<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>Alan David Foster &#8211; Noise</title>
	<atom:link href="https://noise.getoto.net/author/alan-david-foster/feed/" rel="self" type="application/rss+xml" />
	<link>https://noise.getoto.net</link>
	<description>The collective thoughts of the interwebz</description>
	<lastBuildDate>Fri, 21 Nov 2025 20:52:25 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.8.2</generator>
	<item>
		<title>Metasploit Wrap-Up 11/21/2025</title>
		<link>https://noise.getoto.net/2025/11/21/metasploit-wrap-up-11-21-2025/</link>
		
		<dc:creator><![CDATA[Alan David Foster]]></dc:creator>
		<pubDate>Fri, 21 Nov 2025 20:52:25 +0000</pubDate>
				<category><![CDATA[Metasploit]]></category>
		<category><![CDATA[Metasploit Weekly Wrapup]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=a7f9a51c7529d9515f1a73e672868c4b</guid>

					<description><![CDATA[CVE-2025-64446 - Fortinet’s FortiWeb exploitationA critical vulnerability in Fortinet’s FortiWeb Web Application Firewall, now assigned CVE-2025-64446 (CVSS 9.1), allows unauthenticated attackers to gain full administrator access to the FortiWeb Manage...]]></description>
		
		
		<enclosure url="https://images.contentstack.io/v3/assets/blte4f029e766e6b253/blt7464fe659cab8a01/6852c358419e54d8e21c3458/blog-metasploit-wrap-up-.webp" length="0" type="" />

			</item>
		<item>
		<title>Metasploit Wrap-up 06/06/25</title>
		<link>https://noise.getoto.net/2025/06/07/metasploit-wrap-up-06-06-25/</link>
		
		<dc:creator><![CDATA[Alan David Foster]]></dc:creator>
		<pubDate>Fri, 06 Jun 2025 22:42:54 +0000</pubDate>
				<category><![CDATA[Metasploit]]></category>
		<category><![CDATA[Metasploit Weekly Wrapup]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=8ca0e7d41edf7ded7cd0030b420ad7db</guid>

					<description><![CDATA[This release adds targeting ThinManager vulnerabilities (CVE-2023-27855, CVE-2023-2917, CVE-2023-27856), a udev persistence module for Linux, an Ivanti EPMM authentication bypass and remote code execution module (CVE-2025-4427, CVE-2025-4428), PHP payload adapters, and more]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2025/06/metasploit-blg-3-copy-2.png" length="0" type="" />

			</item>
		<item>
		<title>Metasploit Weekly Wrap-Up 12/20/2024</title>
		<link>https://noise.getoto.net/2024/12/20/metasploit-weekly-wrap-up-12-20-2024/</link>
		
		<dc:creator><![CDATA[Alan David Foster]]></dc:creator>
		<pubDate>Fri, 20 Dec 2024 19:19:37 +0000</pubDate>
				<category><![CDATA[Metasploit]]></category>
		<category><![CDATA[Metasploit Weekly Wrapup]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=5dd0b158d8a63a7c0b96d417fe203608</guid>

					<description><![CDATA[<!--kg-card-begin: markdown--><h2>New module content (4)</h2>
<h3>GameOver(lay) Privilege Escalation and Container Escape</h3>
<p>Authors: bwatters-r7, g1vi, gardnerapp, and h00die<br>
Type: Exploit<br>
Pull request: <a href="https://github.com/rapid7/metasploit-framework/pull/19460">#19460</a> contributed by <a href="https://github.com/gardnerapp">gardnerapp</a><br>
Path: <code>linux/local/gameoverlay_privesc</code><br>
AttackerKB reference: <a href="https://attackerkb.com/search?q=CVE-2023-2640&#38;referrer=blog">CVE-2023-2640</a></p>
<p>Description: Adds a module for CVE-2023-2640 and CVE-2023-32629, a local privilege escalation in some Ubuntu kernel versions</p>]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2024/12/metasploit-ascii-1-2.png" length="0" type="" />

			</item>
		<item>
		<title>Metasploit Weekly Wrap-Up 11/01/2024</title>
		<link>https://noise.getoto.net/2024/11/01/metasploit-weekly-wrap-up-11-01-2024/</link>
		
		<dc:creator><![CDATA[Alan David Foster]]></dc:creator>
		<pubDate>Fri, 01 Nov 2024 18:04:03 +0000</pubDate>
				<category><![CDATA[Metasploit]]></category>
		<category><![CDATA[Metasploit Weekly Wrapup]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=4b653b2c308d87e1a6f5cf00443f9f1b</guid>

					<description><![CDATA[This Metasploit-Framework release includes a new injection technique deployed on core Meterpreter functionalities such as process migration &#38; DLL Injection.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2024/11/metasploit-sky-1-1.png" length="0" type="" />

			</item>
		<item>
		<title>Metasploit Weekly Wrap-Up 08/23/2024</title>
		<link>https://noise.getoto.net/2024/08/23/metasploit-weekly-wrap-up-08-23-2024/</link>
		
		<dc:creator><![CDATA[Alan David Foster]]></dc:creator>
		<pubDate>Fri, 23 Aug 2024 15:08:08 +0000</pubDate>
				<category><![CDATA[Metasploit]]></category>
		<category><![CDATA[Metasploit Weekly Wrapup]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=78e6b8540f4c9333365ec27c2eab6b49</guid>

					<description><![CDATA[<!--kg-card-begin: markdown--><h2>New module content (3)</h2>
<h3>Fortra FileCatalyst Workflow SQL Injection (CVE-2024-5276)</h3>
<p>Authors: Michael Heinzl and Tenable<br>
Type: Auxiliary<br>
Pull request: <a href="https://github.com/rapid7/metasploit-framework/pull/19373">#19373</a> contributed by <a href="https://github.com/h4x-x0r">h4x-x0r</a><br>
Path: <code>admin/http/fortra_filecatalyst_workflow_sqli</code><br>
AttackerKB reference: <a href="https://attackerkb.com/search?q=CVE-2024-5276&#38;referrer=blog">CVE-2024-5276</a></p>
<p>Description: This adds an auxiliary module to exploit the CVE-2024-5276, a SQL injection vulnerability that allows for</p>]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2024/08/metasploit-fence.png" length="0" type="" />

			</item>
		<item>
		<title>Metasploit Weekly Wrap-Up 06/14/2024</title>
		<link>https://noise.getoto.net/2024/06/14/metasploit-weekly-wrap-up-06-14-2024/</link>
		
		<dc:creator><![CDATA[Alan David Foster]]></dc:creator>
		<pubDate>Fri, 14 Jun 2024 19:09:16 +0000</pubDate>
				<category><![CDATA[Metasploit]]></category>
		<category><![CDATA[Metasploit Weekly Wrapup]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=3cddcc1e4cd0cd446cf3fda2f944048c</guid>

					<description><![CDATA[<!--kg-card-begin: markdown--><h2>New module content (5)</h2>
<h3>Telerik Report Server Auth Bypass</h3>
<p>Authors: SinSinology and Spencer McIntyre<br>
Type: Auxiliary<br>
Pull request: <a href="https://github.com/rapid7/metasploit-framework/pull/19242">#19242</a> contributed by <a href="https://github.com/zeroSteiner">zeroSteiner</a><br>
Path: <code>scanner/http/telerik_report_server_auth_bypass</code><br>
AttackerKB reference: <a href="https://attackerkb.com/search?q=CVE-2024-4358?referrer=blog">CVE-2024-4358</a></p>
<p>Description: This adds an exploit for CVE-2024-4358 which is an authentication bypass in Telerik Report Server versions</p>]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2024/06/metasploit-ascii-1-2.png" length="0" type="" />

			</item>
		<item>
		<title>Metasploit Weekly Wrap-Up 04/05/2024</title>
		<link>https://noise.getoto.net/2024/04/05/metasploit-weekly-wrap-up-04-05-2024/</link>
		
		<dc:creator><![CDATA[Alan David Foster]]></dc:creator>
		<pubDate>Fri, 05 Apr 2024 18:59:29 +0000</pubDate>
				<category><![CDATA[Metasploit]]></category>
		<category><![CDATA[Metasploit Weekly Wrapup]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=a36ad6760fdd9e6cdf77000fc754e246</guid>

					<description><![CDATA[<!--kg-card-begin: markdown--><h2>New ESC4 Templates for AD CS</h2>
<p>Metasploit added <a href="https://docs.metasploit.com/docs/pentesting/active-directory/ad-certificates/attacking-ad-cs-esc-vulnerabilities.html">capabilities</a> for exploiting the ESC family of flaws in AD CS in Metasploit 6.3. The ESC4 technique in particular has been supported for some time now thanks to the <code>ad_cs_cert_templates</code> module which enables users to read and write</p>]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2024/04/metasploit-sky.png" length="0" type="" />

			</item>
		<item>
		<title>Metasploit Weekly Wrap-Up 01/26/24</title>
		<link>https://noise.getoto.net/2024/01/26/metasploit-weekly-wrap-up-01-26-24/</link>
		
		<dc:creator><![CDATA[Alan David Foster]]></dc:creator>
		<pubDate>Fri, 26 Jan 2024 21:12:17 +0000</pubDate>
				<category><![CDATA[Metasploit]]></category>
		<category><![CDATA[Metasploit Weekly Wrapup]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=438072794c8ad0bd3301d1f6e4c2ff8d</guid>

					<description><![CDATA[This week's wrap-up adds 8 new modules and direct syscalls to Meterpreter's Reflective Loader.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2024/01/metasploit-sky-1.png" length="0" type="" />

			</item>
		<item>
		<title>Metasploit Weekly Wrap-Up</title>
		<link>https://noise.getoto.net/2023/09/29/metasploit-weekly-wrap-up-76/</link>
		
		<dc:creator><![CDATA[Alan David Foster]]></dc:creator>
		<pubDate>Fri, 29 Sep 2023 18:08:42 +0000</pubDate>
				<category><![CDATA[Metasploit]]></category>
		<category><![CDATA[Metasploit Weekly Wrapup]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=82e282a1c2b70ad206463f1dce92a806</guid>

					<description><![CDATA[<!--kg-card-begin: markdown--><h2>TeamCity authentication bypass and remote code execution</h2>
<p>This week’s Metasploit release includes a new module for a critical authentication bypass in JetBrains TeamCity CI/CD Server. All versions of TeamCity prior to version 2023.05.4 are vulnerable to this issue. The vulnerability was originally discovered by SonarSource, and</p>]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2023/09/metasploit-fence-1.png" length="0" type="" />

			</item>
		<item>
		<title>Metasploit Weekly Wrap-Up</title>
		<link>https://noise.getoto.net/2023/06/16/metasploit-weekly-wrap-up-61/</link>
		
		<dc:creator><![CDATA[Alan David Foster]]></dc:creator>
		<pubDate>Fri, 16 Jun 2023 20:40:51 +0000</pubDate>
				<category><![CDATA[Metasploit]]></category>
		<category><![CDATA[Metasploit Weekly Wrapup]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=53240035aae118eb7443b94c584207c4</guid>

					<description><![CDATA[<!--kg-card-begin: markdown--><h2>Metasploit T-Shirt Design Contest</h2>
<p>In honor of Metasploit's 20th anniversary, Rapid7 is launching special edition t-shirts - and we're inviting members of our community to have a hand in its creation. The contest winner will have their design featured on the shirts, which will then be available to pick up</p>]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2023/06/metasploit-fence.png" length="0" type="" />

			</item>
		<item>
		<title>Metasploit Wrap-up</title>
		<link>https://noise.getoto.net/2023/05/12/metasploit-wrap-up-50/</link>
		
		<dc:creator><![CDATA[Alan David Foster]]></dc:creator>
		<pubDate>Fri, 12 May 2023 17:41:20 +0000</pubDate>
				<category><![CDATA[Metasploit]]></category>
		<category><![CDATA[Metasploit Weekly Wrapup]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=6ae6c76c5d6b61dd8fee59bfaf1ae4f2</guid>

					<description><![CDATA[New modules for Zyxel Router RCE, Pentaho Business Server Auth Bypass, ManageEngine ADAudit authenticated file write RCE, and HTTPTrace functionality added to scanner modules]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2023/05/metasploit-sky-1.png" length="0" type="" />

			</item>
		<item>
		<title>Metasploit Weekly Wrap-up</title>
		<link>https://noise.getoto.net/2023/03/31/metasploit-weekly-wrap-up-51/</link>
		
		<dc:creator><![CDATA[Alan David Foster]]></dc:creator>
		<pubDate>Fri, 31 Mar 2023 16:54:52 +0000</pubDate>
				<category><![CDATA[Metasploit]]></category>
		<category><![CDATA[Metasploit Weekly Wrapup]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=475aa5263062473b0c44925c90469711</guid>

					<description><![CDATA[5 new modules including Windows 11 WinSock Priv Esc, SolarWinds Information Service (SWIS) RCE and AMQP Support]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2023/03/metasploit-sky-1-1.png" length="0" type="" />

			</item>
		<item>
		<title>Metasploit Framework 6.3 Released</title>
		<link>https://noise.getoto.net/2023/01/30/metasploit-framework-6-3-released/</link>
		
		<dc:creator><![CDATA[Alan David Foster]]></dc:creator>
		<pubDate>Mon, 30 Jan 2023 14:00:00 +0000</pubDate>
				<category><![CDATA[Metasploit]]></category>
		<category><![CDATA[penetration-testing]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=a8814fa7f7133fa1ebd7461a005d72a1</guid>

					<description><![CDATA[Metasploit Framework 6.3 is now available. New features include native Kerberos authentication support, streamlined Active Directory attack workflows (AD CS, AD DS), and new modules that request, forge, and convert tickets between formats.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2023/01/Screen-Shot-2023-01-28-at-10.56.19-AM.png" length="0" type="" />

			</item>
		<item>
		<title>Metasploit Weekly Wrap-Up</title>
		<link>https://noise.getoto.net/2022/11/11/metasploit-weekly-wrap-up-36/</link>
		
		<dc:creator><![CDATA[Alan David Foster]]></dc:creator>
		<pubDate>Fri, 11 Nov 2022 21:16:38 +0000</pubDate>
				<category><![CDATA[Metasploit]]></category>
		<category><![CDATA[Metasploit Weekly Wrapup]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=ed0f8ccb90add95dcc0f43dc94cd7caa</guid>

					<description><![CDATA[<!--kg-card-begin: markdown--><h2>ADCS - ESC Vulnerable certificate template finder</h2>
<p>Our very own Grant Willcox has developed a new module which allows users to query a LDAP server for vulnerable Active Directory Certificate Services (AD CS) certificate templates. The module will print the detected certificate details, and the attack it is susceptible to.</p>]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2022/11/metasploit-ascii-1-2.png" length="0" type="" />

			</item>
		<item>
		<title>Metasploit Wrap-Up</title>
		<link>https://noise.getoto.net/2022/08/19/metasploit-wrap-up-44/</link>
		
		<dc:creator><![CDATA[Alan David Foster]]></dc:creator>
		<pubDate>Fri, 19 Aug 2022 20:28:14 +0000</pubDate>
				<category><![CDATA[Metasploit]]></category>
		<category><![CDATA[Metasploit Weekly Wrapup]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=a4776812d014718a860139a5c52d4d10</guid>

					<description><![CDATA[<!--kg-card-begin: markdown--><h2>Advantech iView NetworkServlet Command Injection</h2>
<p>This week <a href="https://github.com/space-r7">Shelby Pace</a> has developed a new exploit module for <a href="https://attackerkb.com/topics/XYFOEYsgKa/cve-2022-2143?referrer=blog">CVE-2022-2143</a>. This module uses an unauthenticated command injection vulnerability to gain remote code execution against vulnerable versions of Advantech iView software below <code>5.7.04.6469</code>. The software runs as NT AUTHORITY\SYSTEM, granting</p>]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2022/08/metasploit-sky.png" length="0" type="" />

			</item>
		<item>
		<title>Announcing Metasploit 6.2</title>
		<link>https://noise.getoto.net/2022/06/09/announcing-metasploit-6-2/</link>
		
		<dc:creator><![CDATA[Alan David Foster]]></dc:creator>
		<pubDate>Thu, 09 Jun 2022 16:39:00 +0000</pubDate>
				<category><![CDATA[Metasploit]]></category>
		<category><![CDATA[penetration-testing]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=02edda927928c11a6d10a4a0d17823af</guid>

					<description><![CDATA[Metasploit 6.2.0 has been released, marking another milestone that includes new modules, features, improvements, and bug fixes.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2022/06/metasploit-sky-1.png" length="0" type="" />

			</item>
		<item>
		<title>Metasploit Weekly Wrap-Up</title>
		<link>https://noise.getoto.net/2022/05/27/metasploit-weekly-wrap-up-15/</link>
		
		<dc:creator><![CDATA[Alan David Foster]]></dc:creator>
		<pubDate>Fri, 27 May 2022 19:30:31 +0000</pubDate>
				<category><![CDATA[Metasploit]]></category>
		<category><![CDATA[Metasploit Weekly Wrapup]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=7009d1b4a88f1ad9d60a8c7bcd1db3a2</guid>

					<description><![CDATA[<!--kg-card-begin: markdown--><h2>PetitPotam Improvements</h2>
<p>Metasploit’s Ruby support has been updated to allow anonymous authentication to SMB servers. This is notably useful while exploiting the PetitPotam vulnerability with Metasploit, which can be used to coerce a Domain Controller to send an authentication attempt over SMB to other machines via MS-EFSRPC methods:</p>
<pre><code>msf6</code></pre>]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2022/05/metasploit-fence.png" length="0" type="" />

			</item>
		<item>
		<title>Metasploit Wrap-Up</title>
		<link>https://noise.getoto.net/2022/05/06/metasploit-wrap-up-43/</link>
		
		<dc:creator><![CDATA[Alan David Foster]]></dc:creator>
		<pubDate>Fri, 06 May 2022 17:56:15 +0000</pubDate>
				<category><![CDATA[Metasploit]]></category>
		<category><![CDATA[Metasploit Weekly Wrapup]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=1ecbab52cd82ae516e383f64d607fef9</guid>

					<description><![CDATA[Three new exploit modules, and an update for Windows 11 support]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2022/05/metasploit-blg-3-copy-2.png" length="0" type="" />

			</item>
		<item>
		<title>Metasploit Weekly Wrap-Up</title>
		<link>https://noise.getoto.net/2022/04/01/metasploit-weekly-wrap-up-10/</link>
		
		<dc:creator><![CDATA[Alan David Foster]]></dc:creator>
		<pubDate>Fri, 01 Apr 2022 18:34:29 +0000</pubDate>
				<category><![CDATA[Metasploit]]></category>
		<category><![CDATA[Metasploit Weekly Wrapup]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=f708a09ca1effc0565ca94d5dbc414d5</guid>

					<description><![CDATA[<!--kg-card-begin: markdown--><h2>CVE-2022-22963 - Spring Cloud Function SpEL RCE</h2>
<p>A new <code>exploit/multi/http/spring_cloud_function_spel_injection</code> module has been developed by our very own <a href="https://github.com/smcintyre-r7">Spencer McIntyre</a> which targets Spring Cloud Function versions Prior to 3.1.7 and 3.2.3. This module is unrelated to <a href="https://www.rapid7.com/blog/post/2022/03/30/spring4shell-zero-day-vulnerability-in-spring-framework/">Spring4Shell CVE-2022-22965</a>, which</p>]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2022/04/metasploit-sky.png" length="0" type="" />

			</item>
		<item>
		<title>Metasploit Weekly Wrap-Up</title>
		<link>https://noise.getoto.net/2022/03/18/metasploit-weekly-wrap-up-8/</link>
		
		<dc:creator><![CDATA[Alan David Foster]]></dc:creator>
		<pubDate>Fri, 18 Mar 2022 17:38:38 +0000</pubDate>
				<category><![CDATA[Metasploit]]></category>
		<category><![CDATA[Metasploit Weekly Wrapup]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=44da27d91be223465957fc7cdf7a31a6</guid>

					<description><![CDATA[<!--kg-card-begin: markdown--><h2>CVE-2022-21999 - SpoolFool</h2>
<p>Our very own <a href="https://github.com/space-r7">Shelby Pace</a> has added a new module for the <a href="https://attackerkb.com/topics/vFYqO85asS/cve-2022-21999?referrer=blog">CVE-2022-21999 SpoolFool privilege escalation vulnerability</a>. This escalation vulnerability can be leveraged to achieve code execution as SYSTEM. This new module has successfully been tested on Windows 10 (10.0 Build 19044) and Windows Server 2019</p>]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2022/03/metasploit-ascii-1-2.png" length="0" type="" />

			</item>
	</channel>
</rss>

<!--
Performance optimized by W3 Total Cache. Learn more: https://www.boldgrid.com/w3-total-cache/

Object Caching 26/240 objects using Memcached
Page Caching using Disk: Enhanced 
Lazy Loading (feed)
Database Caching using Memcached

Served from: noise.getoto.net @ 2026-03-12 08:57:31 by W3 Total Cache
-->