After compromising a system during a penetration testing engagement, all penetration work should be cleaned up, including extra files, system changes, and modified logs. The media sanitation methodology should be discussed with the client and the owner of the affected systems. What document guides media sanitation?
- NIST SP 800-88
- OWASP ZAP
- OSSTMM
- PCI DSS
Explanation & Hint: After a penetration testing engagement is complete, all the systems should be cleaned up. Logs should be suppressed, user accounts deleted, and any files that were created as well. A secure deletion method may be preferred. NIST Special Publication 800-88, Revision 1: “Guidelines for Media Sanitization,” guides media sanitation. This methodology should be discussed with the client and the owner of the affected systems. |