Security Professional Seeking C# Project Ideas

Question

Hello all,

I am an IT security professional seeking advice on some project ideas to continue my self-taught journey into C#. I'm having a hard time deciding exactly what I want to write. Obviously I have a few ideas but there are already very good tools/applications out there, that are way beyond anything I have the capacity to write right now, so I sort of feel writing a less effective version of something that already exists would be a waste of time. Essentially what sort of libraries/classes come built into .Net/C# that are interesting/useful from a security stand point, aside from System.Cryptography? Are there some libraries that are readily available for download that would me useful to me? I've got ahold of SharpPCap...but again, WireShark is way better than anything I could write.

If you were in my position, IE terrible C# programmer, and wanted to write some sort of IT security tool, what would you write? I'm not looking to write 'hacking tools', but perhaps something from a digital forensics stand point? Maybe obtain dumps of volatile memory, ect? Parse .evt files for specific signatures? Does .Net has things like that built into it?

Answer 1

The way I really started learning C# was by writing small, highly customized tools for my personal use. For example, I was in QA at the time and had to do a lot of work with creating and validating accounts, so I wrote a tool that would take a few parameters and create or retrieve account info for me. This was a lot easier than using our front end UI and saved me a lot of time over the few months that I used it.

Each of the apps that I wrote solved a very specific problem and only used a couple hundred lines of code, but this gave me a great start for writing applications. If I were you I would look through your daily work and try to identify something repetitive that you think you can automate, then automate it. While it's definitely important to know when and where you can use a library over your own code, I've always found it helpful to try to implement some libraries on my own.

So, basically, here are the steps I would propose:

1. Figure out a problem you want to solve.
2. Solve it yourself.
3. Review what you've written, refactor, and see how much code you can delete, either by writing cleaner, more generalized functions, or by including libraries for the more common functionality.
4. Repeat.

Once you feel comfortable and begin working on larger projects, or once you start doing this professionally rather than for your personal growth, is when you should use good planning, intuition and experience to avoid writing the code that you deleted in step 3.