https://detection.fyi/tags/attack.t1556.004/ Recent content in attack.t1556.004 on Detection.FYI Hugo -- gohugo.io Tue, 28 Apr 2026 23:20:23 +0000 https://detection.fyi/sigmahq/sigma/network/cisco/aaa/cisco_cli_dot1x_disabled/ Tue, 28 Apr 2026 23:20:23 +0000 https://detection.fyi/sigmahq/sigma/network/cisco/aaa/cisco_cli_dot1x_disabled/ Detects the manual disablement of IEEE 802.1X (dot1x) on a Cisco network device interface. Disabling dot1x bypasses Network Access Control (NAC) mechanisms, potentially allowing unauthorized devices to gain access to the internal network. This activity is a common technique used by attackers or malicious insiders to establish persistence or perform lateral movement via rogue devices.