Most people have certainly already heard about Log4J. However, the coverage of the Active Directory vulnerability called NoPac was not strong, although the impact was comparably far-reaching. This talk will demonstrate how two vulnerabilities were enough for attackers and ransomware groups to become domain administrators and take over entire corporate networks in under 10 minutes. The technical aspects behind the vulnerabilities will be discussed and then a live demo will show how easy it is for attackers to exploit these vulnerabilities.