header image
 

liveCD

Description:

While we know it is almost impossible to develop the industry standard as different entities have different approaches and requirements, we have put a lot of thoughts in making real good platform for network security analyst especially to the benefit of NSM community. We do believe that simplicity and analysis work flows logic must be enhanced and emphasized through out the process of designing this liveCD. Not only we have carefully chosen all the necessary applications and tools to be included to the liveCD, we have also tested them to make sure everything running as smooth as possible. In order to summarize the objective of HeX, we are trying to develop the first and foremost Network Security Monitoring & Network Based Forensics Centric liveCD!

Our call is - Welcome network security practitioners out there to have dirty hands on it!

HeX Highlight Features:

  • HeX Main Menu(Just right click or using key binding Alt + Space to launch it)
  • Cleaner look and more user interface oriented(Thanks to Tenner for his 5 different Fluxbox Styles that spefically designed for HeX).
  • Maximum 4 levels depth HeX Main Menu allows quick access to all the installed applications in HeX.
  • Terminal - this is exactly what you need, the ultimate analyzt console!
  • Instant access to all the Network Security Monitoring(NSM) and Network Based Forensics(NBF) Toolkits via Fluxbox Menu. We have also categorized them nicely so that you know what to use conditionally or based on scenario.
  • Instant access to the Network Visualization Toolkit, you can watch the network traffics in graphical presentation and that assist you in identifying large scale network attacks easily.
  • Instant access to Pcap Editing Tools which you can use to modify or anonymize the pcap data, it’s great especially when you want to share your pcap data.
  • Network and Pentest Toolkits contain a lot of tools to perform network or application based attacks, you can generate malicious packets using them and study malicious packets using those analysis tools listed in NSM-Toolkit and NBF-Toolkit as well.
  • While we think HeliX liveCD is better choice in digital forensics arsenal, Forensics-Toolkit can be considered as the add-on for people who are interested in doing digital forensics.
  • Under Applications, there are Desktop, Sysutils and Misc, all of them are pretty self-explained and contain user based applications such as Firefox, Liferea, Xpdf and so forth. Additionally, Misc contains some useful scripts, for example you can just start ssh service by clicking on SSHD-Start.
  • The Fluxbox menu is just the menu for you to configure and change the setting for your Fluxbox window.
  • The System is self-explained, lets shut it down.

HeX Key Bindings:

  • As we are using Fluxbox to manage the Window, we also make use of its key bindings capability which is fairly easy to configure, check out the file ~/.fluxbox/keys and you will roughly have idea of how to change it to your favor. We also suggest you take a look here -

    http://fluxbox-wiki.org/index.php/Keyboard_shortcuts

HeX Wallpapers and CD labels:

  • Thanks to Vickson who has spent his free hours to design HeX Wallpapers, CD Labels and also resize all the tools icon set for the sake of HeX. Check out ~/rp-Wallpapers and ~/rp-Icons

HeX Application Ports:

  • Thanks to Paul Schmehl(Pauls) who has worked on application ports for HeX, in fact all the tools he has ported now in FreeBSD port base such as bro-ids, chaosreader, afterglow and so forth.

HeX Analysis Scripts, Additional Signatures & Configuration Files:

  • We have written some scripts that combining NSM Based tools to generate useful output to further analyzed by network security analyzt, this will be able to save the time for analyzt instead of cracking their head to figure out the command line. On the other hand, they can effectively learn what command line options to use or as it can be serve as reference. We have also included additional signatures for tcpxtract, pads and we are looking forward to add more signatures for other tools(fl0p maybe) as well when possible. Bro-ids configuration files that compatible with HeX environment are provided too so that you can run bro-ids flawlessly. Check out ~/rp-NSM

HeX Installer:

  • chfl4gs_ has ported BSD installer to HeX, if you want to have full blown HeX system(it is FreeBSD 6.2 Stable!). Launch the BSD installer and just follow the necessary steps to get it installed, then reboot with shiny HeX system. You can take full advantange of it if you are fluent with FreeBSD operating system.

HeX Reference Books:

I’m in the middle of no where to complete my Network Security Analyzt: The Handbook, therefore I suggest that you look at the books below which is compatible with HeX liveCD -

Or if you enjoy reading my blog -