- AV Fingerprinting
- Replicates the victim environment to test our payloads
We should always disable any kind of cloud-based protection in the AV settings (potentially by outright disconnecting the VM from the internet) so that the AV doesn't upload our carefully crafted payloads to a server somewhere for analysis.
- On-Disk evasion
- In-Memory evasion