RAT also can be detected as a Trojan , but I will be nice and will trust you.
Okay... First a RAT should not have any dependencies such as Dynamic Link Libraries. The reason if because if you try Control a Remote Machine and they do not have the correct DLL, it could be a problem.
So stick with native C++ rather than using QT and C++.net mostly because of small Dependency. Of course I am not sure if QT has any dependencies but just research into it a bit.
Then to bypass the local Firewall I suggest you open a port on controlling machine.
Most RAT's include a back-connect feature right? so I suggest you make a Code injection into network trusted processes such as explorer.exe \ iexplore.exe but make sure you jump code segment if injecting into a different architecture process.
Use NtCreateThreadEx or NtCreateThread as they allow injection into different sessions or even RtlCreatUserThread although it is undocumented there is couple documentation available on internet.
The reason I say use other functions instead of CreateRemoteThread is because CreateRemoteThread does not allow code injection into different sessions.
Make sure you unhook your process in case of any interruption by any Malware on system via exporting a new Ntdll.dll and User32.dll and Kernel32.dll by making a custom LoadLibrary() function.
Also try hook ntdll.KiSystemFastCall() and try deny access to process via redirecting the Extended Instruction pointer either by some type of stack breaking\overflow or by using Hotpatching technqiue. Then if your Process is wanted just deny it by returning 0. Or simply hook NtOpenProcess, NtTerminateProcess to deny access to the process.
As for the injection itself make a unique style injection rather than using standard injections because they tend to set the AV.
Thank you for this long and good answer, you are good person :),I Am beginner and I can't say anything about it, but I will search/study everything that you wrote in this massage.
Thank you man !!!!!!!!!!!!!!!!!!!!!!!!!!!!
God bless you :)!!!!!!!!!!