1 00:00:00,120 --> 00:00:02,570 Now let's quickly talk about cleanup. 2 00:00:02,610 --> 00:00:06,270 Cleanup is from a pen test perspective here. 3 00:00:06,300 --> 00:00:09,140 So we're going to tell you this from a pen test perspective. 4 00:00:09,150 --> 00:00:13,820 We'll talk about the hacker perspective after this but when you're cleaning up. 5 00:00:13,890 --> 00:00:16,340 These are things that are best practice to do. 6 00:00:16,380 --> 00:00:22,170 The overall goal of the cleanup is to make sure that you leave the network the same as it was when you 7 00:00:22,260 --> 00:00:22,870 entered it. 8 00:00:23,490 --> 00:00:30,540 OK so if you're adding any executable or any scripts or any files to a machine make sure you take all 9 00:00:30,540 --> 00:00:33,030 of those off delete all those files. 10 00:00:33,030 --> 00:00:39,420 If you were to add malware or root kits or you add a user account like we've talked about in persistence 11 00:00:40,290 --> 00:00:42,900 please remove all of those. 12 00:00:42,930 --> 00:00:48,240 And lastly make sure that you set your configurations back to the original configuration. 13 00:00:48,270 --> 00:00:54,180 So you might have to modify an application or you might have to modify the registry to get something 14 00:00:54,180 --> 00:00:55,230 to work. 15 00:00:55,230 --> 00:01:01,590 And if you do that please make sure you're setting your configurations back and this will allow you 16 00:01:01,590 --> 00:01:04,530 to leave the machine just the way you found it. 17 00:01:04,530 --> 00:01:11,550 Now to talk about really quick about what cleanup means from a more red team perspective or when they 18 00:01:11,550 --> 00:01:18,870 talk about it in a hacking term cleanup means to make it look like you were never there which is how 19 00:01:18,870 --> 00:01:19,920 this is as well. 20 00:01:20,160 --> 00:01:25,020 But it goes even deeper into eliminating yourself from log files. 21 00:01:25,020 --> 00:01:31,230 So when you log into a computer and you create a system event you want to go in and delete that so that 22 00:01:31,230 --> 00:01:34,840 you're harder to track or if you're creating any kind of log file at all. 23 00:01:34,980 --> 00:01:37,740 You want to go clear the logs so that you are harder to track. 24 00:01:37,740 --> 00:01:43,050 You want it to look like you were never there so that if somebody is going in and doing forensics or 25 00:01:43,050 --> 00:01:49,310 going in and just looking for your traces they're not going to be able to tell it all as a pen tester. 26 00:01:49,320 --> 00:01:51,030 We don't really worry about that. 27 00:01:51,030 --> 00:01:55,750 We just want to make sure that the client is back the way they were we left it. 28 00:01:55,770 --> 00:02:01,800 We do not want to leave malware on a computer or a user account or anything on there that somebody can 29 00:02:01,800 --> 00:02:06,410 later exploit because that's really bad on us and it's really bad for the client. 30 00:02:06,450 --> 00:02:08,040 So hopefully that makes sense. 31 00:02:08,040 --> 00:02:15,450 What cleanup is in what the the difference is between a pen tester and a potentially a black hat hacker 32 00:02:15,510 --> 00:02:16,650 or even a red team. 33 00:02:17,100 --> 00:02:20,100 So that is it for this section. 34 00:02:20,100 --> 00:02:25,530 Congratulations you made it all the way through networking we are like 20 hours into the course now. 35 00:02:25,530 --> 00:02:31,620 So you have been a persistent person an amazing amazing if you made it this far. 36 00:02:31,620 --> 00:02:35,010 So strap in we're in the homestretch. 37 00:02:35,010 --> 00:02:39,240 We're gonna go ahead and talk about some of the web app enumeration. 38 00:02:39,240 --> 00:02:43,920 We're going to revisit that and we're going to talk about the lost top 10 and some common exploits on 39 00:02:43,920 --> 00:02:45,510 the web application side. 40 00:02:45,510 --> 00:02:47,610 So I will see you over in the next section.