[ad]
HeX is a project aimed at the NSM (Network Security Monitoring) community for use by network security analysts. The developers believe that simplicity and analysis work flow logic must be enhanced and emphasized through-out the process of designing this liveCD. Not only have they carefully chosen all the necessary applications and tools to be included to the liveCD, they have also tested them to make sure everything running as smooth as possible. In order to summarize the objective of HeX, they are trying to develop the first and foremost Network Security Monitoring & Network Based Forensics liveCD!
HeX Main Features
HeX Main Menu – Cleaner look and more user interface oriented and maximum 4 levels depth HeX Main Menu allows quick access to all the installed applications in HeX.
Terminal – This is exactly what you need, the ultimate analyzt console!
Instant access to all the Network Security Monitoring(NSM) and Network Based Forensics(NBF) Toolkits via Fluxbox Menu. We have also categorized them nicely so that you know what to use conditionally or based on scenario.
Instant access to the Network Visualization Toolkit, you can watch the network traffics in graphical presentation and that assist you in identifying large scale network attacks easily.
Instant access to Pcap Editing Tools which you can use to modify or anonymize the pcap data, it’s great especially when you want to share your pcap data.
Network and Pentest Toolkits contain a lot of tools to perform network or application based attacks, you can generate malicious packets using them and study malicious packets using those analysis tools listed in NSM-Toolkit and NBF-Toolkit as well.
While we think HeliX liveCD is better choice in digital forensics arsenal, Forensics-Toolkit can be considered as the add-on for people who are interested in doing digital forensics.
Under Applications, there are Desktop, Sysutils and Misc, all of them are pretty self-explained and contain user based applications such as Firefox, Liferea, Xpdf and so forth. Additionally, Misc contains some useful scripts, for example you can just start ssh service by clicking on SSHD-Start.
You can download HeX 1.0.3 here:
Or read more here.
eM3rC says
Amazing find!
Thanks Darknet!
Morgan Storey says
is Network Visualization Toolkit an oss project, I can’t find much info on it. It sounds good, how does it work an NMAP scan or something else?
Brill says
For anyone interested in this topic I deeply recomend read anything that comes from Richard Bejtlich, he is one of the best experts on NSM with classes at Black Hat, etc. and one of the few books (if not the only one) focused on Network Security Monitoring (The Tao of Network Security Monitoring: Beyond Intrusion Detection).
It would be quite useful to know his opinion about this project. I might try to ask him through his blog ;-)…. wish me luck!! :)
lyz says
Lol. Goodluck on that Brill.
Speaking of hacking, our webservers became a victim of hacking again. All joomla and mambo based sites we’re hacked by a certain DNS-remoter. He/she exploited the com_sef module. Am at a total lost..
Brill says
Whoa!! I’ve just checked the Hex web page and the first think you can read is that this project was inspired by Richard’s book that I mentioned in my previous post…. I promise that it was not on purpose!!! :)
Pantagruel says
Indeed good luck.
To my humble opinion “the tao of network security monitoring” is a must read for computer/network security minded people.
Sorry to hear lyz, a ruined web presence and loads of work to do after an update to 1.5.6
zupakomputer says
What you don’t want, with any security monitoring equipment or set-up, is to have the monitoring equipment get hacked or in some way compromised – to be on the ultra-safe side from outside attacks then you’d need router traffic monitoring (and configured alerts) – as in addition to the router itself and its configuration. I think this more and more, as I leaf through catalogues and see expensive firewall readymades on sale, and IDS units and the like. Easy pickings for organised folks – just learn the standards in use, and – well let’s hope it doesn’t get worser in this direction – because some folks are only trained in the use of whatever package or equipment, and not the operation of the network holisitcly.
Anything with Tao in it must be holistic – I’ll need to look that book up. Sounds good.
Morgan Storey says
Well another one to add to my Security cd wallet.
@Brill and Pantagruel: I am subscribed to http://taosecurity.blogspot.com as well, damn good read sometimes.
@Zupakomputer: I agree too many companies just buy the product for security rather than doing the research or work to make them secure.
lyz says
“because some folks are only trained in the use of whatever package or equipment, and not the operation of the network holisitcly.”
Some people wanted to learn about this and that but just lack trainings etc. Possible reasons could be lack of resources too.
William says
If you are feeling a bit adventurous you could check out the 2.0RC1 and help out a great project.
http://geek00l.blogspot.com/2008/08/hex-20-rc1-is-now.html
Morgan Storey says
I know I am going off topic a little.
@lyz: sorry but I don’t buy that, you go out and do certification. You read blog posts, you read news articles, you play with stuff on your home lab and you become the holistic network/security/programming guru you should be.
I know network guys that have a couple racks of switches and routers at home. I know a web developer that has 4+ web servers at home and knocks up a website for fun. I myself spend most of my free time reading security articles, and listening to security podcasts. I play in my walled off lab at home hacking and pwning my own boxes and then locking them down and trying again, I find it fun, some may call it lame. Hex will get a try out this weekend.
lyz says
@Morgan Storey
Goodluck on Hex. Well its up to the guy. Old saying goes, “if there’s a will, there’s a way”
lyz says
zupakomputer
thanks pal for the insights and advice. I actually read your comment 5x and all I can say is thank you. I’ve been battling with this issue for months now because I really don’t know what would be the best approach to those kinds of things.
I got to do a lot more readings.
Navin says
@ Morgan…. on your second comment for this post…totally agree wid U mate…there’ve been so many times…..the fact is tht the term geek/nerd has looong been assoc with some scrawny looking guys with thick lens spectacles, a shirt with a neatly made bow pulled into his pants, playing dungeons and dragons 9the board game and who goes about muttering “sigma raised to the power of psi and then multiplied by omega times pi is the magic ratio tht we seek”!!
But the fact is tht such people don’t really exist….I myself am a proud Nerd( as I mentioned here http://lifeofnavin.blogspot.com/2008/06/how-nerdy-art-thou.html)…But tht doesnt mean I like to lock myself ina room with my PC all day loong..I do have social friends (or normies as some uber-geeks would call em)…and I do like to watch a good movie/read a good book now N then…the problem is tht we don’t encourage real talent into the right spots…Somputer experts work 9-5 jobs as bank managers while entrepreneurs are stuck in fields tht they don’t really know abt…..when someone pwns a site, its generally just for the satisfaction of knowing tht u still know the trade…but when Ure site gets pwned, u cant really trust the securtiy guy coz he’s just gotten a degree…who’se to decide if he really knows the practicals of hacking??
Morgan Storey says
@zupakomputer: I don’t listen to them, I like the fact that I am a bit of a geek.
@Navin: as above, I even play up to being a geek, geeky t-shirts, I get made fun of at work with my “there is no place like 127.0.0.1” and others. I don’t have glasses and I am not scrawny, or overweight… I do play board games and role playing though, as my site attests to.
I agree with everything else though, I am highly suspect of any “IT” person who doesn’t play with computers, or code at home. It is like a thin chef. How do they really know what they are talking about, how do they have the passion to go that extra mile.
Hex downloaded and burning as we speak to I’ll have to be off the thrill of the exploit is calling my name.
geek00l says
hi guys,
Have fun with HeX, anything you guys can just poke us at Freenode #rawpacket, we don’t mind for a “Hi”
Cheers ;]
lyz says
sure thing geekool!
a13x says
sure, geek00l
i will say HI to you everyday :P
Hrc says
I need something to put on small laptop with two LAN ports and that I can:
– put it between router and LAN
– check what websites and other network resources client’s employees are accessing (all together)
– check per IP or by other autentification method what is/was doing (network traffic)
* it should be able to check in few different periods, like today, this week, this month.
All with nice graphs, data, etc.
Look at http://www.kerio.eu/kwf_star.html
Something like that. Any ideas?
Darknet says
Try IPCop – http://www.ipcop.org/