Book description
Learn to use C#'s powerful set of core libraries to automate tedious yet important tasks like fuzzing, performing vulnerability scans, and analyzing malware. With some help from Mono, you'll write your own practical security tools that will run on Windows, OS X, Linux, and even mobile devices.
After a crash course in C# and some of its advanced features, you'll learn how to:
- Write fuzzers that use the HTTP and XML libraries to scan for SQL and XSS injections
- Generate shellcode in Metasploit to create cross-platform and cross-architecture payloads
- Automate Nessus, OpenVAS, and sqlmap to scan for vulnerabilities and exploit SQL injections
- Write a .NET decompiler for OS X and Linux
- Parse and read offline registry hives to dump system information
- Automate the security tools Arachni and Metasploit using their MSGPACK RPCs
Publisher resources
Table of contents
- Cover Page
- Title Page
- Copyright Page
- Brief Contents
- Contents in Detail
- Foreword by Matt Graeber
- Preface
- Chapter 1: C# Crash Course
- Chapter 2: Fuzzing and Exploiting XSS and SQL Injection
-
Chapter 3: Fuzzing SOAP Endpoints
- Setting Up the Vulnerable Endpoint
-
Parsing the WSDL
- Creating a Class for the WSDL Document
- Writing the Initial Parsing Methods
- Writing a Class for the SOAP Type and Parameters
- Creating the SoapMessage Class to Define Sent Data
- Implementing a Class for Message Parts
- Defining Port Operations with the SoapPortType Class
- Implementing a Class for Port Operations
- Defining Protocols Used in SOAP Bindings
- Compiling a List of Operation Child Nodes
- Finding the SOAP Services on Ports
- Automatically Fuzzing the SOAP Endpoint for SQL Injection Vulnerabilities
- Conclusion
- Chapter 4: Writing Connect-Back, Binding, and Metasploit Payloads
- Chapter 5: Automating Nessus
- Chapter 6: Automating Nexpose
- Chapter 7: Automating OpenVAS
- Chapter 8: Automating Cuckoo Sandbox
- Chapter 9: Automating Sqlmap
- Chapter 10: Automating ClamAV
- Chapter 11: Automating Metasploit
- Chapter 12: Automating Arachni
- Chapter 13: Decompiling and Reversing Managed Assemblies
- Chapter 14: Reading Offline Registry Hives
- Index
- Resources
- The Electronic Frontier Foundation (EFF)
- Footnote
Product information
- Title: Gray Hat C#
- Author(s):
- Release date: June 2017
- Publisher(s): No Starch Press
- ISBN: 9781593277598
You might also like
book
Penetration Testing
In Penetration Testing, security researcher and trainer Georgia Weidman provides you with a survey of important …
book
40 Algorithms Every Programmer Should Know
Learn algorithms for solving classic computer science problems with this concise guide covering everything from fundamental …
book
The Ghidra Book
The result of more than a decade of research and development within the NSA, the Ghidra …
book
Black Hat Python
Black Hat Python explores the darker side of Python's capabilities, helping you test your systems and …