Chapter 1: C# Crash Course In this chapter, you learn the basics of C# object-oriented programming
with simple examples, but we cover a wide variety of C# features. We start with a Hello World
program and then build small classes to better understand what object-oriented programming is. We
then move on to more advanced C# features, such as anonymous methods and P/Invoke.
Chapter 2: Fuzzing and Exploiting XSS and SQL Injection In this chapter, we write small HTTP
request fuzzers that look for XSS and SQL injection in a variety of data types by using the HTTP
library to communicate with web servers.
Chapter 3: Fuzzing SOAP Endpoints In this chapter, we take the concept of the fuzzers in the
previous chapter to the next level by writing another small fuzzer that retrieves and parses a SOAP
WSDL to find potential SQL injections by automatically generating HTTP requests. We do this while
also looking at the excellent XMLlibraries available in the standard library.
Chapter 4: Writing Connect-Back, Binding, and Metasploit Payloads In this chapter, we break
from the focus on HTTP and move on to creating payloads. We first create a couple of simple
payloads—one over TCP and one over UDP. Then you learn how to generate x86/x86_64 shellcode in
Metasploit to create cross-platform and cross-architecture payloads.
Chapter 5: Automating Nessus In this chapter, we return to HTTP in order to automate the first of
several vulnerability scanners, Nessus. We go over how to create, watch, and report on scans of
CIDR ranges programmatically.
Chapter 6: Automating Nexpose In this chapter, we maintain the focus on tool automation by moving
on to the Nexpose vulnerability scanner. Nexpose, whose API is also HTTP based, can be automated
to scan for vulnerabilities and create reports. Rapid7, Nexpose’s creator, offers a free yearlong
license for its community product, which is very useful for home enthusiasts.
Chapter 7: Automating OpenVAS In this chapter, we conclude the focus on vulnerability scanner
automation with OpenVAS, which is open source. OpenVAS has a fundamentally different kind of API
than both Nessus and Nexpose, using only TCP sockets and XML for its communication protocol.
Because it’s also free, it is useful for hobbyists looking to gain more experience in vulnerability
scanning on a budget.
Chapter 8: Automating Cuckoo Sandbox In this chapter, we move on to digital forensics with the

Cuckoo Sandbox. Working with an easy-to-use REST JSON API, we automate submitting potential
malware samples and then reporting on the results.
Chapter 9: Automating sqlmap In this chapter, we begin exploiting SQL injections to their fullest
extent by automating sqlmap. We first create small tools to submit single URLs with the easy-to-use
JSON API that is shipped with sqlmap. Once you are familiar with sqlmap, we integrate it into the
SOAP WSDL fuzzer from Chapter 3, so any potential SQL injection vulnerabilities can automatically
be exploited and validated.
Chapter 10: Automating ClamAV In this chapter, we begin to focus on interacting with native,
unmanaged libraries. ClamAV, a popular and open source antivirus project, isn’t written in a .NET
language, but we can still interface with its core libraries as well as with its TCP daemon, which
allows for remote use. We cover how to automate ClamAV in both scenarios.
Chapter 11: Automating Metasploit In this chapter, we put the focus back on Metasploit so that you
can learn how to programmatically drive it to exploit and report on shelled hosts via the MSGPACK
RPC that ships with the core framework.
Chapter 12: Automating Arachni In this chapter, we focus on automating the black-box web
application scanner Arachni, a free and open source project, though dual licensed. Using both the
simpler REST HTTP API and the more powerful MSGPACK RPC that ships with the project, we
create small tools to automatically report findings as we scan a URL.
Chapter 13: Decompiling and Reversing Managed Assemblies In this chapter, we move on to
reverse engineering. There are easy-to-use .NET decompilers for Windows, but not for Mac or Linux,
so we write a small one ourselves.
Chapter 14: Reading Offline Registry Hives In this chapter, we move on to incident response and
focus on registry hives by going over the binary structure of the Windows registry. You learn how to
parse and read offline registry hives, so you can retrieve the boot key of the system, used to encrypt
password hashes stored in the registry.