diff --git a/monkey/infection_monkey/config.py b/monkey/infection_monkey/config.py
index 723806388..65015b76c 100644
--- a/monkey/infection_monkey/config.py
+++ b/monkey/infection_monkey/config.py
@@ -20,7 +20,6 @@ class Configuration(object):
         # now we won't work at <2.7 for sure
         network_import = importlib.import_module('infection_monkey.network')
         exploit_import = importlib.import_module('infection_monkey.exploit')
-        post_breach_import = importlib.import_module('infection_monkey.post_breach')
 
         unknown_items = []
         for key, value in formatted_data.items():
@@ -37,9 +36,6 @@ class Configuration(object):
             elif key == 'exploiter_classes':
                 class_objects = [getattr(exploit_import, val) for val in value]
                 setattr(self, key, class_objects)
-            elif key == 'post_breach_actions':
-                class_objects = [getattr(post_breach_import, val) for val in value]
-                setattr(self, key, class_objects)
             else:
                 if hasattr(self, key):
                     setattr(self, key, value)
@@ -270,7 +266,7 @@ class Configuration(object):
 
     extract_azure_creds = True
 
-    post_breach_actions = []
+    post_breach_actions = {}
 
 
 WormConfiguration = Configuration()
diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py
index 4089a1c07..8055742a5 100644
--- a/monkey/infection_monkey/monkey.py
+++ b/monkey/infection_monkey/monkey.py
@@ -16,6 +16,7 @@ from infection_monkey.network.network_scanner import NetworkScanner
 from infection_monkey.system_info import SystemInfoCollector
 from infection_monkey.system_singleton import SystemSingleton
 from infection_monkey.windows_upgrader import WindowsUpgrader
+from infection_monkey.post_breach.post_breach import PostBreach
 
 __author__ = 'itamar'
 
@@ -112,6 +113,10 @@ class InfectionMonkey(object):
             system_info = system_info_collector.get_info()
             ControlClient.send_telemetry("system_info_collection", system_info)
 
+        pb = PostBreach()
+        output = pb.execute()
+        ControlClient.send_telemetry("post_breach", {'output': output})
+
         for action_class in WormConfiguration.post_breach_actions:
             action = action_class()
             action.act()
diff --git a/monkey/infection_monkey/post_breach/post_breach.py b/monkey/infection_monkey/post_breach/post_breach.py
index 24274582a..12577fe25 100644
--- a/monkey/infection_monkey/post_breach/post_breach.py
+++ b/monkey/infection_monkey/post_breach/post_breach.py
@@ -1,7 +1,7 @@
 import logging
 import infection_monkey.config
 import subprocess
-from abc import abstractmethod
+import platform
 
 LOG = logging.getLogger(__name__)
 
@@ -10,25 +10,25 @@ __author__ = 'VakarisZ'
 
 # Class that handles post breach action execution
 class PostBreach(object):
-    def __init__(self, host, pba_list):
-        self._config = infection_monkey.config.WormConfiguration
-        self.pba_list = pba_list
-        self.host = host
+    def __init__(self):
+        self.pba_list = PostBreach.config_to_pba_list(infection_monkey.config.WormConfiguration)
 
     def execute(self):
         for pba in self.pba_list:
-            if self.host.is_linux():
-                pba.execute_linux()
+            if platform.system() == 'Windows':
+                return pba.execute_win()
             else:
-                pba.execute_win()
+                return pba.execute_linux()
 
     @staticmethod
-    @abstractmethod
     def config_to_pba_list(config):
         """
         Should return a list of PBA's generated from config
         """
-        raise NotImplementedError()
+        pba_list = []
+        if config.post_breach_actions["linux"] or config.post_breach_actions["windows"]:
+            pba_list.append(PBA(config.post_breach_actions["linux"], config.post_breach_actions["windows"]))
+        return pba_list
 
 
 # Post Breach Action container
@@ -38,8 +38,8 @@ class PBA(object):
         self.windows_command = windows_command
 
     def execute_linux(self):
-        return subprocess.check_output(self.linux_command, shell=True)
+        return subprocess.check_output(self.linux_command, shell=True) if self.linux_command else False
 
     def execute_win(self):
-        return subprocess.check_output(self.windows_command, shell=True)
+        return subprocess.check_output(self.windows_command, shell=True) if self.windows_command else False
 
diff --git a/monkey/monkey_island/cc/resources/telemetry.py b/monkey/monkey_island/cc/resources/telemetry.py
index 57148aa0f..12e11ca9d 100644
--- a/monkey/monkey_island/cc/resources/telemetry.py
+++ b/monkey/monkey_island/cc/resources/telemetry.py
@@ -257,6 +257,13 @@ class Telemetry(flask_restful.Resource):
                 if len(credential) > 0:
                     attempts[i][field] = encryptor.enc(credential.encode('utf-8'))
 
+    @staticmethod
+    def process_post_breach_telemetry(telemetry_json):
+        if telemetry_json['output']:
+            node = NodeService.get_or_create_node(telemetry_json['ip'], telemetry_json['domain_name'])
+
+
+        pass
 
 TELEM_PROCESS_DICT = \
     {
@@ -265,5 +272,6 @@ TELEM_PROCESS_DICT = \
         'exploit': Telemetry.process_exploit_telemetry,
         'scan': Telemetry.process_scan_telemetry,
         'system_info_collection': Telemetry.process_system_info_telemetry,
-        'trace': Telemetry.process_trace_telemetry
+        'trace': Telemetry.process_trace_telemetry,
+        'post_breach': Telemetry.process_post_breach_telemetry
     }
diff --git a/monkey/monkey_island/cc/services/config_schema.py b/monkey/monkey_island/cc/services/config_schema.py
index e0c286065..ff27cf101 100644
--- a/monkey/monkey_island/cc/services/config_schema.py
+++ b/monkey/monkey_island/cc/services/config_schema.py
@@ -94,19 +94,6 @@ SCHEMA = {
                 }
             ]
         },
-        "post_breach_acts": {
-            "title": "Post breach actions",
-            "type": "string",
-            "anyOf": [
-                {
-                    "type": "string",
-                    "enum": [
-                        "BackdoorUser"
-                    ],
-                    "title": "Back door user",
-                },
-            ],
-        },
         "finger_classes": {
             "title": "Fingerprint class",
             "type": "string",
@@ -295,7 +282,13 @@ SCHEMA = {
                             "type": "boolean",
                             "default": True,
                             "description": "Is the monkey alive"
-                        },
+                        }
+                    }
+                },
+                "behaviour": {
+                    "title": "Behaviour",
+                    "type": "object",
+                    "properties": {
                         "post_breach_actions": {
                             "title": "Post breach actions",
                             "type": "object",
@@ -315,12 +308,6 @@ SCHEMA = {
                             ],
                             "description": "List of actions the Monkey will run post breach"
                         },
-                    }
-                },
-                "behaviour": {
-                    "title": "Behaviour",
-                    "type": "object",
-                    "properties": {
                         "self_delete_in_cleanup": {
                             "title": "Self delete on cleanup",
                             "type": "boolean",
diff --git a/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js b/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js
index e154ba330..05e29fde0 100644
--- a/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js
+++ b/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js
@@ -153,7 +153,7 @@ class ConfigurePageComponent extends AuthComponent {
   render() {
     let displayedSchema = {};
     const uiSchema = {
-      general: {
+      behaviour: {
         post_breach_actions: {
           linux: {
             "ui:widget": "textarea"