Gray Hat C#. A Hacker’s Guide to Creating and Automating Security Tools. B. Perry

 As an attacker or defender developing software, one obviously needs to decide which language makes the most sense to use. Ideally, a language won’t be chosen simply because it is what the developer is most comfortable with. Rather, a language should be chosen based on answering a series of questions such as the following:

\t
•  What are my primary target execution environments?
\t
•  What is the state of detection and logging for payloads written in this language?
\t
•  To what level does my software need to maintain stealth (for example, memory residence)?
\t
•  How well is the language supported for both the client side and the server side?
\t
•  Is there a sizable community developing in this language?
\t
•  What is the learning curve and how maintainable is the language?

C# has some compelling answers to these questions. As to the question about the target execution environment, .NET should be an obvious candidate for consideration in a Microsoft-heavy environment because it has been packaged with Windows for years. However, with the open-sourcing of .NET, C# is now a language that can drive a mature runtime on every operating system. Naturally, it should be considered an extremely enticing language for true cross-platform support.