How can a malicious Ansible role, published to a public repo, be unknowingly installed by an administrator — and how quickly can that single mistake cascade into a full Active Directory takeover? In this live demo, Maciej Szymczak and Marek Rzepecki connect two traditionally separate domains: modern DevOps supply-chain risk and Windows offensive operations. First they show how supply-chain exposure and a single faulty command in CI/CD can open a foothold inside an internal network. In the second phase they demonstrate, in real time, how an attacker can coerce authentication from a domain controller and escalate that foothold into full control of Active Directory. The session highlights practical risks in automation pipelines, the human factor in deployment workflows, and concrete mitigation priorities for defenders — all delivered as a vivid, watch-and-learn demonstration. The slides will be published on Monday.