Ethical hacking has more to do with enterprise network environments, web applications, applications in general, etc. So social media hacking is more of a black hat thing, as mentioned some ethical hacking jobs will require getting credentials but not necessarily from social media or hack into someone’s facebook, that’s is most of time out of the scope.
Yeah, changing settings directly in veil can help, let me tell you that just being detected by 9 AVs is a good number, but as you have seen Zaid modified some values in the script or in the executable (using a hexeditor) this will be more efficient while trying to bypass AVs but require more knowledge in order to avoid screwing up the code, but you’ll learn by trying things out and srewing it up haha. Also there were some recent attacks by some APTs that used undetectable backddors created with Golang and some other technologies, but the main ponit here is those hackers managed to create undetectable backdoors by coding them from the ground, that’s the best solution but it requires a very advanced coding knowledge and obfuscation techniques, so you can do it as well, it will just require time, patience and lot of reading.
Also your cousin might just guess your password, I mean both of you know well each other so it might not be difficult to guess passwords.