1.

Internal reconnaissance mission

It includes an enumeration of systems, hosts, processes; execution of varied commands to seek

out native user context and system configuration, host name, science addresses, active remote
systems, and programs running on the target systems.
2. Use of Power Shell
Power Shell may be utilized by a soul .as a tool for automating knowledge ex-filtration and
launching any attacks. To spot the misuse of Power Shell within the network, security analysts
will check the transcript logs of Power Shell or Windows Event logs.
3. Unspecified Proxy Activities
Someone will produce and assemble multiple domains inform to a similar host, thus, permitting
an opponent to change quickly between the domains to avoid detection. Security analysts will
realize unspecified domains by checking knowledge feeds that are generated by those domains.
4. Use of Command- line Interface
Once gaining access to the target system, an opposer will create use of a command-line interface
to move with the target system, browse the files, browse file content, modify file content,
produce new accounts, connect with the remote system, and transfer and install malicious code.
Therefore Security analysts will determine the behavior of an opposer by checking the logs for
method ID, processes having arbitrary letters and numbers, and malicious files downloaded from
the web.
5. HTTP User Agent
In the HTTP-based communication, the server identifies the connected HTTP consumer
exploitation the user agent field. Opposer modifies the content of HTTP user agent field to speak
with the compromise d system and to hold more attacks