Category: Package

YARA Rules Package

We are proud to announce the release of the YARA Rules package for all licenses of Cerbero Suite!

This package is designed to be the ultimate toolkit for downloading, scanning with, creating, editing, and testing YARA rules.

YARA, an essential tool in the fight against malware, allows for the creation of descriptions to match patterns across various file types. Recognizing the importance of YARA in digital forensics and malware analysis, we have developed a comprehensive suite of tools designed to enhance the YARA rule management process.

The YARA Rules package for Cerbero Suite includes an array of features aimed at streamlining the workflow associated with YARA rules. Whether you’re downloading rules from public repositories, scanning files for matches, creating rules tailored to the latest malware threats, editing existing rules to improve accuracy, or rigorously testing rules to ensure effectiveness, this package has everything you need.

Our goal is to provide Cerbero Suite users with a powerful, efficient, and user-friendly set of tools that empowers them to use YARA rules more effectively than ever before. Whether you are a seasoned malware analyst or just starting out in the field of cybersecurity, the YARA Rules package is designed to enhance your analysis capabilities and streamline your workflows.

We invite you in this blog post to explore the full potential of the YARA Rules package and discover how it can enhance your malware analysis and forensic investigations.

Continue reading “YARA Rules Package”

DotNET ManifestResources Format Package

We have released the DotNET ManifestResources Format package for all licenses of Cerbero Suite.

.NET manifest resources are embedded elements within .NET assemblies, used to store additional data such as files, icons, and strings that an application requires for execution. These resources are directly compiled into the executable, becoming a part of the application’s core assets. In the realm of malware, attackers frequently exploit .NET manifest resources to hide malicious payloads. Cerbero Suite lets you inspect the format of .NET manifest resources and automatically detects embedded files.

FLIR Format Package

We released the FLIR Format package for all licenses of Cerbero Suite.

FLIR (Forward-Looking InfraRed) refers to thermal imaging data that is embedded within the JPEG file format. Unlike standard visual imagery, FLIR data represents heat emissions from objects, providing a thermal spectrum view that is invaluable for various applications, from surveillance and security to energy audits and search and rescue operations. When FLIR data is embedded in JPEG images, it allows the combination of visible light information with thermal imaging in a single file.

Continue reading “FLIR Format Package”

OneNote Format 2.0 Package

We have released version 2 of the OneNote Format package. This latest version introduces numerous enhancements and expands the scope of information extraction capabilities.

In this update, we’ve focused particularly on improving the utility for forensic analysis, ensuring that you can extract more detailed information from OneNote documents.

Py2Exe Extractor Package

We have released the Py2Exe Extractor package for all licenses of Cerbero Suite.

py2exe is a Python package that converts Python scripts into executable Windows programs. The tool packages Python bytecode and the necessary libraries into a single executable file, eliminating the need for a Python interpreter to be installed on the client machine. py2exe works by analyzing the imported modules in the Python script and includes them along with a Python interpreter as a part of the generated executable.

The extractor supports all versions of py2exe and automatically identifies py2exe generated executables.

PyInstaller Extractor Package

We have released the PyInstaller Extractor package for all licenses of Cerbero Suite.

PyInstaller is a tool that packages Python applications into standalone executables, compatible with Windows, Linux, and macOS. It works by analyzing Python scripts to discover every import statement and include the appropriate Python files, binaries, and libraries in the executable. Additionally, PyInstaller converts all Python code into bytecode before packaging, enhancing performance and security.

The extractor supports all versions of PyInstaller, all supported file types and automatically identifies PyInstaller generated binaries. It also supports PyInstaller bytecode decryption.

Continue reading “PyInstaller Extractor Package”

PYC Format Package

We have released the PYC Format package for all licenses of Cerbero Suite.

PYC files are compiled bytecode versions of Python source code. These compiled files can be deployed in place of the original source code, serving as a bytecode format for execution by the Python interpreter. PYC files are tied to the specific version of Python they were compiled with, necessitating recompilation when different Python versions are used.

Continue reading “PYC Format Package”

RPM Format Package

We have released the RPM Format package for all licenses of Cerbero Suite.

The RPM Package Manager (RPM) format is a package management system used primarily in Red Hat-based Linux distributions, including Fedora and CentOS. It is utilized for managing the installation, update, and removal of software on Linux systems. An RPM file contains the software itself, along with metadata about the software such as its version, dependencies, and instructions for installation. This format streamlines the process of software management, providing a standardized approach to handling packages on Linux platforms.

Continue reading “RPM Format Package”

PCAP Format Package

We have released the PCAP Format package for all licenses of Cerbero Suite.

The PCAP format is the main capture file format used in TcpDump/WinDump, snort, and many other networking tools and is fully supported by Wireshark/TShark. Our support does not aim to compete against a specialized tool like WireShark, but it gives the capability to inspect PCAP files without leaving the Cerbero Suite interface. This is especially useful when analyzing malware reports.

Continue reading “PCAP Format Package”