Gray Hat C# - A Hackers Guide to Creating and Automating Security Tools is No Starch Press’ latest addition to its immensely popular and robust catalogue of computer security books.
Gray Hat C# aims to guide readers through some of C#’s more advanced features to successfully develop a .NET decompiler for macOS and Linux, automate security tools such as Nessus, Arachni and sqlmap, generate shellcode in Metasploit for cross-platform and cross-architecture payloads, and Parse and read offline registry hives to dump system information.
Gray Hat C# begins with a crash course in the C# programming language including object-oriented principles such as inheritance and the more advanced features of the language including delegates and Platform Invoke. Author Brandon Perry delivers this over fourteen pages beginning with an overview of the language and advice on choosing the right integrated development environment, before following this up with a set of basic tutorials with excellent examples before ramping up towards more advanced concepts and techniques.
This chapter closes with a reminder to the reader that Perry has only provided examples that scratch the surface of C# and should be enough to ensure that you are familiar with the language when developing security related tools.
The second chapter opens introducing the reader to the HTTP library, before exploring how the language can be used to communicate to web servers in order to develop a small HTTP request fuzzer, primarily used for cross-site Scripting and SQL Injection vulnerabilities through a variety of different data types and techniques. Much like in the opening chapter, Perry provides example code and appropriate descriptions of C# methods and techniques that are used in the examples.
The following chapter takes the use of the HTTP Library and developed fuzzer further by introducing SOAP endpoints and how the fuzzer can be adapted to retrieve SOAP WSDL and using the information held within the WSDL to find SQL Injections.
Moving on, Perry chooses to break away from the previous chapters focus on HTTP techniques and move onto payload creation. This begins with a simple tutorial aimed at allow the reader to develop two payloads for TCP and UDP. This then moves on to integrating Metasploit into the payload development with C# with an view to create cross-platform and cross-architecture payloads.
Subsequent chapters shift the focus again onto automation with C# and other security tools such as Nessus, Cuckoo Sandbox and sqlmap. This begins with a return to the HTTP library and instructions on how to request and retrieve responses from the various tools APIs using C#. This is then followed up with how make use of MessagePack (MSGPACK) to interact with Metasploit and Arachni.
Gray Hat C# closes with two final topic areas, these being Decompiling and Reversing Managed Assemblies and Reading Offline Windows NT Registry Hives. The former leads the reader through development of a decomplier for macOS and Linux, an area which Perry suggests is quite light in relation to Windows. The last topic moves the reader in to digital forensics with a focus on registry hives. This chapter introduces the reader to the binary structure of the Windows registry, before learning how to parse this data and retrieve the system’s boot key.
Overall, Gray Hat C# - A Hackers Guide to Creating and Automating Security Tools is an immersive read that leaves the reader which an excellent understanding of the potential of C# and how it can be used to organizations who may be struggling due to limited resources with following a mature vulnerability management process or a Secure Software Development Lifecycle.
With easy to follow instructions and outstanding examples, Gray Hat C# is suitable for not only established security professionals or those with some experience in using C#, but also people new to the language.
"An immersive read that leaves the reader which an excellent understanding of the potential of C#"