System Network Configuration Discovery (T1016)

Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp, ipconfig/ifconfig, nbtstat, and route. Adversaries may also leverage a Network Device CLI on network devices to gather information about configurations and settings, such as IP addresses of configured interfaces and static/dynamic routes.(Citation: US-CERT-TA18-106A)(Citation: Mandiant APT41 Global Intrusion ) Adversaries may use the information from System Network Configuration Discovery during automated discovery to shape follow-on behaviors, including determining certain access within the target network and what actions to do next.

Related Prelude attack chains
Release Date (Newest)
Search for chains, TTPs, themes, and text

Browse By:


  • All
  • Windows
  • Darwin
  • Linux
  • Global
  • Android




APT40 educational institutions


Perform process injection and native API execution techniques.
Vulnerable Certificates


Ingress, load, and run Certify to find vulnerable certificates.