Uncategorized – Cerbero Blog

Cerbero Journal Issue 6

The 6th issue of Cerbero Journal, our company e-zine, is out! Since we’re late in releasing this journal, we decided to skip the usual early access for customers and make it available to everyone right away.

In this issue, we present the new Memory Analysis package alongside significant improvements such as file system support, customizable panels, and enhanced table features. We also cover topics ranging from paging and prototypes to UEFI firmware analysis, and include a hands-on memory dump challenge. To round it off, we’ve added a summer crossword puzzle.

EXT File Systems

We’re excited to announce the release of the EXT Format package, which adds support for the EXT2, EXT3 and EXT4 file systems.

Once installed, you can explore EXT file systems directly in Cerbero Suite.

ISO Format 2.0 Package

Our ISO Format package, which supports the ISO9660 and UDF file systems, used to be slow when handling larger file systems. We’ve completely rewritten it, and now it performs effortlessly.

Cerbero Journal Issue 5

The 5th issue of Cerbero Journal, our company e-zine, is out!

In this issue, we explore the major new packages released in recent months, including an exclusive malware analysis and a reversing challenge. We’ve also included a crossword puzzle for the summer season.

Cerbero Journal Issue 4

The 4th issue of Cerbero Journal, our company e-zine, is out!

Since the last issue of our journal, there have been significant developments: the release of Cerbero Suite 7, accompanied by many new packages.

Continue reading “Cerbero Journal Issue 4”

Cerbero Journal Issue 3

The 3rd issue of Cerbero Journal, our company e-zine, is out!

In this issue we discuss the many packages we have released in the past 6 months for both commercial and personal licenses of Cerbero Suite: 26 pages of news, articles, tutorials, challenges and games. Moreover, to celebrate the summer season we have included an IT crossword puzzle!

Full-fledged Hex-Editor

The upcoming standard and advanced edition of Cerbero Suite 3.0 will feature a full-fledged hex-editor with undo functionality and all the other common goodies.

In the past it was quite cumbersome to edit a file with Cerbero Suite and undo wasn’t available. This is no longer the case as the hex-editor functionality comes now in its own workspace and can be accessed even from the shell context menu on Windows or by specifying the “-hex” argument.

The hex-editor shares much of the functionality also found in the analysis workspace, such as layouts and scripting.

Of course, filters are available as well.

And, as cherry on top, every hex-view in the analysis workspace will be editable, but without ever writing to the original file. To save the modified content access the “Copy” menu and click on “Copy into new file”.

Coming soon!

Profiler 2.8 – Windows Memory Forensics

Windows memory forensics on OSX.

Profiler 2.8 is out with the following news:

+ added support for Windows raw memory images
– added unhandled exception debug tools on Windows
– added unhandled exception notification for Python
– exposed tree control to the Python SDK
– improved CFBF support
– improved PDF parsing against new malware samples
– fixed PDB issue with zero-sized streams
– fixed issues in JBIG2 decoder
– fixed display of PE timestamps in UTC

The biggest news is undoubtedly the introduction of Windows memory forensics support in the Advanced version of Profiler.

And here’s the same screenshot as above taken on Linux.

Improved Exception Handling

We have also drastically improved exception handling for both Python and native code, especially on Windows.

Whenever Python raises an unhandled exception a message box pops up on Windows and on other systems the exception is printed out to the terminal if it happens outside of the UI thread.

When the issue is more serious and results in a crash the user will be presented with the following message box on Windows.

If the crash happened from Python code, the user is given the possibility to retrieve a backtrace of the last executed Python methods.

If the crash happened in the native code, it’s now possible to create a dump file.

Enjoy!

Profiler 2.7

Profiler 2.7 is out with the following news:

+ added experimental support for Windows raw memory images
+ added support for EML files
+ added TOR-based URL download action
– added JBIG2 decoder for PDFs
– improved PDF parsing against new malware samples
– improved search in hex view
– updated OpenSSL to 1.0.2
– updated Python to 3.6
– reduced dependencies on Linux
– fixed possible division by zero in PEObject::RvaToOffset
– fixed filter preview crash
– fixed Python multi-threading issue
– fixed PasteBin plugin
– fixed recognition of newer DEX files
– default to SHA-2/256 instead of SHA-1
– various bug fixes and improvements

With this version we also start to release the Advanced edition of Profiler. News entries marked by the ‘+’ sign are exclusive to the Advanced edition.

Experimental support for Windows raw memory images

Quite some time has passed since we published a post demonstrating some basic memory forensics capabilities in Profiler.

In this release of the Advanced edition we decided to publish that code, although barely functional. We didn’t want to additionally delay this long due release by working more on the memory forensic part. We will try to clean it up and make it more useful for the next release. 🙂

Enjoy!

PE Insider

It is always nice to give something back to the community and although this is unfortunately not always possible, we’re happy to announce the release of PE Insider, a free PE viewer which shares the same codebase for inspection as Cerbero Profiler and hence supports the entire PE specification and is incredibly fast and stable. We’re always very busy, but I was finally convinced by Ange Albertini to create this utility. 😉

The utility clearly stands light-years away in terms of functionality compared to the Profiler, but it does have some things which go beyond the simple format inspection including MSIL disassembly, navigation, ranges and resource preview.

Of course there’s room for improvement, but in the meantime here’s a first version. Enjoy!

P.S. To keep up-to-date with news regarding this utility either subscribe to our twitter account or follow the blog.