CEH Practical Guide
  • Certified Ethical Hacker (CEH v12 and CEH V13) Practical Guide: Complete Study Resources & Tips
  • Module 2. Footprinting and Reconnaissance
    • 1. Footprinting through Search Engines
    • 2. Perform Footprinting Through Internet Research Services
    • 3. Footprinting through Social Networking sites
    • 4. Website Footprinting
    • 5. WHOIS Footprinting
    • 6. DNS Footprinting
    • 7. Network footprinting
    • 8. Email Footprinting
    • 9. Footprinting using footprinting tools
    • 10. Perform Footprinting using AI
  • Module 3. Scanning Networks
    • 1. Host Discovery
    • 2. Port and Service Discovery
    • 3. Perform OS Discovery
    • 4. Scan beyond Firewalls and IDS
    • 5. Network scanning using various tools
    • 6. Perform Network Scanning using AI
  • Module 4. Enumeration
    • 1. Netbios Enumeration (Port 137)
    • 2. SNMP Enumeration (Port 161,162)
    • 3. LDAP Enumeration (Port 389)
    • 4. NFS Enumeration
    • 5. DNS Enumeration
    • 6. SMTP Enumeration
    • 7. RPC, SMB and FTP Enumeration
    • 8. Enumeration using various tools
    • 9. Perform Enumeration using AI
  • Module 5. Vulnerability Assessment
    • 1. Perform Vulnerability Research with Vulnerability Scoring Systems and Databases
    • 2. Perform Vulnerability Assessment using Various Vulnerability Assessment Tools
    • 3. Perform Vulnerability Analysis using AI
  • Module 6. System Hacking
    • 1. Gain access to the system
    • 2. Privilege Escalation
    • 3. Maintain Remote Access and Hide Malicious Activities
    • 4. Clear Logs to hide the Evidence of Compromise
    • 5. Active Directory (AD) Attacks
  • Module 7. Malware Threats
    • 1. Gain access to systems with Trojans
    • 2. Infect the system using Virus
    • 3. Perform Static Malware Analysis
    • 4. Perform Dynamic Malware Analysis
  • Module 8. Sniffing
    • 1. Perform Active Sniffing
    • 2. Perform Network Sniffing using Various Sniffing Tools
    • 3. Detect Network Sniffing
  • Module 9. Social Engineering
    • 1. Perform Social Engineering using tools
    • 2. Detect a Phishing attack
    • 3. Audit Organization security for phishing attacks
    • 4. Social Engineering using AI
  • Module 10. Denial of Service
    • 1. Perform DOS and DDOS with various techniques
    • 2. Detect and Protect DOS and DDOS attacks
  • Module 11. Session Hijacking
    • 1. Perform Session Hijacking
    • 2. Detect Session Hijacking
  • Module 12. Evading IDS, antivirus and Honeypots
    • 1. Intrusion Detection using various tools
    • 2. Evade Firewall using Evasion Techniques
  • Module 13. Hacking Web Servers
    • 1. Footprint the Webserver
    • 2. Perform Webserver attacks
    • 3. Perform a Web Server Hacking using AI
  • Module 14. Hacking Web Applications
    • 1. Footprint the Web Infrastructure
    • 2. Perform Web applications Attacks
    • 3. Detect Web Vulnerabilities using using web application security tools
    • 4. Perform Web Application Hacking using AI
  • Module 15. SQL Injection
    • 1. Perform SQL Injection attacks
    • 2. Detect SQL Vulnerabilities using different tool
    • 3. Perform SQL Injection using AI
  • Module 16. Hacking Wireless Networks
    • 1. Footprint a wireless Network
    • 2. Perform Wireless Traffic Analysis
    • 3. Perform Wireless Attacks
  • Module 17. Hacking Mobile Platforms
    • 1. Hack Android Devices
    • 2. Secure Android Device
  • Module 18. IoT and OT Hacking
    • 1. Footprinting IoT and OT devices
    • 2. Capture and Analyze IoT traffic
    • 3. Perform IoT Attacks
  • Module 19. Cloud Computing
    • 1. Perform Reconnaissance on Azure
    • 2. S3 Bucket Enumeration
    • 3. Exploit S3 buckets
    • 4. Perform Privilege Escalation to Gain Higher Privileges
    • 5. Perform Vulnerability Assessment on Docker Images
  • Module 20. Cryptography
    • 1. Encrypt the Information using Various Cryptography Tools
    • 2. Create a self signed Certificate
    • 3. Perform Disk Encryption
    • 4. Cryptanalysis Using different tools
    • 5. Perform Cryptography using AI
  • Tips for exams
  • Additional Resources
Powered by GitBook
On this page
  • Clear Windows Machine Logs using Various Utilities
  • wevtutil
  • Cipher.exe
  • 2. Clear Linux Machine Logs using the BASH Shell
  • 3. View, Edit and clear Audit Policies using Auditpol
  • 4. Clear windows logs using different utilities
  • 5. Clear Linux logs using bash shell
  • 6. Hiding Artifacts in Windows and Linux
  • Windows
  • Linux
  • 7. Clear window logs using CCleaner

Was this helpful?

  1. Module 6. System Hacking

4. Clear Logs to hide the Evidence of Compromise

To remain undetected, the intruders need to erase all evidence of security compromise from the system.

Previous3. Maintain Remote Access and Hide Malicious ActivitiesNext5. Active Directory (AD) Attacks

Last updated 6 months ago

Was this helpful?

Clear Windows Machine Logs using Various Utilities

The system log file contains events that are logged by the OS components. These events are often predetermined by the OS itself. System log files may contain information about device changes, device drivers, system changes, events, operations, and other changes.

There are various Windows utilities that can be used to clear system logs such as Clear_Event_Viewer_Logs.bat, wevtutil, and Cipher. Here, we will use these utilities to clear the Windows machine logs.

Right-click Clear_Event_Viewer_Logs.bat and click Run as administrator.

A Command Prompt window appears, and the utility starts clearing the event logs, as shown in the screenshot. The command prompt will automatically close when finished.

Clear_Event_Viewer_Logs.bat is a utility that can be used to wipe out the logs of the target system. This utility can be run through command prompt or PowerShell, and it uses a BAT file to delete security, system, and application logs on the target system. You can use this utility to wipe out logs as one method of covering your tracks on the target system.

wevtutil

el | enum-logs lists event log names. Run wevtutil cl [log_name] command (here, we are clearing system logs) to clear a specific event log. cl | clear-log: clears a log, log_name is the name of the log to clear, and ex: is the system, application, and security.

Similarly, you can also clear application and security logs by issuing the same command with different log names (application, security).

Cipher.exe

In Command Prompt, run cipher /w:[Drive or Folder or File Location] command to overwrite deleted files in a specific drive, folder, or file. The Cipher.exe utility starts overwriting the deleted files, first, with all zeroes (0x00); second, with all 255s (0xFF); and finally, with random numbers, as shown in the screenshot.

Cipher.exe is an in-built Windows command-line tool that can be used to securely delete a chunk of data by overwriting it to prevent its possible recovery. This command also assists in encrypting and decrypting data in NTFS partitions.

When an attacker creates a malicious text file and encrypts it, at the time of the encryption process, a backup file is created. Therefore, in cases where the encryption process is interrupted, the backup file can be used to recover the data. After the completion of the encryption process, the backup file is deleted, but this deleted file can be recovered using data recovery software and can further be used by security personnel for investigation. To avoid data recovery and to cover their tracks, attackers use the Cipher.exe tool to overwrite the deleted files.

2. Clear Linux Machine Logs using the BASH Shell

The BASH or Bourne Again Shell is a sh-compatible shell that stores command history in a file called bash history. You can view the saved command history using the more ~/.bash_history command. This feature of BASH is a problem for hackers, as investigators could use the bash_history file to track the origin of an attack and learn the exact commands used by the intruder to compromise the system.

Open a Terminal window and run export HISTSIZE=0 command to disable the BASH shell from saving the history. In the Terminal window, run history -c command to clear the stored history.

This command is an effective alternative to the disabling history command; with history -c, you have the convenience of rewriting or reviewing the earlier used commands.

Similarly, you can also use the history -w command to delete the history of the current shell, leaving the command history of other shells unaffected. Run shred ~/.bash_history command to shred the history file, making its content unreadable.

shred ~/.bash_history && cat /dev/null > .bash_history && history -c && exit

This command first shreds the history file, then deletes it, and finally clears the evidence of using this command. After this command, you will exit from the terminal window.

3. View, Edit and clear Audit Policies using Auditpol

Auditpol.exe is the command-line utility tool to change the Audit Security settings at the category and sub-category levels. You can use Auditpol to enable or disable security auditing on local or remote systems and to adjust the audit criteria for different categories of security events. In real-time, the moment intruders gain administrative privileges, they disable auditing with the help of auditpol.exe. Once they complete their mission, they turn auditing back on by using the same tool (audit.exe).

See all audit policies

auditpol /get /category:*

To set an auditing policy

auditpol /set /category:"system","account logon" /success:enable /failure:enable

To clear all audit policies

auditpol /clear /y

4. Clear windows logs using different utilities

Bat Script

Download the script and run as administrator.

wevtutil el

list event logs

wevtutil el

To clear a single log

wevtutil cl system  \\system is the log name

To clear all logs

for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"

Cipher (Overwrite deleted files)

cipher /w:c:

5. Clear Linux logs using bash shell

Disable history keeping

export HISTSIZE=0

To clear bash history

history -c

clear history of existing shell only

history -w

shred the history without clearing

shred ~/.bash_history

to view history file

more ~/.bash_history

First shred history file and then clear it.

shred ~/.bash_history && cat /dev/null>.bash_history && history -c && exit

6. Hiding Artifacts in Windows and Linux

Windows

create a dir

mkdir test

Hide a folder in windows

attrib +h +r +s test

To unhide a folder in windows

attrib -s -h -r test

Hide user accounts in windows

net user test /add
net user test /active:yes
net user test /active:no      \\hides the account

Linux

Create a file with . to hide a file. Ti view the hidden files

ls -la

7. Clear window logs using CCleaner

Clear All Event Logs in Event Viewer in Windowstenforums
Download CCleaner | Clean, optimize & tune up your PC, free!ccleaner
Certified Ethical Hacker (CEHv12) Practical hands on LabsUdemy
CEH Practical Course
Logo
Logo
Logo