Skills
.Work. You
Rest

defensive-xxe

Community

XXE detection for XML with Sigma and YARA checks.

Software Engineering#detection#xml#kql#sigma#yara#mde#xxe
Authorriparino
Version1.0.0
Installs0

System Documentation

What problem does it solve?

XML processing often exposes applications to XXE vulnerabilities via DOCTYPE and ENTITY definitions. This skill provides a structured approach to detect and triage XXE indicators in XML inputs, enabling faster remediation.

Core Features & Use Cases

  • Detection Coverage: identifies DOCTYPE/ENTITY usage, OOB callback patterns, and file:// based read attempts.
  • Threat Coverage: includes Sigma rules for XML injection, YARA rules for XXE payloads, and KQL for Azure WAF and MDE network telemetry.
  • Use Case: SOC teams can harden XML parsers and set up monitoring to alert on XXE indicators during XML processing.

Quick Start

Load the XXE detection methodology into the XML processing pipeline to identify DOCTYPE/ENTITY patterns and OOB callbacks.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: defensive-xxe
Download link: https://github.com/riparino/Claude-Cyber/archive/main.zip#defensive-xxe

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.