Rule Info
Name
Network Configuration Enumeration Via WMIC NicConfig
Author
Swachchhanda Shrawan Poudel, Christian Burkard
Description
Detects enumeration of network interface configuration via WMIC using the "nicconfig" or "nic"
aliases. Attackers commonly query NIC configuration during post-exploitation reconnaissance to
discover IP addresses, MAC addresses, default gateways, and DNS servers — information used to
map the network and pivot to additional targets.
Date
2026-07-01 00:00:00
Modified
None
Id
3f7a2c91-0d4e-4b8f-a6c3-1e9d5b72f084
Tags
attack.discovery attack.t1016
Type
Nextron Sigma feed only (private)
