Bypassing annoying network access controls
Certain NAC systems leverage a captive portal authentication system to validate a user's identify before granting access to the rest of the network.
If the captive portal doesn't have TLS protection we can consider MiTM attacks on other users.
https://github.com/s0lst1c3/silentbridge
Silentbridge is a toolkit for bypassing 802.1x-2010 and 802.1x-2004.
Resources:
https://luemmelsec.github.io/I-got-99-problems-but-my-NAC-aint-one/