Cerbero Suite 7.4 Release
2024-4-9 16:44:23 Author: blog.cerbero.io(查看原文) 阅读量:21 收藏

We’re excited to unveil Cerbero Suite 7.4 and Cerbero Engine 4.4! This new release not only brings many improvements but also marks the launch of a new, significant package: YARA Rules. Join us as we highlight the key features and innovations in this blog post.

YARA Rules Package

YARA, an essential tool in the fight against malware, allows for the creation of descriptions to match patterns across various file types. Recognizing the importance of YARA in digital forensics and malware analysis, we have developed the ultimate toolkit for downloading, scanning with, creating, editing, and testing YARA rules.

The scope of the package is so massive that we have created a dedicated blog post to cover it. The package is available to all licenses of Cerbero Suite!

DotNET ManifestResources Format Package

We have released the DotNET ManifestResources Format package for all licenses of Cerbero Suite.

.NET manifest resources are embedded elements within .NET assemblies, used to store additional data such as files, icons, and strings that an application requires for execution. These resources are directly compiled into the executable, becoming a part of the application’s core assets. In the realm of malware, attackers frequently exploit .NET manifest resources to hide malicious payloads. Cerbero Suite lets you inspect the format of .NET manifest resources and automatically detects embedded files.

FLIR Format Package

We released the FLIR Format package for all licenses of Cerbero Suite.

FLIR (Forward-Looking InfraRed) refers to thermal imaging data that is embedded within the JPEG file format. Unlike standard visual imagery, FLIR data represents heat emissions from objects, providing a thermal spectrum view that is invaluable for various applications, from surveillance and security to energy audits and search and rescue operations. When FLIR data is embedded in JPEG images, it allows the combination of visible light information with thermal imaging in a single file.

The package automatically extracts thermal images embedded in JPEG images and parses the FLIR format.

macOS Memory Editing

Unfortunately, since the introduction of SIP (System Integrity Protection), macOS has implemented many system-wide restrictions, including prohibiting the opening of other processes’ memory. However, this feature is accessible in the context of older macOS systems or by disabling SIP and running Cerbero Suite with sudo.

Here is the hex editor showing the memory of the current process on macOS M-series.

Hierarchy & Format Text Filters

A straightforward yet valuable enhancement to the analysis workspace user interface is the inclusion of two text filters, enabling quick selection of the desired object in the hierarchy and in the format view.

Extension Scan Information

We now display the name of the extension currently performing scan operations during the scanning of an individual file. This improvement simplifies identifying extensions that may be consuming excessive time.

SQLit3 Module Documentation

We have documented the built-in SQLite3 module.

Additionally, the SDK has been enhanced with new APIs.


文章来源: https://blog.cerbero.io/cerbero-suite-7-4-release/
如有侵权请联系:admin#unsafe.sh