Book description
Learn to use C#'s powerful set of core libraries to automate tedious yet important tasks like fuzzing, performing vulnerability scans, and analyzing malware. With some help from Mono, you'll write your own practical security tools that will run on Windows, OS X, Linux, and even mobile devices.
After a crash course in C# and some of its advanced features, you'll learn how to:
- Write fuzzers that use the HTTP and XML libraries to scan for SQL and XSS injections
- Generate shellcode in Metasploit to create cross-platform and cross-architecture payloads
- Automate Nessus, OpenVAS, and sqlmap to scan for vulnerabilities and exploit SQL injections
- Write a .NET decompiler for OS X and Linux
- Parse and read offline registry hives to dump system information
- Automate the security tools Arachni and Metasploit using their MSGPACK RPCs
Publisher resources
Table of contents
- Cover Page
- Title Page
- Copyright Page
- Brief Contents
- Contents in Detail
- Foreword by Matt Graeber
- Preface
- Chapter 1: C# Crash Course
- Chapter 2: Fuzzing and Exploiting XSS and SQL Injection
-
Chapter 3: Fuzzing SOAP Endpoints
- Setting Up the Vulnerable Endpoint
-
Parsing the WSDL
- Creating a Class for the WSDL Document
- Writing the Initial Parsing Methods
- Writing a Class for the SOAP Type and Parameters
- Creating the SoapMessage Class to Define Sent Data
- Implementing a Class for Message Parts
- Defining Port Operations with the SoapPortType Class
- Implementing a Class for Port Operations
- Defining Protocols Used in SOAP Bindings
- Compiling a List of Operation Child Nodes
- Finding the SOAP Services on Ports
- Automatically Fuzzing the SOAP Endpoint for SQL Injection Vulnerabilities
- Conclusion
- Chapter 4: Writing Connect-Back, Binding, and Metasploit Payloads
- Chapter 5: Automating Nessus
- Chapter 6: Automating Nexpose
- Chapter 7: Automating OpenVAS
- Chapter 8: Automating Cuckoo Sandbox
- Chapter 9: Automating Sqlmap
- Chapter 10: Automating ClamAV
- Chapter 11: Automating Metasploit
- Chapter 12: Automating Arachni
- Chapter 13: Decompiling and Reversing Managed Assemblies
- Chapter 14: Reading Offline Registry Hives
- Index
- Resources
- The Electronic Frontier Foundation (EFF)
- Footnote
Product information
- Title: Gray Hat C#
- Author(s):
- Release date: June 2017
- Publisher(s): No Starch Press
- ISBN: 9781593277598
You might also like
book
Container Security
To facilitate scalability and resilience, many organizations now run applications in cloud native environments using containers …
book
Learning Modern Linux
If you use Linux in development or operations and need a structured approach to help you …
book
Network Programming with Go
Go combines the best parts of many other programming languages. It’s fast, scalable, and designed for …
book
PowerShell Cookbook, 4th Edition
How do you use PowerShell to navigate the filesystem, manage files and folders, or retrieve a …