It includes an enumeration of systems, hosts, processes; execution of varied commands to seek
out native user context and system configuration, host name, science addresses, active remote systems, and programs running on the target systems. 2. Use of Power Shell Power Shell may be utilized by a soul .as a tool for automating knowledge ex-filtration and launching any attacks. To spot the misuse of Power Shell within the network, security analysts will check the transcript logs of Power Shell or Windows Event logs. 3. Unspecified Proxy Activities Someone will produce and assemble multiple domains inform to a similar host, thus, permitting an opponent to change quickly between the domains to avoid detection. Security analysts will realize unspecified domains by checking knowledge feeds that are generated by those domains. 4. Use of Command- line Interface Once gaining access to the target system, an opposer will create use of a command-line interface to move with the target system, browse the files, browse file content, modify file content, produce new accounts, connect with the remote system, and transfer and install malicious code. Therefore Security analysts will determine the behavior of an opposer by checking the logs for method ID, processes having arbitrary letters and numbers, and malicious files downloaded from the web. 5. HTTP User Agent In the HTTP-based communication, the server identifies the connected HTTP consumer exploitation the user agent field. Opposer modifies the content of HTTP user agent field to speak with the compromise d system and to hold more attacks