N-NAC-BYPASS-MACDefense Evasion

NAC Bypass via MAC Spoof

Clone the MAC of an authenticated device (printer, IP phone, VoIP) — most 802.1x deployments allow MAC-Auth-Bypass for these.

§ Where this technique fits

N-NAC-BYPASS-MAC is catalogued under the Defense Evasion tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 3 on average.

§ Dossiers chaining this technique

802.1X NAC bypass via printer MAC spoof
Plug into the LAN, sniff a printer / IP-phone MAC, clone it on your laptop, get full LAN access via MAC-Auth-Bypass — bypass NAC entirely.
step 3 / 6

§ What commonly comes next

01
Valid Accounts
T1078 · Initial Access
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

802.1X NAC bypass via printer MAC spoof

§ What commonly comes next