|
|
|
|
|
|
 
» PAPERS

Please Select Category:

All Categories

FreeBSD

General Basics

LDAP

GNU / Linux

NetBSD

Network

OpenBSD

Postfix

qmail

Security

System Management

System Programming

Other

PostgreSQL

Solaris



EnderUnix Papers:

English:

IP SPOOFING with BSD RAW SOCKETS INTERFACE
"This article aims to give the readers a quick grasp of raw sockets idea, its design internals, and its successfull implemenatation BSD Raw Sockets API. IP Spoofing will be discussed in detail, with the help of three sample applications, spoofing ICMP, UDP and TCP packets respectively. After reading this article, the readers will be able to clearly understand why they cannot trust even the TCP protocol for the security of their communication, and why they must employ cryptographic protocols to make sure that their communication is seen only by the authorized parties (Cryptography), that their communication is not altered on the way (Integrity), and that communucation channels are always available (Availability)."

Buffer Overflows Demystified
"The most famous and widely abused vulnerability type is obviously Buffer Overflows. This paper discusses what Buffer Overflows are, how they work and how they are exploited in light of one example exploit (exploiting an old dip vulnerability). The "envp" method in exploiting local buffer overflows, which still remains undocumented is also explained here"

Designing Shellcode Demystified
"In our previous paper, Buffer Overflows Demystified, we told you that there will be more papers on these subjects. We kept our promise. Here is the second paper from the same series. The paper is about the fundamentals of shellcode design and totally Linux 2.2 on IA-32 specifig. The base principles apply to all architectures, whereas the details might obviously not"


Turkish:

Understanding Modsecurity logs
"Authored by Gökhan Alkan, article explains how to modsecurity works and what modsecurity is."

Endian Firewall
"Authored by Ozan Uçar explains what Endian Firewall is and how to install and configuration Endian firewall as detailed."

Some thoughts on security after ten years of qmail 1.0 (Turkish Translation)
"Authored by EnderUNIX team member, Metin Kaya , article Turkish translation of the D.J.B' s article "Some thoughts on security after ten years of qmail 1.0"

Integer Overflow
""Authored by EnderUNIX team member, Cihan Kömeçoğlu, article explains Integer Overflows .""

Installation and Configuration of Clamav
"Authored by Gökhan Alkan article discuss "How to install and configure Clamav which is opens source antivirus software."

Running Linux as a packet filtering bridge
"Authored by EnderUNIX core team member, Afşin Taşkıran, article explains how to set up a Linux bridge and several tips for configuring Linux bridge as a packet filtering device..."

FreeBSD and IPFW
"A document by ozkan KIRIK, explaining the commands and the usage of IPFW under FreeBSD systems."

open source firewall applications comparison table
"The first version of the document that includes the comparisons of the open source firewalls"

Cisco Network Routing
"Cisco Network Routing"

An article about installing and configuring squidGuard
"An article about installing and configuring squidGuard"

Wireless Networks and SEcurity
"Wireless Networks and SEcurity"

Patch squid with X-Forwarded-For headers
"Patch squid with X-Forwarded-For headers"

VPN implementation using OpenVPN
"VPN implementation using OpenVPN"

What's SPF (Sender Policy Framework)?
"SPF (Sender Policy Framework) Nedir?"

Using Arpwatch
"Using Arpwatch"

Traffic shaping with PF and ALTQ on FreeBSD
"Traffic shaping with PF and ALTQ on FreeBSD"

an article about instalatiation and configuration of dansguardian
"an article about instalatiation and configuration of dansguardian"

Discussion Operating System Security
"Discussion Operating System Security"

Communication through Secure Channles -SSH
"Communication with Secure Channles -SSH"

Opensource security programs.
"Opensource security programs."

Deep packet inspection with UNIX Tools
"Deep packet inspection with UNIX Tools"

Buffer Overflows Demystified
"The most famous and widely abused vulnerability type is obviously Buffer Overflows. This paper discusses what Buffer Overflows are, how they work and how they are exploited in light of one example exploit (exploiting an old dip vulnerability). The "envp" method in exploiting local buffer overflows, which still remains undocumented is also explained here"

Designing Shellcode Demystified
"In our previous paper, Buffer Overflows Demystified, we told you that there will be more papers on these subjects. We kept our promise. Here is the second paper from the same series. The paper is about the fundamentals of shellcode design and totally Linux 2.2 on IA-32 specifig. The base principles apply to all architectures, whereas the details might obviously not"

Building Firewalls using Packet Filter (PF)
"A paper by Huzeyfe Onal discusses how to design, build and deploy firewalling implementations using Packet Filter (PF)"

DOS attacks and preventing methods
"DOS attacks and preventing methods written by Özgür ÖZDEMİRCİLİ"


Contributed Papers:

English:


Turkish:

Most evasive threats to databases: injected SQL statements
"Authored by Ömer Utku Erzengin (PhD), and Gürhan Özdemir, the article discusses SQL injection attacks and measures that can be taken against them."

WebScarab-Intercepting the Intercepted with BeanShell
"Written by Bedirhan Urgun, article explains how to intercept the intercepted with BeanShell using proxy for analysis of web based client-server application."

IPSEC - IKE Encryption Standarts
"IPSEC - IKE Encryption Standarts"

Apache Mod Security Howto
"Apache Mod Security Howto"

Explanation of Kerberos
"Explanation of KerberosIV written in Turkish"

GPG Primer
"This is a quick primer into using gpg from command line. Though Linux-specific, it can be applied to all gpg installed operating systems. Authors: Faruk Eskicioðlu (farukesk/~/comu.edu.tr) A. Murat Eren (meren/~/comu.edu.tr) "

PUBLIC KEY CRYPTOGRAPHY
"This is an extremely good tutorial about Public Key Cryptography. Paper is written by A. Murat EREN, Faruk ESKİCİOĞLU and S. Serdar YÜKSEL and it's in Turkish"

Format String Bugs and Exploits (in Turkish)
"Paper by Emra Kaya discusses format string bugs in C programs and details how to exploit those bugs to get arbitrary code execution privileges"

Using snort as an Intrusion Preventing System
"This document describes snort using with a snortsam plugin as an Intrusion Preventing System on OpenBSD and Fedora Linux"

:: Private Pages





:: Book



The translation of Network Security Hacks book by O'reilly.


Acik Akademi

:: EnderUNIX Tips
- Search for a string in files and then list the file names
- Could not load host key: /etc/ssh/ssh_host_ecdsa_key
- Get Important Update Notification on Linux Using Bash Script
- Another Sort by File Size
- Patching and installing packages to Solaris 11
- [VTK] GL/osmesa.h: no such file or directory
- Automatize/get Rid Of "RSA fingerprint" warning of ssh/scp
- Apache Mysql Php ModSecurity Chrooter
- Audit log monitoring service for Modsecurity v2
- Automatically freed memory

...more
:: EnderUNIX Sysctl
- Enable non-privileged users to mount filesystems
- net.inet.ip.ttl
- check your maximum filedescriptors
- net.ipv4.igmp_max_memberships
- kern.ipc.msgtql
- kern.ipc.msgmax
- kern.ipc.msgmni
- kern.ipc.msgmnb
- kern.ipc.msgseg
- net.bpf.maxbufsize

...more

EnderUNIX Open Source Software Development Team, 2000 - 2008 © / Istanbul, Turkey