N-DHCP-ROGUECredential Access

Rogue DHCP Server

Win the DHCP race with shorter lease times — set yourself as the gateway and DNS resolver for new clients.

§ Where this technique fits

N-DHCP-ROGUE is catalogued under the Credential Access tactic of the offensive-security kill-chain. It appears in 2 approved dossiers in the registry, typically at step 4 on average.

§ Dossiers chaining this technique

Rogue DHCP → DNS poisoning → MITM
Bring up a faster DHCP server on the segment; new clients get attacker as gateway + DNS — strip HTTPS, capture creds, inject payloads.
step 2 / 5
RFID badge clone → after-hours access
Brush-pass a target employee with a long-range RFID reader, capture their HID/iCLASS card data, clone to a blank — return after hours to badge into restricted floors.
step 6 / 6

§ What commonly comes next

01
mDNS / SSDP Poisoning
N-MDNS-POISON · Credential Access
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

Rogue DHCP → DNS poisoning → MITM

RFID badge clone → after-hours access

§ What commonly comes next