Use dedicated, compartmentalized infrastructure for each engagement - Register domains that appear legitimate (aged domains, appropriate naming) - Use redirectors to hide team infrastructure from blue team analysis - Implement traffic encryption and domain fronting where appropriate - Separate engag