Evasion isn't about being invisible. It is about looking boring . A mature SOC team ignores 99% of traffic because it looks like normal business. Your job as a security professional (on either side of the fence) is to make the abnormal look normal.
Traditional ethical hacking focuses on packets: SYN scans, ICMP echo requests, and HTTP payloads. Firewalls and IDS are adept at catching these. However, LinkedIn traffic rides on TLS 1.3 over port 443. To a firewall, a connection to linkedin.com looks identical to a connection to evil-c2[.]com —provided you use HTTPS. Evasion isn't about being invisible
Let’s be honest. The days of firing up nmap with a default -sS flag and walking into an internal network are over. ICMP echo requests