Many organizations are employing technology to help lessen the burden on helpdesk personnel. In some cases, that technology is the attack vector that enables advanced actors to gain a foothold in a network. In other cases, actors are installing the technology to enable command and control. In both cases, the organization is generally unaware as an actor is running rampant in their network. This talk will dive into firsthand tactics from an advanced actor as they took advantage of helpdesk and IT software on their way to owning the domain and critical assets within a few hours of gaining initial access. We will also highlight actionable detection mechanisms that an organization can employ to reduce the chances of them being the next victim.