Threat actors seeking access to a remote machine face several challenges, from infiltration to exfiltration. Among these challenges is that of persistence: after compromising a remote machine, in the face of network monitoring, machine re-images, anti-virus scanners, etc., actors have to rely on increasingly sophisticated techniques to maintain control of compromised machines.
Anti-virus scanners are perphaps the most common challenge: all modern Windows machines now come with Windows Defender, and across the Windows ecosystem, the vast number of differing anti-virus solutions present additional challenges: first, the attacker must develop tools that can operate in dozens of different security environments, where each anti-virus configuration represents a new testing scenario. And second, an attacker must now keep track of updates to each of these environments, which may require a complex testing infrastructure that is vulnerable to information