With the upcoming 5.6 version of Cerbero Suite Advanced we’ll release our MalwareBazaar Intelligence package. This package lets you access intelligence from MalwareBazaar directly from the file report.
The package can be downloaded from Cerbero Store and will initially be available only to commercial licenses.
We have just released our String Decrypter package on Cerbero Store for all licenses of Cerbero Suite. The String Decrypter package is very useful for reversing malware and during CTFs.
This utility can be invoked as an action from a hex view or a Carbon disassembly. It can be used to brute-force the decryption of strings and byte-arrays.
String Decrypter supports various types of string encodings combined with endianness and it can filter decoded strings with the following options:
– Don’t filter (include raw byte-arrays)
– Include only decoded strings
– Include only strings with ASCII characters
– Include only string matching a regular expression provided by the user
The plugin supports parallel execution, which will make the difference if more algorithms are added to the list. Also, for every decryption method the number of combinations is displayed.
For every decrypted entry, String Decrypter shows the performed operation along with the string encoding (if available).
We have just released our API Solver package on Cerbero Store for all commercial licenses of Cerbero Suite Advanced.
You can click on the image for a video introduction.
API Solver comes very handy to analyze shellcode and it can also be used programmatically:
from Pkg.APISolver import APISolver
solver = APISolver("win32", ("kernel32", "urlmon"))
for hash in (0xEC0E4E8E, 0x702F1A36, 0xE8AFE98, 0x73E2D87E):
Stay tuned as we’ll soon be releasing more packages for all types of licenses on Cerbero Store!