<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>penetration-testing &#8211; Noise</title>
	<atom:link href="https://noise.getoto.net/tag/penetration-testing/feed/" rel="self" type="application/rss+xml" />
	<link>https://noise.getoto.net</link>
	<description>The collective thoughts of the interwebz</description>
	<lastBuildDate>Mon, 24 Feb 2025 19:06:09 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.8.2</generator>
	<item>
		<title>Under The Hoodie: The Pen Test Diaries</title>
		<link>https://noise.getoto.net/2025/02/24/under-the-hoodie-the-pen-test-diaries/</link>
		
		<dc:creator><![CDATA[Emma Burdett]]></dc:creator>
		<pubDate>Mon, 24 Feb 2025 19:06:09 +0000</pubDate>
				<category><![CDATA[penetration-testing]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=6bf1bf9f5250a10a55b4283ddb3897f5</guid>

					<description><![CDATA[Welcome to Under the Hoodie, where we share stories straight from the frontlines of ethical hacking. Below are real accounts from our testers, revealing just how easy it can be to break into supposedly secure environments.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2025/02/GettyImages-1370233320.jpg" length="0" type="" />

			</item>
		<item>
		<title>Keys to the Kingdom &#8211; Gaining access to the Physical Facility through Internal Access</title>
		<link>https://noise.getoto.net/2024/08/07/keys-to-the-kingdom-gaining-access-to-the-physical-facility-through-internal-access/</link>
		
		<dc:creator><![CDATA[Anna Katarina Quinn]]></dc:creator>
		<pubDate>Wed, 07 Aug 2024 14:37:18 +0000</pubDate>
				<category><![CDATA[penetration-testing]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=95067cd779fde565563de0d3b44fa237</guid>

					<description><![CDATA[This is a story of network segmentation and the impact that seemingly trivial misconfigurations can have for your organization.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2024/08/GettyImages-1836400800.jpg" length="0" type="" />

			</item>
		<item>
		<title>Details Matter: Pentesting a single device to guarantee security</title>
		<link>https://noise.getoto.net/2024/08/06/details-matter-pentesting-a-single-device-to-guarantee-security/</link>
		
		<dc:creator><![CDATA[Ryan Smith]]></dc:creator>
		<pubDate>Tue, 06 Aug 2024 17:00:00 +0000</pubDate>
				<category><![CDATA[penetration-testing]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=6ea49b5bdafc5ccd131bb6d732a82bfc</guid>

					<description><![CDATA[Rapid7’s penetration testing services regularly assess internal networks of various sizes. For this particular engagement, however, Rapid7 was tasked with performing a penetration test of just one device on an internal network.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2024/08/GettyImages-1319774182.jpg" length="0" type="" />

			</item>
		<item>
		<title>Buying Stuff For Free From Shopping Websites</title>
		<link>https://noise.getoto.net/2024/07/25/buying-stuff-for-free-from-shopping-websites/</link>
		
		<dc:creator><![CDATA[Marcus Chang]]></dc:creator>
		<pubDate>Thu, 25 Jul 2024 13:30:00 +0000</pubDate>
				<category><![CDATA[penetration-testing]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=8f935ff2f743c1e92f7b38061fd2d23e</guid>

					<description><![CDATA[Rapid7 is often tasked with evaluating the security of e-commerce sites. When dealing directly with customer financials, the security of these transactions is a top concern. Fortunately, there are ample pre-built e-commerce platforms one can simply purchase or install.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2024/07/GettyImages-1734738506-2.jpg" length="0" type="" />

			</item>
		<item>
		<title>Metasploit Weekly Wrap-Up 7/19/2024</title>
		<link>https://noise.getoto.net/2024/07/19/metasploit-weekly-wrap-up-7-19-2024/</link>
		
		<dc:creator><![CDATA[Christophe De La Fuente]]></dc:creator>
		<pubDate>Fri, 19 Jul 2024 16:46:06 +0000</pubDate>
				<category><![CDATA[exploits]]></category>
		<category><![CDATA[Metasploit]]></category>
		<category><![CDATA[Metasploit Weekly Wrapup]]></category>
		<category><![CDATA[penetration-testing]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=66905a5ebe9896150f65284658ae9a48</guid>

					<description><![CDATA[A new unauthenticated RCE exploit for GeoServer, plus library and Meterpreter updates and enhancements.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2024/07/metasploit-sky.png" length="0" type="" />

			</item>
		<item>
		<title>Metasploit Wrap-Up 12/8/2023</title>
		<link>https://noise.getoto.net/2023/12/08/metasploit-wrap-up-12-8-2023/</link>
		
		<dc:creator><![CDATA[Brendan Watters]]></dc:creator>
		<pubDate>Fri, 08 Dec 2023 19:15:04 +0000</pubDate>
				<category><![CDATA[Metasploit]]></category>
		<category><![CDATA[Metasploit Weekly Wrapup]]></category>
		<category><![CDATA[penetration-testing]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=68969015a576ea7754aa240f43587047</guid>

					<description><![CDATA[New this week: An OwnCloud gather module and a Docker cgroups container escape. Plus, an early feature that allows users to search module actions, targets, and aliases.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2023/12/metasploit-sky.png" length="0" type="" />

			</item>
		<item>
		<title>PenTales: What It’s Like on the Red Team</title>
		<link>https://noise.getoto.net/2023/08/31/pentales-what-its-like-on-the-red-team/</link>
		
		<dc:creator><![CDATA[Aaron Herndon]]></dc:creator>
		<pubDate>Thu, 31 Aug 2023 13:16:42 +0000</pubDate>
				<category><![CDATA[penetration-testing]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=c986a9af66325cce41eb30b38d7a6a78</guid>

					<description><![CDATA[In this series, we’re sharing some of our favorite tales from the pen test desk and hopefully highlight some ways you can improve your own organization’s security.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2023/08/recog-data.jpeg" length="0" type="" />

			</item>
		<item>
		<title>PenTales: A Badge, a Tag, and a Bunch of Unattended Chemicals; Why Physical Social Engineering Engagements are an Important Part of Security</title>
		<link>https://noise.getoto.net/2023/08/03/pentales-a-badge-a-tag-and-a-bunch-of-unattended-chemicals-why-physical-social-engineering-engagements-are-an-important-part-of-security/</link>
		
		<dc:creator><![CDATA[Bennett Gogarty]]></dc:creator>
		<pubDate>Thu, 03 Aug 2023 18:38:58 +0000</pubDate>
				<category><![CDATA[penetration-testing]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=3b5f5f57a8d7a154d735a2ee1d8f1fbc</guid>

					<description><![CDATA[In this series, we’re going to share some of our favorite tales from the pen test desk and hopefully highlight some ways you can improve your own organization’s security.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2023/08/insightidr-q3.jpg" length="0" type="" />

			</item>
		<item>
		<title>PenTales: There Are Many Ways to Infiltrate the Cloud</title>
		<link>https://noise.getoto.net/2023/07/27/pentales-there-are-many-ways-to-infiltrate-the-cloud/</link>
		
		<dc:creator><![CDATA[Arvind Vishwakarma]]></dc:creator>
		<pubDate>Thu, 27 Jul 2023 20:29:22 +0000</pubDate>
				<category><![CDATA[penetration-testing]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=9cf5c621e453d93c574df8a24a80e79d</guid>

					<description><![CDATA[<p><em><em>At Rapid7 we love a good pen test story. So often they show the cleverness, skill, resilience, and dedication to our customer’s security that can only come from actively trying to break it! In this series, we’re going to share some of our favorite tales from the pen</em></em></p>]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2023/07/recog-data-1.jpeg" length="0" type="" />

			</item>
		<item>
		<title>PenTales: Testing Security Health for a Healthcare Company</title>
		<link>https://noise.getoto.net/2023/07/20/pentales-testing-security-health-for-a-healthcare-company/</link>
		
		<dc:creator><![CDATA[Aaron Tennison]]></dc:creator>
		<pubDate>Thu, 20 Jul 2023 15:01:34 +0000</pubDate>
				<category><![CDATA[penetration-testing]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=a468450cf7496b8a2c8cb54bec9066ee</guid>

					<description><![CDATA[<p><em>At Rapid7 we love a good pen test story. So often they show the cleverness, skill, resilience, and dedication to our customer’s security that can only come from actively trying to break it! In this series, we’re going to share some of our favorite tales from the pen</em></p>]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2023/07/recog-data.jpeg" length="0" type="" />

			</item>
		<item>
		<title>Pentales: Old Vulns, New Tricks</title>
		<link>https://noise.getoto.net/2023/07/13/pentales-old-vulns-new-tricks/</link>
		
		<dc:creator><![CDATA[Austin Guidry]]></dc:creator>
		<pubDate>Thu, 13 Jul 2023 18:15:30 +0000</pubDate>
				<category><![CDATA[penetration-testing]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=685a7e5cbb19cabb47c3e0c7159afbf7</guid>

					<description><![CDATA[<p><em>At Rapid7 we love a good pentest story. So often they show the cleverness, skill, resilience, and dedication to our customer’s security that can only come from actively trying to break it! In this series, we’re going to share some of our favorite tales from the pen test</em></p>]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2023/07/GettyImages-1128503636-3.jpg" length="0" type="" />

			</item>
		<item>
		<title>Fetch Payloads: A Shorter Path from Command Injection to Metasploit Session</title>
		<link>https://noise.getoto.net/2023/05/25/fetch-payloads-a-shorter-path-from-command-injection-to-metasploit-session/</link>
		
		<dc:creator><![CDATA[Brendan Watters]]></dc:creator>
		<pubDate>Thu, 25 May 2023 16:21:57 +0000</pubDate>
				<category><![CDATA[Metasploit]]></category>
		<category><![CDATA[penetration-testing]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=db4cdb9fb150c2b71ea71579494283b7</guid>

					<description><![CDATA[Rapid7 is pleased to announce the availability of Metasploit fetch payloads,  which increase efficiency and user control over the commands executed.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2023/05/metasploit-ascii-1.png" length="0" type="" />

			</item>
		<item>
		<title>AppDomain Manager Injection: New Techniques For Red Teams</title>
		<link>https://noise.getoto.net/2023/05/05/appdomain-manager-injection-new-techniques-for-red-teams/</link>
		
		<dc:creator><![CDATA[Nicholas Spagnola]]></dc:creator>
		<pubDate>Fri, 05 May 2023 16:39:10 +0000</pubDate>
				<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[penetration-testing]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=43e8ebe72a78214ff270b10a9ed28d26</guid>

					<description><![CDATA[This article details a variety of ways to perform and utilize AppDomain Manager Injection during red team operations.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2023/05/GettyImages-1305066300.jpg" length="0" type="" />

			</item>
		<item>
		<title>DataSurgeon – Extract Sensitive Information (PII) From Logs</title>
		<link>https://noise.getoto.net/2023/03/20/datasurgeon-extract-sensitive-information-pii-from-logs/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Mon, 20 Mar 2023 16:19:22 +0000</pubDate>
				<category><![CDATA[Без категория]]></category>
		<category><![CDATA[Hacking Tools]]></category>
		<category><![CDATA[penetration-testing]]></category>
		<guid isPermaLink="false">https://www.darknet.org.uk/?p=32011</guid>

					<description><![CDATA[DataSurgeon (ds) is a versatile tool designed to Extract Sensitive Information (PII) From Logs, it's intended to be used for incident response, penetration testing, and CTF challenges.]]></description>
		
		
		
			</item>
		<item>
		<title>Metasploit Framework 6.3 Released</title>
		<link>https://noise.getoto.net/2023/01/30/metasploit-framework-6-3-released/</link>
		
		<dc:creator><![CDATA[Alan David Foster]]></dc:creator>
		<pubDate>Mon, 30 Jan 2023 14:00:00 +0000</pubDate>
				<category><![CDATA[Metasploit]]></category>
		<category><![CDATA[penetration-testing]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=a8814fa7f7133fa1ebd7461a005d72a1</guid>

					<description><![CDATA[Metasploit Framework 6.3 is now available. New features include native Kerberos authentication support, streamlined Active Directory attack workflows (AD CS, AD DS), and new modules that request, forge, and convert tickets between formats.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2023/01/Screen-Shot-2023-01-28-at-10.56.19-AM.png" length="0" type="" />

			</item>
		<item>
		<title>2022 Annual Metasploit Wrap-Up</title>
		<link>https://noise.getoto.net/2022/12/30/2022-annual-metasploit-wrap-up/</link>
		
		<dc:creator><![CDATA[Spencer McIntyre]]></dc:creator>
		<pubDate>Fri, 30 Dec 2022 15:00:00 +0000</pubDate>
				<category><![CDATA[Haxmas]]></category>
		<category><![CDATA[Metasploit]]></category>
		<category><![CDATA[Metasploit Weekly Wrapup]]></category>
		<category><![CDATA[penetration-testing]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=80c2cfbf70b3668fc60a8c97d27ca478</guid>

					<description><![CDATA[<!--kg-card-begin: markdown--><p>It's been another gangbusters year for Metasploit, and the holidays are a time to give thanks to all the people that help make our load a little bit lighter. So, while this end-of-year wrap-up is a highlight reel of the headline features and extensions that landed in Metasploit-land in 2022,</p>]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2022/12/metasploit-haxmas-candy-canes.jpeg" length="0" type="" />

			</item>
		<item>
		<title>Metasploit Wrap-Up</title>
		<link>https://noise.getoto.net/2022/12/09/metasploit-wrap-up-47/</link>
		
		<dc:creator><![CDATA[Zachary Goldman]]></dc:creator>
		<pubDate>Fri, 09 Dec 2022 20:36:45 +0000</pubDate>
				<category><![CDATA[Metasploit]]></category>
		<category><![CDATA[Metasploit Weekly Wrapup]]></category>
		<category><![CDATA[penetration-testing]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=a331aadad19758016bddfb293a02f666</guid>

					<description><![CDATA[<!--kg-card-begin: markdown--><h2>Login brute-force utility</h2>
<p><a href="https://github.com/whoot">Jan Rude</a> added a new module that gives users the ability to brute-force login for Linux Syncovery. This expands Framework's capability to scan logins to Syncovery, a popular web GUI for backups.</p>
<h2>WordPress extension SQL injection module</h2>
<p><a href="https://github.com/cydave">Cydave</a>, <a href="https://github.com/destr4ct">destr4ct</a>, and <a href="https://github.com/jheysel-r7">jheysel-r7</a> contributed a new module that takes</p>]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2022/12/metasploit-blg-2-small.png" length="0" type="" />

			</item>
		<item>
		<title>Metasploit Wrap-Up</title>
		<link>https://noise.getoto.net/2022/10/14/metasploit-wrap-up-46/</link>
		
		<dc:creator><![CDATA[Christophe De La Fuente]]></dc:creator>
		<pubDate>Fri, 14 Oct 2022 17:03:46 +0000</pubDate>
				<category><![CDATA[Metasploit]]></category>
		<category><![CDATA[Metasploit Weekly Wrapup]]></category>
		<category><![CDATA[penetration-testing]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=06452152baeafef87319b9037298cfc6</guid>

					<description><![CDATA[Remote code execution modules for Spring Cloud Function and pfSense, plus bug fixes for the Windows secrets dump module.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2022/10/metasploit-blog-banner-3-small.png" length="0" type="" />

			</item>
		<item>
		<title>A SIEM With a Pen Tester&#8217;s Eye: How Offensive Security Helps Shape InsightIDR</title>
		<link>https://noise.getoto.net/2022/10/14/a-siem-with-a-pen-testers-eye-how-offensive-security-helps-shape-insightidr/</link>
		
		<dc:creator><![CDATA[Rapid7]]></dc:creator>
		<pubDate>Fri, 14 Oct 2022 13:02:28 +0000</pubDate>
				<category><![CDATA[InsightIDR]]></category>
		<category><![CDATA[penetration-testing]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=06ddb970041ff32f00a6ab51200966e7</guid>

					<description><![CDATA[At Rapid7, our laser-focus has always been trained on one thing: helping digital defenders spot and stop bad actors. From the start of our story, penetration testing — or pen testing, for short — has been one of the cornerstones of that obsession.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2022/10/GettyImages-1355632551.jpg" length="0" type="" />

			</item>
		<item>
		<title>High-School Graduation Prank Hack</title>
		<link>https://noise.getoto.net/2022/08/31/high-school-graduation-prank-hack/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 31 Aug 2022 14:33:41 +0000</pubDate>
				<category><![CDATA[hacking]]></category>
		<category><![CDATA[penetration-testing]]></category>
		<category><![CDATA[schools]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=65827</guid>

					<description><![CDATA[<p><a href="https://www.wired.com/story/biggest-hacker-rickroll-high-school-prank/">This</a> is a fun story, detailing the hack a group of high school students perpetrated against an Illinois school district, hacking 500 screens across a bunch of schools.</p>
<blockquote><p>During the process, the group broke into the school’s IT systems; repurposed software used to monitor students’ computers; discovered a new vulnerability (and <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-42109">reported it</a>); wrote their own scripts; secretly tested their system at night; and managed to avoid detection in the school’s network. Many of the techniques were not sophisticated, but they were pretty much all <a href="https://www.brownstonelaw.com/blog/computer-hacking-an-examination-of-the-illinois-criminal-code/#:~:text=Illinois%20Hacking%20Law,be%20prosecuted%20for%20computer%20tampering">illegal...</a></p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
	</channel>
</rss>

<!--
Performance optimized by W3 Total Cache. Learn more: https://www.boldgrid.com/w3-total-cache/

Object Caching 31/376 objects using Memcached
Page Caching using Disk: Enhanced 
Lazy Loading (feed)
Database Caching using Memcached

Served from: noise.getoto.net @ 2025-12-08 13:16:53 by W3 Total Cache
-->