Active-Directory on it-learn.io | IT, Networking & Cybersecurity Bloghttps://blog.it-learn.io/tags/active-directory/Recent content in Active-Directory on it-learn.io | IT, Networking & Cybersecurity BlogHugoen-usWed, 15 Apr 2026 00:00:00 +0000Pass-the-Hash: Why Stealing the Hash Is Just as Good as the Passwordhttps://blog.it-learn.io/posts/2026-04-15-pass-the-hash-why-the-hash-is-as-good-as-the-password/Wed, 15 Apr 2026 00:00:00 +0000https://blog.it-learn.io/posts/2026-04-15-pass-the-hash-why-the-hash-is-as-good-as-the-password/<p>Pass-the-Hash (PtH) is arguably the most impactful lateral movement technique in Windows environments. It transforms credential access into network-wide compromise without requiring password cracking, works across the majority of enterprise network services, and has been a core component of some of the most destructive cyberattacks in history — including NotPetya and numerous ransomware operations. Understanding its mechanics is prerequisite to understanding why so many Active Directory environments remain vulnerable despite years of awareness.</p>Kerberoasting: Stealing Service Tickets to Crack Passwords Offlinehttps://blog.it-learn.io/posts/2026-04-14-kerberoasting-stealing-service-tickets-to-crack-passwords/Tue, 14 Apr 2026 00:00:00 +0000https://blog.it-learn.io/posts/2026-04-14-kerberoasting-stealing-service-tickets-to-crack-passwords/<p>Kerberoasting is one of the most reliably effective Active Directory attack techniques: it requires only a valid domain account, leaves minimal traces by default, and yields plaintext service account credentials that often grant significant lateral movement opportunities. Unlike many AD attacks that require elevated access or interaction with specific hosts, Kerberoasting operates entirely through legitimate Kerberos protocol requests — making it difficult to block without fundamentally changing service account management practices.</p>Cisco ISE Active Directory Integration: Complete Configuration Guidehttps://blog.it-learn.io/posts/2026-04-02-cisco-ise-active-directory-integration-complete-guide/Thu, 02 Apr 2026 00:00:00 +0000https://blog.it-learn.io/posts/2026-04-02-cisco-ise-active-directory-integration-complete-guide/<p>Cisco Identity Services Engine (ISE) is built around the concept of identity-aware policy — but ISE itself doesn&rsquo;t store your users. It needs to talk to your directory. For most enterprise environments, that directory is <strong>Active Directory</strong>. Getting the ISE-to-AD integration right is the foundation everything else sits on: 802.1X authentication, authorization policy, guest flows, posture assessment, and profiling all depend on it.</p> <p>This guide walks through the complete integration from scratch: prerequisites, joining ISE to AD, configuring the identity store, mapping AD groups into policy, and troubleshooting when things don&rsquo;t work.</p>