Bad Habits: An ANTISOC Operation

**Executive summary:** A BHIS ANTISOC case study describes how a helpdesk technician's reuse of a single reset password enabled attackers to password-spray that credential across an Entra ID export, compromise more than 100 accounts (some without MFA), establish SSH-based C2 and persistence inside the internal network, and access a backup web portal that could allow destructive actions; the report outlines detection gaps, attacker techniques, and post-incident remediation steps taken by the victim.