APT Hands-on-Keyboard Multi-Tool Reconnaissance Sequence

Detects the execution of multiple native Windows discovery tools by the same user on the same host, a distinctive pattern of APT operators with interactive access identified in CrowdStrike IR investigations with Falcon Identity Threat Protection