Threat actors are increasingly weaponizing legitimate software and known vulnerabilities to bypass endpoint detection and response (EDR) systems. Between December 2021 and December 2024, the abuse of legitimate Remote Access Tools (RATs) like NetSupport Manager and ConnectWise has surged, often delivered via phishing emails exploiting older Microsoft Office vulnerabilities to establish persistent, stealthy access.