Explore an in-depth conference talk on designing security descriptor-based backdoors in Active Directory environments. Delve into the intricacies of Access Control Entries (ACEs), security descriptors, and their potential for creating stealthy persistence mechanisms. Learn about offensive research techniques, prior work in Active Directory backdoors, and the inner workings of the Security Reference Monitor. Gain insights into controlling user objects, domain objects, and Group Policy Objects (GPOs) through BloodHound analysis. Discover stealth primitives for hiding malicious objects and examine real-world case studies. Understand the implications of AdminSDHolder, Exchange Server vulnerabilities, and the Exchange Trusted Subsystem in creating and maintaining backdoors. Presented by Will Schroeder and Andy Robbins at TROOPERS18, this talk provides valuable knowledge for both offensive and defensive security professionals working with Active Directory infrastructures.