This chapter covers

• Killing active shell connections
• Removing unnecessary user accounts
• Deleting miscellaneous files
• Reversing configuration changes
• Closing backdoors

You’ve completed the first three phases of your internal network penetration test (INPT)! Before moving on to the writing your deliverable, I want to cover some post-engagement cleanup etiquette. You’ve spent the last week or two bombarding your client’s network with attacks and compromising countless systems on their domain. This was not a stealthy red team engagement, so you’ve no doubt left lots of traces in your wake—traces such as user accounts, backdoors, binary files, and changes to system configurations. Leaving the network in this state may ...