Clearing tracks and trails
A penetration test consists of a sequence of complex tasks executed against the target. The execution of these tasks impacts the target system in many ways. Several configuration files may get modified, a lot of audit records may get recorded in log files, and there might be changes in the registry in the case of Windows systems. All these changes may help the investigators or blue team members to trace back the attack vector.
After completing a penetration test, it would be good to clear all the residual files that were used during the compromise. However, this needs to be in agreement with the blue team. Another intent behind clearing out all the tracks could be testing the post-incident response methods of an organization. However, the real-world attackers would simply use this to cover their tracks and stay undetected.
Metasploit has certain capabilities that help with clearing tracks. First, we need to exploit a vulnerability and give Meterpreter access to...