Cerbero Suite 6.3 and Cerbero Engine 3.3 are out!
2023-3-27 17:24:5 Author: blog.cerbero.io(查看原文) 阅读量:33 收藏

Skip to content

We have released Cerbero Suite 6.3 and Cerbero Engine 3.3. What follows is a list of the most important new features.

Support for 7z and XZ archives

We have released the 7z Format package which provides support for both 7z and XZ archives.

The support includes encrypted archives and all common compression methods.

The package is available to all licenses of Cerbero Suite.

Support for TAR archives

TAR archives are now supported thanks to the TAR Format package.

The package is available to all licenses of Cerbero Suite.

PowerShell Beautifier 2.0

We have released version 2.0 of our commercial PowerShell Beautifier package. The new release adds the option to remove unused variables.

For example, this is a snippet of a malicious script:

$T = 'Get'
$M = $T + 'Method'
$I = 'Invoke'
$T = $T + 'Type'
$L = 'Load'
$Q0 = [Reflection.Assembly]
$B = $Q0::$L($MyS)
$B = $B.$T('NewPE2.PE')
$B = $B.$M('Execute')

$Ub = 'C:\Windows\Microsoft'
$z = $Ub + '.NET\Framewor'
$VT = $z + 'k\v4.0.30'
$XQ = $VT + '319\RegSvcs.exe'
$B = $B.$I($null,[object[]] ($XQ,$serv))

With both variable replacement and removal of unused variables enabled it becomes:

$load_result = [Reflection.Assembly]::Load($x_result)
$get_type_result = $load_result.GetType('NewPE2.PE')
$get_method_result = $get_type_result.GetMethod('Execute')
$invoke_result = $get_method_result.Invoke($null, [object[]]('C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe', $x_result_2))

OneNote Format for all licenses

The OneNote Format package is now available to all licenses of Cerbero Suite. The package was previously released for commercial licenses only.

Once the package is installed, you can directly open OneNote documents in Cerbero Suite and all embedded files are automatically extracted and ready to be inspected.

Crypto Module

We have exposed the Crypto module to the SDK and documented it.

The module provides classes for hashing and encryption/decryption.

Hashing data, for example, can be as simple as the following code snippet:

from Pro.Crypto import *

print(NTCryptoSHA1(b"Hello, World!").finalHexString())

GZ module documentation

We have documented the GZ module which provides the API for parsing GZip archives.


文章来源: https://blog.cerbero.io/?p=2630
如有侵权请联系:admin#unsafe.sh