4.3 Reporting & communications: Post-Report Activities Flashcards

1
Q

What is the purpose of Post-Report Activities?

A

This ensures no artifacts or evidence were left on the target system, which include:
▪ Delete files
▪ Remove accounts
▪ Uninstall tools
▪ Restore configurations
▪ Restore log files
▪ Purge sensitive details

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How to ensure that shells and tools are properly cleaned up in Windows and Linux?

A

Keep detailed notes of everything that was installed and every system that was exploited:
▪ Linux: Crontab, Startup script
▪ Windows: Startup, Registry key, Advanced techniques, Task scheduler

Some tools may have been loaded into memory when fileless malware was used

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How to ensure the test credentials are properly deleted?

A

Check:
o Local Accounts
o Domain Accounts
o Web Application Accounts
o Delete all accounts used on different systems
o Delete all created domain accounts in Active Directory
o Some web application accounts require manual deletion in the user account database
o Delete all created accounts used for an engagement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How to ensure test data are destroyed on both Windows and Linux (5)?

A

Check:
o Systems
o Attacking Machines
o Internal Shared Drives
o Linux: Data Shredding = The process of securely destroying the data by overwriting storage with new data or a series of random ones and zeroes
o Windows: Install third-party tools
and save to an external hard drive
o Ensure all collected data has been properly destroyed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the lessons learned for at the end of an audit?

A

An analysis of the events that could provide insights into how to improve penetration testing process in the future

How well did you know this?
1
Not at all
2
3
4
5
Perfectly