← Back to hub

APT WMIC Enumeration: Multiple System Discovery Queries in Same Session

Detects WMIC usage for multiple system enumeration queries within the same user session, documented technique in APT campaigns for asset inventory prior to lateral movement. Differentiates legitimate admins from adversarial operators by query volume and type.

🔒

Premium Content

This query requires an active subscription to access the code.

Get Access