Haka

Haka meets Kibana - Hakabana

We are pleased to announce the release of new haka packages:

• Haka 0.2.1: Haka in an open source security oriented language which allows to describe network protocols and apply security policies on (live) captured traffic. This new version features new modules allowing to export network events such as protocol details and haka alerts to an elasticsearch server.

• Hakabana 0.2.1: Hakabana is a monitoring tool that leverages on the newly added modules to extract various information on the network: bandwidth, geoip data, http and dns details and made them available through a kibana dashboard. Hakabana provides easy customization enabling to export your own data (e.g. write a new dissector and expose some of its fields).

Second Release - Protocol dissection

We are pleased to announce the second release of Haka - an open source security oriented language - which introduces a lot of new features and cool stuff:

Detecting malicious payloads across multiple packets v0.2

As you can expect, we are currently working hard for the next release which will introduce new interesting features: protocol dissection, pattern matching, API improvements, etc.

State machine outlook v0.2

Haka can analyze states of a network protocol with its state machine. A state machine is defined as a set of states and a set of transition functions between these states. This post will present a part of the SSL state machine we used in the previous blog post to detect heartbleed.

Detecting Heartbleed with Haka v0.2

As most of you must have heard, a very nasty bug was discovered few weeks ago in the OpenSSL project, a widely used open source implementation of the SSL/TLS protocol. This bug which is better known as the heartbleed bug, relies on a wrongly implemented SSL extension called "heartbeat".

As you know, the initial version of Haka doesn't ship with a SSL dissector. However, the 0.2 version — which will be released soon — features a new grammar allowing to specify network protocols and their underlying state machine. Thanks to that grammar, we were able to write, with a little effort, a dissector covering almost the full specification of SSLv3 protocol. This specification will be covered in upcoming post.

Initial Release

We are proud to announce the first release of Haka: an open source security language.

Haka simplifies the way to express security controls on collected traffic and makes it a suitable framework to build quickly an efficient intrusion detection system or a networking forensics tool.

Haka is intended to be used by all security communities: developpers, researchers, etc. So we hope you will enjoy using it and start contributing to it.

We are currently working on the next release which will introduce a grammar to specify protocols and hence avoid fastidious and error-prone coding of protocol dissectors. Stay tuned!!!