🧹5 - House cleaning

Introduction

After the completion of the penetration test, the vulnerable client's environment is composed of systems fake accounts, modified files, enumeration tools, exploits... So, the purpose of this phase is to ensure that there is no artefacts leftovers that a malicious attacker could exploit or that could lead to more risk than the organisation is willing to tolerate.

Cleaning phase

Some common cleanup tasks:

• Delete any new files you created on the systems.

• Restore modified files to their original state.

• Restore any software configuration to its original state.

• Restore active protection-system settings.

• Remove any accounts you created from the affected systems.

• Change any modified credentials to their original state.

• Remove any shells or backdoors from the affected systems.

• Remove any installed or uploaded tools you may have left on the systems.

• Purge any sensitive leaked data.

References

• What should you do after your penetration testing report?

• Post-engagement cleanup

• Post-Engagement Cleanup Tasks