We’re happy to announce the release of Cerbero Suite 6 and Cerbero Engine 3!
All of our customers can upgrade at a 50% discount their licenses for the next 3 months. We value our customers and everyone who has bought a license in August should have received a free upgrade for Cerbero Suite 6. Everyone who has purchased a license before August, but in the last 3 months, should have received an additional discount. Commercial customers with an active subscription plan should have already received a license for Cerbero Suite 6.
If you’re a customer of Cerbero Suite 5 and didn’t get an email from us, please contact us at sales@cerbero.io.
So what’s new?
Sample Downloader Package
While we published this package on Cerbero Store in August, it was actually planned for the 6.0 release: one of the main reasons for the introduction of Cerbero Store was the ability to offer certain types of updates as soon as they were ready.
Check out the video presentation for a quick introduction to the Sample Downloader package.
Installing the package from Cerbero Store takes only a few clicks. Once installed, you can go to the settings and enter your API keys for the supported intelligence services.
To download one or multiple malware samples, just enter their hash.
Sample Downloader will try to download the malware samples from all supported intelligence services.
Once the samples have been downloaded, you can directly inspect them in Cerbero Suite.
You can download additional samples using one of the actions added by the package. Additionally, Sample Downloader can also be invoked from the command line.
Improved Search Dialogs
We improved all the search dialogs in Cerbero Suite and we made sure that all of them support regular expressions.
However, the main improvement is that we introduced wrap around search.
We also added text search to our Carbon disassembler and native Ghidra UI.
Java Class & DEX Modules Documentation
We have documented the API for parsing Java Class files and Android DEX files.
Writable Remote Containers
With our multi-processing technology we introduced remote containers. One of the limitations of remote containers was that they were read-only. Now we also support writable remote containers.
Updated Sleigh Decompiler & AppleSilicon Support
We updated the Sleigh decompiler to the one in Ghidra 10.1.15.
While support for AppleSilicon was provided through the generic support for ARM64, we now have added specific support for AppleSilicon in the decompiler.
Improved Office Documents Scan
Following a tweet on Twitter, we made sure that external references in Microsoft Office documents are correctly detected also in .rels files.
We have also improved string support in older XLS documents.
Text Browser View
We have graphically improved our text browser view, the UI control used by our Carbon disassembler, and we have exposed it to Python.
Here’s a code example from the SDK documentation showing how to display custom lines provided from UI notifications and how to handle textual hyper-links:
from Pro.Core import *
from Pro.UI import *
class CustomView:
@staticmethod
def callback(cv, self, code, view, data):
if code == pvnInit:
t = cv.getView(1)
t.showCustomLines()
return 1
elif code == pvnTextBrowserLineCount:
vid = view.id()
if vid == 1:
data.setCount(100)
elif code == pvnTextBrowserGetLine:
vid = view.id()
if vid == 1:
b = ProTextBrowserStringBuilder()
b.setTextColor(0, 0, 180)
b.append("This is line number ")
b.setTextColor(180, 0, 0)
b.append(str(data.id + 1) + " ")
b.setTextColor(0, 180, 0)
b.beginHyperLink(1, 0)
b.append("This is a hyper-link.")
b.endHyperLink()
data.setLine(b.buffer)
elif code == pvnTextBrowserHyperLinkActivated:
vid = view.id()
if vid == 1:
proContext().msgBox(MBIconInfo, "Hyper-link activated!")
return 0
def show(self):
ctx = proContext()
v = ctx.createView(ProView.Type_Custom, "Text Browser Demo")
v.setup("<ui><vl margin='0'><textbr id='1'/></vl></ui>", self.callback, self)
ctx.addView(v)
cv = CustomView()
cv.show()
Exposed ProTheme
We have exposed UI themes to Python, which is going to be useful to plugins which need to query colors for a specific theme.
Introduced ProWebRequest
Our API for web requests was somewhat limited. We have therefore introduced ProWebRequest.
Fixed Bugs
We have fixed a few major bugs and regressions. Specifically we fixed:
- a wrong Windows Memory Analysis package dependency for Windows crash dump files
- a regression causing a crash when changing a function prototype in the decompiler
- a regression resulting in a missing refresh when loading embedded files
We have also made other various improvements and fixed a few minor issues.
What’s Next?
These are some of the things we introduced over the course of the 5.x series:
- Speed optimizations
- Documented most of our Python SDK
- Created installable packages
- Introduced Cerbero Store
- Introduced multi-processing
- Introduced parallel decompiling
- Linux hex editing of processes
- Microsoft Authenticode on Linux and macOS
- Support for certificate formats
- Core improvements (internal project files, after-scanning actions, scan data hooks)
- AbuseCH Intelligence package
- DotNET BinaryFormatter Decoder package
- API Solver package
- String Decrypter package
- UPX Unpacker package
- Introduced Cerbero Journal, our company e-zine
During the 6.x series we expect to finish the SDK documentation and, even more importantly, introduce many exciting new features.
We expect this series to be more feature-focused, since a considerable amount of the development time of the previous series has been devoted to laying the groundwork for Cerbero Store.
As during the previous series, we’ll release some of the packages on Cerbero Store exclusively to commercial licenses. The current ratio of commercial packages on Cerbero Store is 50%.
We try to limit the amount of commercial packages to those which fulfill a strictly commercial purpose and release more generic packages for all licenses. That having been said, we are planning some extremely useful commercial packages for this series which you don’t want to miss!