Windows Living off the Land Multi-Tool Chain Detection

Detects chaining of multiple native Windows tools by the same user on the same host within a time window, a characteristic pattern of APT actors in the reconnaissance phase using LOTL techniques to evade security controls