Your Active Directory (AD) may present an enormous risk to your organisation. AD - the primary identity source of authentication and authorisation for most organisations - is a favourite target of threat actors due to its age, accumulated vulnerabilities, and ability to provide access to critical data and control the environment. Over 90% of attacks involve this service, yet its protection and remediation hasn't kept up with the changing threat landscape. And if AD goes down, business operations come to a halt. Despite this risk, most organisations have not stress-tested a cyber-focused AD recovery . This session explores the critical importance of AD to modern security and the risks it presents today, practical guidance on securing this cornerstone of hybrid identity and the overlooked difficulty of manually recovering AD after an attack, as well as how to quickly recover AD even if it is infected or wiped and how an isolated, recovered AD can be used against the threat actors during an attack.