On of my favorite TTPs is "to be part of the ecosystem". That is the key to crown jewel! :)
https://attack.mitre.org/techniques/T1557/003/
Adversaries may redirect network traffic to adversary-owned systems by spoofing Dynamic Host Configuration Protocol (DHCP) traffic and acting as a malicious DHCP server on the victim network. By achieving the adversary-in-the-middle (AiTM) position, adversaries may collect network communications, including passed credentials, especially those sent over insecure, unencrypted protocols.
Wanted to know more, please support or become a member at https://www.buymeacoffee.com/maheradib/membership