## Apprentice Level
- ✅ [[1. Exploiting XXE using external entities to retrieve files]]
- ✅ [[2. Exploiting XXE to perform SSRF attacks]]
## Practitioner Level
- ✅ [[3. Blind XXE with out-of-band interaction]]
- ✅ [[4. Blind XXE with out-of-band interaction via XML parameter entities]]
- ✅ [[5. Exploiting blind XXE to exfiltrate data using a malicious external DTD]]
- ✅ [[6. Exploiting blind XXE to retrieve data via error messages]]
- ✅ [[7. Exploiting XInclude to retrieve files]]
- ✅ [[8. Exploiting XXE via image file upload]]
## Expert Level
- ✅ [[9. Exploiting XXE to retrieve data by repurposing a local DTD]]