|Gray Hat C#|
Author: Brandon Perry
How can you find the security weaknesses in programming projects? This book takes you through a wide range of techniques and tools and shows how to automate their use.
The author of this book is Brandon Perry, well known for his book 'Wicked Cool Shell Scripts', and this book has the same balance of enthusiasm and knowledge. In most chapters, Perry shows how to use a particular type of attack on a site, user or machine, then shows how you can identify exactly where the weaknesses are, so you can defend against that attack type.
The book opens with a crash course in C# that illustrates most elements of the language, including advanced features such as anonymous methods and P/Invoke. If you know another programming language, this should be enough to let you use the rest of the book without problems.
Having introduced the language, Perry moves straight on to the heart of the book with a chapter on fuzzing and exploiting XSS and SQL injection, showing how to write HTTP request fuzzers that look for XSS and SQL injection in a number of data types by using the HTTP library to communicate with web servers. The idea, as with other chapters, is that you can use the fuzzers to test sites that you're working on or have responsibility for, and see whether there are any obvious security holes.
Chapter three is dedicated to fuzzing SOAP endpoints. Perry builds on the fuzzers of the previous chapter to create a fuzzer that retrieves and parses a SOAP WSDL to identify any SQL injections.
Perry then moves away from attacks based on HTTP to look at how payloads work and how you can test against them. As with other chapters, the explanation starts with how to create simple payloads over TCP and UDP, before moving on to see how to generate code in Metasploit to create cross-platform payloads.
Having shown you how to write software to expose exploits, the next few chapters look at how you can automate a variety of security scanners, starting with a chapter on automating Nessus to watch and report on scans of CIDR ranges. A chapter on automating Nexpose comes next, particularly useful as there's a free version of Nexpose. The third chapter in this set looks at automating OpenVAS, an open source scanner.
The next chapter of the book looks at using Cuckoo Sandbox, an open source sandbox lets you run samples of malware in virtual machines so you can see what it does without risking your real machines. Cuckoo Sandbox has a REST API that Perry shows how to use via C# libraries.
A chapter on automating sqlmap is next, looking at how to use it to find and then verify HTTP parameters that are vulnerable to SQL injection, and how that can be used with the SOAP fuzzer developed earlier to automatically verify potential places for SQL injection attacks.
ClamAV is the subject of the next chapter. This is an open source antivirus system that isn't written in a .NET language, and the chapter shows how you can still work with its core libraries, and how these techniques can be more widely applied.
While using Metasploit was introduced in an earlier chapter, the next chapter is a more detailed look at how to automate it to report on shelled hosts. This is followed by a chapter showing how to automate Arachni, a black-box web application scanner.
The final two chapters look at decompiling and reversing managed assemblies, and how to read offline registry hives.
Overall, I found this book very readable, and the explanations of what the code does are excellent. If you're trying to test projects to see where the vulnerabilities lie so you can close down the holes, this is a highly recommended title.
|Last Updated ( Tuesday, 06 March 2018 )|