Friday, December 21, 2007

HeX 1.0.2 - The Christmas Release

Ho ho ho, Christmas is around the corner .....

For the sake of it, the HeX development team would like to present you HeX 1.0.2 - The Christmas Release!!!!! Get it now!

Malaysia Main

liveCD
- HeX liveCD 1.0.2
- HeX liveCD 1.0.2 md5 checksum
- HeX liveCD 1.0.2 sha256 checksum

Mini liveUSB
- HeX Mini liveUSB 1.0.2
- HeX Mini liveUSB 1.0.2 md5 checksum
- HeX Mini liveUSB 1.0.2 sha256 checksum

US Mirror

liveCD
- HeX liveCD 1.0.2
- HeX liveCD 1.0.2 md5 checksum
- HeX liveCD 1.0.2 sha256 checksum

Official Annoucement

We are no longer calling this project HeX liveCD but now simply HeX, as it has expanded quickly and the liveCD is one of the project under HeX.

Two sub projects will be launched under this release as well -
- NSM Console
- liveUSB

NSM Console

Matthew(Dakrone) is the main developer of NSM Console, here's the short description about it -

NSM Console (Network Security Monitoring Console) is a framework for performing analysis on packet capture files. It implements a modular structure to allow for an analyst to quickly write modules of their own without any programming language experience which means you can quickly integrate all the other NSM based tools to it. Using these modules a large amount of pcap analysis can be performed quickly using a set of global (as well as per-module) options. NSM Console also aims to be simple to run and easy to understand without lots of learning time.

If you want more information about what it is (and what it does), check out this introductory post

http://thnetos.wordpress.com/2007/11/27/nsm-console-a-framework-for-running-things/


You can access NSM Console by clicking the menu -> NSM-Tools -> NSM Console

HeX liveUSB


JJC(enhanced) created the liveUSB initially so instead of using a read-only liveCD, you can use a read-write USB thumb drive. Here's the short description of it -

After receiving numerous requests to create a HeX liveUSB Key Image we decided to go ahead and build one. This image includes all of the standard tools that you will find on HeX and it is writable; so you can update things (signatures etc), make changes and so on.

To use HeX liveUSB, you simply download the image and dd it to your USB Key (Thumbdrive). The 1.0.2 liveUSB is released inline with liveCD. However JJC will create the liveUSB with more spaces in case you want to store stuffs inside it soon.

Other Addition(Surprise)

Christmas Gifts for the Analyzt
1. HeXtra 1.0.2(Very soon because it needs to be tested with HeX 1.0.2 before release)
2. aimsnarf - aim protocol analyzer script
3. argi-PASVFTP.sh - argus 3 passive ftp extraction script
4. 4 additional PADS signatures
5. dsniff and honeysnap(thanks dakrone for porting this)
6. Add rp-Reference under analyzt home directory, and there's script resources.sh which will download all the useful docs, papers or articles which may assist analyzt wannabe.

Christmas Gifts for Everyone

Everyone loves eye candy, so do we! Since we call this as The Christmas Release, here's your Christmas gift(The Shiny & New HeX Christmas Wallpaper) -

1. HeX-WhiteChristmas.jpg
2. HeX-DarkChristmas.jpg

Thanks Vickson again for his artistic skillz!

Bug Fixes
1. unicornscan run time error
2. svn run time error
3. lsof run time error
4. firefox startup issue
5. pidgin and liferea dbus issue
6. CDROM-Mount.sh syntax error
7. script command issue
8. ping setuid issue

Other known major or minor issues in the Base System are fixed, thanks chfl4gs_

For quick glance, check out HeX 1.0.2 liveCD screenshots below -

The White Christmas

The Dark Christmas

Note to Everyone(Mailing List, Trac, Backports and IRC Channel)

For anyone who wants to learn about the network security tools that are included in HeX, please feel free to ask in the mailing list, or if you have a specific idea for HeX, we welcome your input.

However, if you want to submit a bug report, please do use trac and create the ticket, all you need to do is register an account and you can create the bug report ticket quickly. Otherwise if you are reporting it to the mailing list, developers will have to create the ticket on behalf of you. By helping yourself, you are helping us. Trac is available at -

https://trac.security.org.my/hex/

On the other hand, you can also browse the tickets at -

https://trac.security.org.my/hex/report


Just in case the bug has been previously reported.

Feel free to join the IRC Freenode #rawpacket channel if you need "not so real time" support.

From now on, we will have the backport too. The backport is basically serving extra application packages that are not available in the HeX base system. In order to install them, just download them from -

http://www.rawpacket.org/hex/packages/

For example to install tftpgrab, just run -

shell>sudo pkg_add -v tftpgrab-0.2.tbz

Last but not least, we are always looking for new contributor or developer. If you are interested in joining us, feel free to email -

geek00l[at]gmail[dot]com

To know more about HeX Project, check it out at -

http://www.rawpacket.org/projects/hex

Merry Christmas and happy holidays from the entire HeX Team, see you all in 2008!

Enjoy (;])

4 comments:

dgsdfg said...

I'm willing to bet that this is going to be one of my best Christmas presents. Thanks and have a great Christmas! =)

C.S.Lee(geek00L) said...

Hi dgsdfg,

Have fun and merry christmas!

Anonymous said...

Hey Geek001!

NSM Console is pretty cool and has a lot of potential. I just used it to load a packet dump containing an attack, and ran it into Bro-IDS, but just got a bunch of session data that could of been obtained with tcpflow.

I tried editing the bro-ids file NSM Console uses to include the -s /path_to_signature_file but that didn't work. Do you know how I can get bro alerts? I'm not very familiar with bro-ids :o

SysAdmin said...

Congratulations + Happy Holidays to HeX team :)