Ebook: Gray Hat C#: A Hacker's Guide to Creating and Automating Security Tools
Author: Perry Brandon
- Tags: Automatic control--Computer programs, C# (Computer program language), Computer security, Automatic control -- Computer programs
- Year: 2017
- Publisher: No Starch Press
- City: San Francisco
- Language: English
- mobi
Contents note continued: The ArachniRPCSession Class -- The Supporting Methods for ExecuteCommand() -- The ExecuteCommand() Method -- The ArachniRPCManager Class -- Putting It All Together -- Conclusion -- 13. Decompiling And Reversing Managed Assemblies -- Decompiling Managed Assemblies -- Testing the Decompiler -- Using monodis to Analyze an Assembly -- Conclusion -- 14. Reading Offline Registry Hives -- The Registry Hive Structure -- Getting the Registry Hives -- Reading the Registry Hive -- Creating a Class to Parse a Registry Hive File -- Creating a Class for Node Keys -- Making a Class to Store Value Keys -- Testing the Library -- Dumping the Boot Key -- The GetBootKey() Method -- The GetValueKey() Method -- The GetNodeKey() Method -- The StringToByteArray() Method -- Getting the Boot Key -- Verifying the Boot Key -- Conclusion.;Contents note continued: Starting the clamd Daemon -- Creating a Session Class for clamd -- Creating a clamd Manager Class -- Testing with clamd -- Conclusion -- 11. Automating Metasploit -- Running the RPC Server -- Installing Metasploitable -- Getting the MSGPACK Library -- Installing the NuGet Package Manager for MonoDevelop -- Installing the MSGPACK Library -- Referencing the MSGPACK Library -- Writing the MetasploitSession Class -- Creating the Executed Method for HTTP Requests and Interacting with MSGPACK -- Transforming Response Data from MSGPACK -- Testing the session Class -- Writing the MetasploitManager Class -- Putting It All Together -- Running the Exploit -- Interacting with the Shell -- Popping Shells -- Conclusion -- 12. Automating Arachni -- Installing Arachni -- The Arachni REST API -- Creating the ArachniHTTPSession Class -- Creating the ArachniHTTPManager Class -- Putting the Session and Manager Classes Together -- The Arachni RPC -- Manually Running the RPC.;Contents note continued: Certificate Validation and Garbage Collection -- Getting the OpenVAS Version -- The OpenVASManager Class -- Getting Scan Configurations and Creating Targets -- Wrapping Up the Automation -- Running the Automation -- Conclusion -- 8. Automating Cuckoo Sandbox -- Setting Up Cuckoo Sandbox -- Manually Running the Cuckoo Sandbox API -- Starting the API -- Checking Cuckoo's Status -- Creating the CuckooSession Class -- Writing the ExecuteCommand() Methods to Handle HTTP Requests -- Creating Multipart HTTP Data with the GetMultipartFormData() Method -- Processing File Data with the FileParameter Class -- Testing the CuckooSession and Supporting Classes -- Writing the CuckooManager Class -- Writing the CreateTask() Method -- The Task Details and Reporting Methods -- Creating the Task Abstract Class -- Sorting and Creating Different Class Types -- Putting It Together -- Testing the Application -- Conclusion -- 9. Automating Sqlmap -- Running sqlmap.;Contents note continued: The sqlmap REST API -- Testing the sqlmap API with curl -- Creating a Session for sqlmap -- Creating a Method to Execute a GET Request -- Executing a POST Request -- Testing the Session Class -- The SqlmapManager Class -- Listing sqlmap Options -- Making a Method to Perform Scans -- The New MainQ Method -- Reporting on a Scan -- Automating a Full sqlmap Scan -- Integrating sqlmap with the SOAP Fuzzer -- Adding sqlmap GET Request Support to the SOAP Fuzzer -- Adding sqlmap POST Request Support -- Calling the New Methods -- Conclusion -- 10. Automating Clamav -- Installing ClamAV -- The ClamAV Native Library vs. the clamd Network Daemon -- Automating with ClamAV's Native Library -- Setting Up the Supporting Enumerations and Classes -- Accessing ClamAV's Native Library Functions -- Compiling the ClamAV Engine -- Scanning Files -- Cleaning Up -- Testing the Program by Scanning the EICAR File -- Automating with clamd -- Installing the clamd Daemon.;Machine generated contents note: 1.C# Crash Course -- Choosing an IDE -- A Simple Example -- Introducing Classes and Interfaces -- Creating a Class -- Creating an Interface -- Subclassing from an Abstract Class and Implementing an Interface -- Tying Everything Together with the Main() Method -- Running the Main() Method -- Anonymous Methods -- Assigning a Delegate to a Method -- Updating the Firefighter Class -- Creating Optional Arguments -- Updating the Main() Method -- Running the Updated Main() Method -- Integrating with Native Libraries -- Conclusion -- 2. Fuzzing And Exploiting XSS And SQL Injection -- Setting Up the Virtual Machine -- Adding a Host-Only Virtual Network -- Creating the Virtual Machine -- Booting the Virtual Machine from the BadStore ISO -- SQL Injections -- Cross-Site Scripting -- Fuzzing GET Requests with a Mutational Fuzzer -- Tainting the Parameters and Testing for Vulnerabilities -- Building the HTTP Requests -- Testing the Fuzzing Code.;Contents note continued: Testing the NessusSession Class -- The NessusManager Class -- Performing a Nessus Scan -- Conclusion -- 6. Automating Nexpose -- Installing Nexpose -- Activation and Testing -- Some Nexpose Parlance -- The NexposeSession Class -- The ExecuteCommand() Method -- Logging Out and Disposing of Our Session -- Finding the API Version -- Driving the Nexpose API -- The NexposeManager Class -- Automating a Vulnerability Scan -- Creating a Site with Assets -- Starting a Scan -- Creating a PDF Site Report and Deleting the Site -- Putting It All Together -- Starting the Scan -- Generating a Report and Deleting the Site -- Running the Automation -- Conclusion -- 7. Automating Openvas -- Installing OpenVAS -- Building the Classes -- The OpenVASSession Class -- Authenticating with the OpenVAS Server -- Creating a Method to Execute OpenVAS Commands -- Reading the Server Message -- Setting Up the TCP Stream to Send and Receive Commands.;Contents note continued: Finding the SOAP Services on Ports -- Automatically Fuzzing the SOAP Endpoint for SQL Injection Vulnerabilities -- Fuzzing Individual SOAP Services -- Fuzzing the HTTP POST SOAP Port -- Fuzzing the SOAP XML Port -- Running the Fuzzer -- Conclusion -- 4. Writing Connect-Back, Binding, And Metasploit Payloads -- Creating a Connect-Back Payload -- The Network Stream -- Running the Command -- Running the Payload -- Binding a Payload -- Accepting Data, Running Commands, and Returning Output -- Executing Commands from the Stream -- Using UDP to Attack a Network -- The Code for the Target's Machine -- The Attacker's Code -- Running x86 and x86-64 Metasploit Payloads from C# -- Setting Up Metasploit -- Generating Payloads -- Executing Native Windows Payloads as Unmanaged Code -- Executing Native Linux Payloads -- Conclusion -- 5. Automating Nessus -- REST and the Nessus API -- The NessusSession Class -- Making the HTTP Requests -- Logging Out and Cleaning Up.;Contents note continued: Fuzzing POST Requests -- Writing a POST Request Fuzzer -- The Fuzzing Begins -- Fuzzing Parameters -- Fuzzing JSON -- Setting Up the Vulnerable Appliance -- Capturing a Vulnerable JSON Request -- Creating the JSON Fuzzer -- Testing the JSON Fuzzer -- Exploiting SQL Injections -- Performing a UNION-Based Exploit by Hand -- Performing a UNION-Based Exploit Programmatically -- Exploiting Boolean-Blind SQL Vulnerabilities -- Conclusion -- 3. Fuzzing Soap Endpoints -- Setting Up the Vulnerable Endpoint -- Parsing the WSDL -- Creating a Class for the WSDL Document -- Writing the Initial Parsing Methods -- Writing a Class for the SOAP Type and Parameters -- Creating the SoapMessage Class to Define Sent Data -- Implementing a Class for Message Parts -- Defining Port Operations with the SoapPortType Class -- Implementing a Class for Port Operations -- Defining Protocols Used in SOAP Bindings -- Compiling a List of Operation Child Nodes.;"Teaches how to use C#'s set of core libraries to automate tasks like performing vulnerability scans, malware analysis, and incident response. Teaches how to write practical security tools that will run on Mac, Linux, and mobile devices"-
Download the book Gray Hat C#: A Hacker's Guide to Creating and Automating Security Tools for free or read online
Continue reading on any device:
Last viewed books
Related books
{related-news}
Comments (0)