YoVDO

XML Out-of-Band Data Retrieval

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses GitHub Courses Metasploit Courses SQL Injection Courses

Course Description

Overview

Explore a groundbreaking technique for out-of-band data retrieval in this 30-minute Black Hat EU 2013 conference talk. Discover how to access files and resources from a victim's machine and internal network, even when normal output is possible from vulnerable applications handling XML data. Learn about XML hacker techniques, constraints, simple parsing, external entities, and entity attributes. Dive into simulation construction, sample services, XML injections, and SQL injections. Understand DNS queries, the main technique, visualization, and restrictions. Examine the declaration of entities, loading entities, and the ExpressT document parser. Gain insights into tools like Metasploit and GitHub for practical application. Presented by Alexey Osipov and Timur Yunusov, this talk provides a comprehensive overview of this innovative data retrieval method.

Syllabus

Introduction
Agenda
XML
Hacker Techniques
Constraints
Simple parsing
External entities
Entities in attributes
Simulation construction
Sample service
XML injections
SQL injections
DNS queries
Main technique
Visualization
Restrictions
Declaration of Entity
Load Entity
Express
T document
Parser
Summary
Success
Passing
Summary Table
Demo
Tools
Metasploit
GitHub
Conclusions
Special Thanks


Taught by

Black Hat

Related Courses

Introduction to Agile Software Development: Tools & Techniques
University of California, Berkeley via edX Advanced Topics and Techniques in Agile Software Development
University of California, Berkeley via edX The Data Scientist’s Toolbox
Johns Hopkins University via Coursera How to Use Git and GitHub
Udacity Desarrollo de Videojuegos 3D en Unity: Una Introducción
Universidad de los Andes via Coursera