This conference talk explores the forensic artifacts left behind by common Active Directory penetration testing tools. Dive into how red team activities can be detected in AD environments, moving beyond simply compromising systems to understanding the telltale signs these tools create. Learn practical detection techniques that bridge the gap between offensive and defensive security perspectives. Presented by a diverse team of security professionals—Rachit Arora, Sai Sathvik Ruppa, and Aakash Raman—who bring combined expertise from both red and blue team backgrounds, including OSCP certifications. Gain valuable insights for defending Active Directory environments by understanding the attacker's toolset and the evidence they inadvertently leave behind.