Gray hat C# : a hacker's guide to creating and automating security tools /
"Teaches how to use C#'s set of core libraries to automate tasks like performing vulnerability scans, malware analysis, and incident response. Teaches how to write practical security tools that will run on Mac, Linux, and mobile devices"--
Clasificación: | Libro Electrónico |
---|---|
Autor principal: | |
Formato: | Electrónico eBook |
Idioma: | Inglés |
Publicado: |
San Francisco :
No Starch Press, Inc.,
[2017]
|
Temas: | |
Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
Tabla de Contenidos:
- Intro; Brief Contents; Contents in Detail; Foreword; Preface; Why Should I Trust Mono?; Who Is This Book For?; Organization of This Book; Acknowledgements; A Final Note; Chapter 1: C# Crash Course; Choosing an IDE; A Simple Example; Introducing Classes and Interfaces; Creating a Class; Creating an Interface; Subclassing from an Abstract Class and Implementing an Interface; Tying Everything Together with the Main() Method; Running the Main() Method; Anonymous Methods; Assigning a Delegate to a Method; Updating the Firefighter Class; Creating Optional Arguments; Updating the Main() Method.
- Running the Updated Main() MethodIntegrating with Native Libraries; Conclusion; Chapter 2: Fuzzing and Exploiting XSS and SQL Injection; Setting Up the Virtual Machine; Adding a Host-Only Virtual Network; Creating the Virtual Machine; Booting the Virtual Machine from the BadStore ISO; SQL Injections; Cross-Site Scripting; Fuzzing GET Requests with a Mutational Fuzzer; Tainting the Parameters and Testing for Vulnerabilities; Building the HTTP Requests; Testing the Fuzzing Code; Fuzzing POST Requests; Writing a POST Request Fuzzer; The Fuzzing Begins; Fuzzing Parameters; Fuzzing JSON.
- Setting Up the Vulnerable ApplianceCapturing a Vulnerable JSON Request; Creating the JSON Fuzzer; Testing the JSON Fuzzer; Exploiting SQL Injections; Performing a UNION-Based Exploit by Hand; Performing a UNION-Based Exploit Programmatically; Exploiting Boolean-Blind SQL Vulnerabilities; Conclusion; Chapter 3: Fuzzing SOAP Endpoints; Setting Up the Vulnerable Endpoint; Parsing the WSDL; The WSDL Class Constructor; Writing the Initial Parsing Methods; Writing a Class for the SOAP Type and Parameters; Creating the SoapMessage Class to Define Sent Data; Implementing a Class for Message Parts.
- Defining Port Operations with the SoapPortType ClassImplementing a Class for Port Operations; Defining Protocols Used in SOAP Bindings; Compiling a List of Operation Child Nodes; Finding the SOAP Services on Ports; Automatically Fuzzing the SOAP Endpoint for SQL Injection Vulnerabilities; Fuzzing Individual SOAP Services; Fuzzing the HTTP POST SOAP Port; Fuzzing the SOAP XML Port; Running the Fuzzer; Conclusion; Chapter 4: Writing Connect-Back, Binding, and Metasploit Payloads; Creating a Connect-Back Payload; The Network Stream; Running the Command; Running the Payload; Binding a Payload.
- Accepting Data, Running Commands, and Returning OutputExecuting Commands from the Stream; Using UDP to Attack a Network; The Code for the Target's Machine; The Attacker's Code; Running x86 and x86-64 Metasploit Payloads from C#; Setting Up Metasploit; Generating Payloads; Executing Native Windows Payloads as Unmanaged Code; Executing Native Linux Payloads; Conclusion; Chapter 5: Automating Nessus; REST and the Nessus API; The NessusSession Class; Making the HTTP Requests; Logging Out and Cleaning Up; Testing the NessusSession Class; The NessusManager Class; Performing a Nessus Scan.