5 - House cleaning
After the completion of the penetration test, the vulnerable client's environment is composed of systems fake accounts, modified files, enumeration tools, exploits... So, the purpose of this phase is to ensure that there is no artefacts leftovers that a malicious attacker could exploit or that could lead to more risk than the organisation is willing to tolerate.
Some common cleanup tasks:
- Delete any new files you created on the systems.
- Restore modified files to their original state.
- Restore any software configuration to its original state.
- Restore active protection-system settings.
- Remove any accounts you created from the affected systems.
- Change any modified credentials to their original state.
- Remove any shells or backdoors from the affected systems.
- Remove any installed or uploaded tools you may have left on the systems.
- Purge any sensitive leaked data.