We’re testing our Memory Analysis package (currently in beta) against various challenges available online.
We found this challenge on the Memory Forensic site, so credit goes to them for highlighting it and to Hack The Box for creating it in the first place.
We’ve released the NSIS Format package, which adds support for the Nullsoft Scriptable Install System format.
NSIS (Nullsoft Scriptable Install System) is an open-source tool used to create Windows installers. It allows developers to build lightweight, fast, and customizable installation packages through a scripting language that provides fine-grained control over the installation process.
The NSIS Format package provides state-of-the-art support for all versions of NSIS 2 and 3. It allows both the inspection of the format and complete disassembly of the bytecode.
The 6th issue of Cerbero Journal, our company e-zine, is out! Since we’re late in releasing this journal, we decided to skip the usual early access for customers and make it available to everyone right away.
In this issue, we present the new Memory Analysis package alongside significant improvements such as file system support, customizable panels, and enhanced table features. We also cover topics ranging from paging and prototypes to UEFI firmware analysis, and include a hands-on memory dump challenge. To round it off, we’ve added a summer crossword puzzle.
We’re excited to announce the release of the EXT Format package, which adds support for the EXT2, EXT3 and EXT4 file systems.
Once installed, you can explore EXT file systems directly in Cerbero Suite.
Our ISO Format package, which supports the ISO9660 and UDF file systems, used to be slow when handling larger file systems. We’ve completely rewritten it, and now it performs effortlessly.
The 5th issue of Cerbero Journal, our company e-zine, is out!
In this issue, we explore the major new packages released in recent months, including an exclusive malware analysis and a reversing challenge. We’ve also included a crossword puzzle for the summer season.
The 4th issue of Cerbero Journal, our company e-zine, is out!
Since the last issue of our journal, there have been significant developments: the release of Cerbero Suite 7, accompanied by many new packages.
The 3rd issue of Cerbero Journal, our company e-zine, is out!
In this issue we discuss the many packages we have released in the past 6 months for both commercial and personal licenses of Cerbero Suite: 26 pages of news, articles, tutorials, challenges and games. Moreover, to celebrate the summer season we have included an IT crossword puzzle!
The upcoming standard and advanced edition of Cerbero Suite 3.0 will feature a full-fledged hex-editor with undo functionality and all the other common goodies.
In the past it was quite cumbersome to edit a file with Cerbero Suite and undo wasn’t available. This is no longer the case as the hex-editor functionality comes now in its own workspace and can be accessed even from the shell context menu on Windows or by specifying the “-hex” argument.
The hex-editor shares much of the functionality also found in the analysis workspace, such as layouts and scripting.
Of course, filters are available as well.
And, as cherry on top, every hex-view in the analysis workspace will be editable, but without ever writing to the original file. To save the modified content access the “Copy” menu and click on “Copy into new file”.
Coming soon!
Windows memory forensics on OSX.
Profiler 2.8 is out with the following news:
+ added support for Windows raw memory images
– added unhandled exception debug tools on Windows
– added unhandled exception notification for Python
– exposed tree control to the Python SDK
– improved CFBF support
– improved PDF parsing against new malware samples
– fixed PDB issue with zero-sized streams
– fixed issues in JBIG2 decoder
– fixed display of PE timestamps in UTC
The biggest news is undoubtedly the introduction of Windows memory forensics support in the Advanced version of Profiler.
And here’s the same screenshot as above taken on Linux.
We have also drastically improved exception handling for both Python and native code, especially on Windows.
Whenever Python raises an unhandled exception a message box pops up on Windows and on other systems the exception is printed out to the terminal if it happens outside of the UI thread.
When the issue is more serious and results in a crash the user will be presented with the following message box on Windows.
If the crash happened from Python code, the user is given the possibility to retrieve a backtrace of the last executed Python methods.
If the crash happened in the native code, it’s now possible to create a dump file.
Enjoy!