Having completed our attacks, our next step is to return to each exploited system to erase our tracks and clean up any mess we’ve left behind. Remnants of a Meterpreter shell or some other pieces of malware should be removed to avoid exposing the system further. For example, when we used the PUT command to compromise the Apache Tomcat instance, an attacker could use the exploit code left behind to compromise the system.

Sometimes, you will need to cover your tracks—for example, when testing the forensics analysis of a compromised system or an incident response program. In such cases, your goal is to thwart any forensics analysis or IDS. It’s often difficult to hide all your tracks, but you should be able to manipulate the system ...