Explore a groundbreaking technique for out-of-band data retrieval in this 30-minute Black Hat EU 2013 conference talk. Discover how to access files and resources from a victim's machine and internal network, even when normal output is possible from vulnerable applications handling XML data. Learn about XML hacker techniques, constraints, simple parsing, external entities, and entity attributes. Dive into simulation construction, sample services, XML injections, and SQL injections. Understand DNS queries, the main technique, visualization, and restrictions. Examine the declaration of entities, loading entities, and the ExpressT document parser. Gain insights into tools like Metasploit and GitHub for practical application. Presented by Alexey Osipov and Timur Yunusov, this talk provides a comprehensive overview of this innovative data retrieval method.