Post-Attack Phase Flashcards
1
Q
Description (and details pertaining to restoring the system to it’s pretest state):
A
In this phase, the tester restores the system to the pretest state (the state the system was in prior to the penetration).
The tester then reports all flaws and vulnerabilities of the system that they’ve uncovered.
All activities and results must be thoroughly documented.
Leaving any previously installed malware, backdoors, etc. or not restoring damaged data/processes will very likely be recognized as an extreme breach of your contract, and so in doing so, you would be breaking the law.
Don’t get complacent, and be careful.
- Remove all files you’ve uploaded
- Clean the registry
- Reverse all altered privileges
- Remove all tools (spyware, rootkits, keyloggers, etc.)
- Restore network settings
- DOCUMENT EVERYTHING