# Stealth
This chapter is about staying stealthy and opsec safe. That means not getting caught by the blue team on engagements.
## General
These are some key things we must avoid
* Putting files on disk
* RDP in to boxes
* Trigger pop-ups on desktops
* Changing account passwords
* Locking out users
* Changing group membership of accounts
* Changing existing settings and files
* Changing GPOs permanently
* Messing up Kerberos tickets
* Triggering alerts from security products like AV
* Killing processes you don't own
* Any sort of DOS
* Leaving files and tools
* Not cleaning up
## Using DLLs
## Obfuscating mimikatz
Any sysadmin with half a brain can now write and something to stop most common ways of executing mimikatz. Since we don't want to get caught we could obfuscate Mimikatz numerous ways.
* Running to memory either through Powershell or through meterpreter (will probably get you caught)
* Changing some basic things that will be triggered by signature, see:
## Veil Pillage
Veil Pillage is a post exploitation tool and a part of the Veil framework intended for staying undetected through obfuscation.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://hunter2.gitbook.io/darthsidious/defense-evasion/stealth.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.