Back in 2022, I released TeamFiltration to help defenders test their Microsoft 365 security. In early 2025, Proofpoint and others reported that attackers had weaponized it in large-scale password-spraying campaigns, targeting over 80,000 Entra ID accounts worldwide. This talk dives into how my red-team tool was abused in the wild, why it became headline news across outlets like Proofpoint, The Hacker News, and SecurityWeek, and what the TeamFiltration saga reveals about the double-edged nature of open-source offensive tooling.