnaissance tools by the same user on the same host within a short time window, typical pattern of manual post-exploitation phases