diff --git a/README.md b/README.md
index 8a60aa9..8fc132a 100644
--- a/README.md
+++ b/README.md
@@ -17,8 +17,8 @@ Evasive shellcode loader for bypassing event-based injection detection, without
 - Drops a thread on that trampoline 
 
 ## And so
-- It's able to bypass Defender VM allocation alerting, and others. I'll explain the thinking behind each step in a blog post comming end of the week.
+- It's able to bypass Defender ATP VM allocation alerting, and others. I'll explain the thinking behind each step in a blog post comming end of the week.
+- Bypasses simple thread-centric scanners like `Get-InjectedThread`. Persisting within a process is another story, and this is up to the payload author. 
 - It is `sRDI`-compatible, but if your payload creates another local thread you will lose the benefit of thread start address in `ntdll`.
-- Bypasses simple thread-centric scanners like `Get-InjectedThread` 
 
 ![driploader](https://user-images.githubusercontent.com/32537788/116470458-bc5f4e00-a873-11eb-9fca-42e277f6a3eb.png)