TryHackMe: Advent of Cyber 2024 | Day 5 - XXE (SOC-mas XX-what-ee?)

Advent of Cyber 2024 - Day5: SOC-mas XX-what-ee?

Learning Objectives
Understand the basic concepts related to XML
Explore XML External Entity (XXE) and its components
Learn how to exploit the vulnerability
Understand remediation measures

Day 5 - In today’s challenge we will help analyse an application that allows users to view and add products to their carts and perform the checkout activity.
We will check to see if it is vulnerable to XXEHere

I walkedthrough the day5 of advent of cyber 2024.

Sign up on Tryhackme: https://tryhackme.com/signup?referrer...
Follow along for free at https://tryhackme.com/r/room/adventof...

This video is a form of journal and a way I revise what I've learnt on Tryhackme.


0:00 Intro - The Story
2:18 Important concepts
8:30 Connecting to the Machine
9:17 Starting Burp Suite
11:07 Practical
17:15 Answering the questions
20:03 Question 1
22:47 Question 2
23:30 Question 3 & 4
23:50 Outro


#XXE #aoc2024 #redteaming #tryhackme #blueteam #day3 #loganalysis #opsec #web #cybersecurity #offensivesecurity #hacking #purpleteam



- -
tryhackme ethicalhacking cybersecurity cybersec hacking informationsecurity pentesting ethicalhacking cybersecuritytraining learnhacking tryhackmecommunity tryhackmerooms cyberwarriors cyberattack cyberdefense cyberthreats cybercrime cyberawareness cyberhygiene cybersavvy cybereducation cyberskills linuxcommunity linuxusers linuxenthusiasts linuxmastery cyberninjas ninjaskills linuxsecrets hiddenfiles shellscripting capturetheflag adventofcyber attacksurfacereduction securityposture networksecurity cybersecurityprofessional phishing dosattacks vulnerabilityexploitation firewall intrusiondetection patchmanagement cyberdefence cyberresilience cybercrime informationsecurity cyberthreats cyberattack cyberprotectkali linuxlinuxnmapsslhttphttpssshtelnetchargenportport numberswireshark
- -