Windows Post Exploitation - Covering Your Tracks

My last link dump contained materials covering Windows Privilege Escalation. A logical next step would be to hide the evidence that you were on the system in an effort to slow Blue Team detection (if scope allows). 

CMD

• CMD - https://www.penflip.com/pwnwiki/pwnwiki/blob/master/covering-tracks-windows.txt
• Enable Disable Event Logs - https://www.windows-commandline.com/enable-disable-event-log-service/
• PowerShell Remove-EventLog - https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/remove-eventlog?view=powershell-5.1
• PowerShell Clear-EventLog - https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/clear-eventlog?view=powershell-5.1
• cipher.exe - http://techgenix.com/Using-cipherexe/

Tutorials

• Null-Byte Cover Your Tracks & Leave No Trace - https://null-byte.wonderhowto.com/how-to/hack-like-pro-cover-your-tracks-leave-no-trace-behind-target-system-0148123/
• InfoSec Institute Pentesting Covering Tracks - http://resources.infosecinstitute.com/penetration-testing-covering-tracks/
• InfoSec Institute Ant-Forensics Pt1 - http://resources.infosecinstitute.com/anti-forensics-part-1/
• Hacker's Guide for Anti-Forensics - https://www.hackingloops.com/how-to-remove-traces-make-your-computer-untraceable/
• Two Data Hiding Techniques - http://windowsitpro.com/windows/two-data-hiding-techniques
• NTFS Streams - http://www.powertheshell.com/ntfsstreams/

Tools

• clearlogs.exe - http://ntsecurity.nu/toolbox/clearlogs/
• winzapper - http://ntsecurity.nu/toolbox/winzapper/
• snow.exe - http://www.darkside.com.au/snow/
• MP3stego - http://www.petitcolas.net/steganography/mp3stego/
• Steganography Tools - https://en.wikipedia.org/wiki/Steganography_tools
• OpenPuff - https://en.wikipedia.org/wiki/OpenPuff