What do you think?
Rate this book
Gray Hat C#: A Hacker's Guide to Creating and Automating Security Tools
Learn to use C#'s powerful set of core libraries to automate tedious yet important tasks like performing vulnerability scans, malware analysis, and incident response. With some help from Mono, you can write your own practical security tools that will run on Windows, Mac, Linux, and even mobile devices.
Following a crash course in C# and some of its advanced features, you'll learn how
Streamline and simplify your work day with Gray Hat C# and C#'s extensive repertoire of powerful tools and libraries.
Following a crash course in C# and some of its advanced features, you'll learn how
Streamline and simplify your work day with Gray Hat C# and C#'s extensive repertoire of powerful tools and libraries.
304 pages, Paperback
Published May 15, 2017
31 people are currently reading
124 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 6 of 6 reviews
March 17, 2019
Odd book. Not quite what I expected. If you're looking for a reference on how to tie one of the various mentioned tools into a C# project yourself, it will have a potentially useful starter at least. Other than that, the specific sections could use a bit more fleshing out to be useful alone and all together, it's an odd combination.
Structurewise, the first section of the book was odd. Basically a tutorial of C#, but only a limited subset of functionality, chosen oddly. Then a number of web related things. Sure. Weird, but fair enough. Then we have SQL injections and XSS, which are discussed in more depth other places. Yes, this book ties them to C#, but it's string processing. Nothing super specific to any particular language there.
After that, we have about half the book dedicated to several specific tools. They either had C# APIs or one would have to either call to a REST API or make native calls. All of these are interesting, but they don't actually get into details on how to use a specific tool, rather setting up using it with C# / .NET. But this all feels like it should have just been wrapped in a library, so that the user doesn't necessarily need the details. So it goes.
One we get to Chapter 13 though, that's a bit more interesting (and more relevant to C#) since it talks about decompiling. It's really only a tool reference though, although a pure code disassembler when you aren't on Windows is handy.
Then we're back to a weird feeling chapter on registry keys. Interesting, but not too deep.
I think (unfortunately), the most memorable thing about this book was the ❶ ❷ ❸ ❹ ❺ numbered circles. I guess so far as ways to refer to the code in a book (rather than a website with on hover text), it works. It's just very distracting.
Perhaps not the best book for a someone interested in security, but it did serve to remind me how much I liked .NET and C# when I last used them. I should dust off those projects at some point. So yay for that!
Structurewise, the first section of the book was odd. Basically a tutorial of C#, but only a limited subset of functionality, chosen oddly. Then a number of web related things. Sure. Weird, but fair enough. Then we have SQL injections and XSS, which are discussed in more depth other places. Yes, this book ties them to C#, but it's string processing. Nothing super specific to any particular language there.
After that, we have about half the book dedicated to several specific tools. They either had C# APIs or one would have to either call to a REST API or make native calls. All of these are interesting, but they don't actually get into details on how to use a specific tool, rather setting up using it with C# / .NET. But this all feels like it should have just been wrapped in a library, so that the user doesn't necessarily need the details. So it goes.
One we get to Chapter 13 though, that's a bit more interesting (and more relevant to C#) since it talks about decompiling. It's really only a tool reference though, although a pure code disassembler when you aren't on Windows is handy.
Then we're back to a weird feeling chapter on registry keys. Interesting, but not too deep.
I think (unfortunately), the most memorable thing about this book was the ❶ ❷ ❸ ❹ ❺ numbered circles. I guess so far as ways to refer to the code in a book (rather than a website with on hover text), it works. It's just very distracting.
Perhaps not the best book for a someone interested in security, but it did serve to remind me how much I liked .NET and C# when I last used them. I should dust off those projects at some point. So yay for that!
December 27, 2020
Being a software developer that has used C# and .NET since it's release and taking more of an interest in the security and vulnerability side of software, I was intrigued when I saw the title of this book mainly because the .NET framework isn't usually associated with being used with security and hacking tools.
One thing to point out is the author has decided to use the Mono framework for cross platform reasons in this book. The book was written in 2017 but in 2020 pretty much all the samples can be used with .NET Core instead of having to use Mono.
I enjoyed going through the sample code and following through the implementation, I would say one thing however: this book won't teach you C#, even though it goes to some lengths to explain the .NET framework and C#. I also found the code a bit outdated and not very well written from a C# perspective.
Alot of the code in the example are using the web request libraries to interact with APIs of common tools and I felt there was a lack of explanation of the actual tools themselves which to me would have been more useful.
I gained some good ideas from the book but I think it the samples were little more than contrived examples of using C# to interact with some tools than any actually "hacking" with C#.
I felt the book fell down a bit in not quite being a book about "hacking" using the tool and not quite being a book about using C# to "hack".
One thing to point out is the author has decided to use the Mono framework for cross platform reasons in this book. The book was written in 2017 but in 2020 pretty much all the samples can be used with .NET Core instead of having to use Mono.
I enjoyed going through the sample code and following through the implementation, I would say one thing however: this book won't teach you C#, even though it goes to some lengths to explain the .NET framework and C#. I also found the code a bit outdated and not very well written from a C# perspective.
Alot of the code in the example are using the web request libraries to interact with APIs of common tools and I felt there was a lack of explanation of the actual tools themselves which to me would have been more useful.
I gained some good ideas from the book but I think it the samples were little more than contrived examples of using C# to interact with some tools than any actually "hacking" with C#.
I felt the book fell down a bit in not quite being a book about "hacking" using the tool and not quite being a book about using C# to "hack".
May 3, 2020
In my opinion, this book has an important place for students. Because one of the best ways to have knowledge and experience about a concept is to design and code examples that work on that concept and produce real results. This book gives the impression of “Proof Of Concept” in this respect.
The book provides the reader with technical information related to the C # language that was based on first. Then, based on this technical information, it automates the concepts of popular security tools such as Nessus, Sqlmap, Cuckoo, Sandbox, Metasploit with examples and creates a general conceptual map on the subject.
The book provides the reader with technical information related to the C # language that was based on first. Then, based on this technical information, it automates the concepts of popular security tools such as Nessus, Sqlmap, Cuckoo, Sandbox, Metasploit with examples and creates a general conceptual map on the subject.
September 4, 2017
Really helpful book if you are into security testing automation. Assumes quite a bit of knowledge of the security tools you will be automating. Some i've used, others I haven't, so there is a lot of extra reading on the side. I mostly bought this book for the chapter on automating Metasploit as I'm planning on configuring automated tests against our code base at work. I did learn about a bunch of security tools that I had never heard about, which I'm sure some of you might find helpful as well.
November 4, 2019
Excellent book, and an a great way to learn Mono.
December 21, 2021
Good book for reference and introduction on C#, the basic ofoffensive C# for a newcomer pentester, worth the time.
Displaying 1 - 6 of 6 reviews