Erik Pistelli – Cerbero Blog

Memory Analysis Package 0.7.6

We are excited to announce the release of the Memory Analysis 0.7.6 package. This version introduces several improvements, some of which stem from testing our solution against various CTF challenges and didn’t make it into version 0.7.

Code Injection
Unlinked Modules
Process Pool Scan
File Object Data Extraction
Mapped Executable Analysis

Continue reading “Memory Analysis Package 0.7.6”

Memory Challenge 10: Mellitus

We’re testing our Memory Analysis package (currently in beta) against various challenges available online.

We found this challenge on the Memory Forensic site, so credit goes to them for highlighting it and to Hack The Box for creating it in the first place.

Continue reading “Memory Challenge 10: Mellitus”

XST Format Package

We released the XST Format package, which adds support for Microsoft Outlook PST and OST email data formats.

The package makes it possible to explore every part of an email container, including messages, folder structures, metadata and attachments.

Memory Challenge 9: BankingTroubles

We’re testing our Memory Analysis package (currently in beta) against various challenges available online.

We found this challenge on the Memory Forensic site, so credit goes to them for highlighting it and to CyberDefenders for creating it in the first place.

Continue reading “Memory Challenge 9: BankingTroubles”

InnoSetup Format Package 3.0

Version 3 of our state-of-the-art InnoSetup Format package is now available and includes support for the latest releases of InnoSetup and the recently introduced full encryption mode.

In addition to the format itself and file extraction, make sure to install the IFPS Format package to inspect the code of setup scripts.

Memory Challenge 8: MemLabs Lab 4 – Obsession

We’re testing our Memory Analysis package (currently in beta) against various challenges available online.

We found this challenge on the Memory Forensic site, so credit goes to them for highlighting it and to MemLabs for creating it in the first place.

Continue reading “Memory Challenge 8: MemLabs Lab 4 – Obsession”

AD1 Format Package

We released the AD1 Format package, which adds basic support for AccessData Custom Content Image files. AD1 images are logical evidence containers created by FTK Imager and other AccessData tools, used to store selected files or folders from a system rather than a full physical disk image.

Memory Challenge 7: DeepDive

We’re testing our Memory Analysis package (currently in beta) against various challenges available online.

We found this challenge on the Memory Forensic site, so credit goes to them for highlighting it and to CyberDefenders for creating it in the first place.

Continue reading “Memory Challenge 7: DeepDive”

Memory Analysis Package 0.7

We are excited to announce the release of the Memory Analysis 0.7 package, which is currently in beta. This version introduces significant improvements that partly stem from testing our solution against various CTF challenges.

These new features, together with the recent release of Cerbero Suite 8.6, make this update particularly noteworthy. Thanks to the sophisticated caching mechanism implemented in the latest release of Cerbero Suite, memory analysis is now faster than ever. If you thought it was already fast, you are in for a surprise!

File Scan
Pool Scan
Multi-Format Input
VMEM and VMSS Format Support
NT/LM Password Hash Decryption
User-Mode Memory Region Exclusion
Unlinked Processes Detection

Continue reading “Memory Analysis Package 0.7”

Cerbero Suite 8.6

Cerbero Suite 8.6 and Cerbero Engine 5.6 are out with several improvements and fixes.

The highlight: a new caching system that makes memory analysis even faster than it was before!