Network Configuration Enumeration Via WMIC NicConfig

Rule Info

Name
Network Configuration Enumeration Via WMIC NicConfig
Author
Swachchhanda Shrawan Poudel, Christian Burkard
Description
Detects enumeration of network interface configuration via WMIC using the "nicconfig" or "nic" aliases. Attackers commonly query NIC configuration during post-exploitation reconnaissance to discover IP addresses, MAC addresses, default gateways, and DNS servers — information used to map the network and pivot to additional targets.
Date
2026-07-01 00:00:00
Modified
None
Id
3f7a2c91-0d4e-4b8f-a6c3-1e9d5b72f084
Tags
attack.discovery attack.t1016
Type
Nextron Sigma feed only (private)

Rule History