Cerbero Suite News

## 4.1
+ added Carbon option to import PDB types into the project header
+ improved x86/x64 decompiler
– fixed bugs

## 4.0
+ added Carbon loader for Windows user address space
+ added Carbon loader for Windows DMP files
+ added Carbon support for ARM32 and ARM64
+ added Carbon support for PDB symbols
+ added support in Carbon to define data types
+ added memory analysis support for latest Windows 10 versions
– added Windows x64 setup
– added UI hook extensions
+ improved Windows memory analysis support
+ improved Windows DMP support
+ improved Carbon disassembly
+ improved Ghidra plugin and setup
+ improved decompiler output
– improved Hex Editor
– improved file stats view
– improved symbol demangling
– improved Python speed
– improved headers
– improved PE debug directory support
– improved PDB support
– improved dark mode support on macOS
– improved update check
– improved single view mode
– improved settings
– improved Python SDK
– updated SQLite to 3.32.0
– fixed bugs

## 3.5
+ added the sleigh decompiler to Carbon
– fixed some bugs

## 3.4
– added script editor for Python and JavaScript
– added Python editor workspace
– added Python snippet action
– added Mariana theme
– improved deployment on OS X
+ improved Ghidra native UI
– improved filters
– improved hex workspace
– improved JS debugger
– improved Monokai theme
+ updated Ghidra support to 9.1-BETA
– fixed Header Manager crash due to themes
– fixed some bugs

## 3.3
– added theme support
+ added MachO Carbon loader
– added Monokai theme
+ improved Ghidra native UI
+ improved disassembly view
– made Windows XP compatible
– fixed some bugs

## 3.2
+ added experimental native UI for Ghidra
+ improved disassembly speed
– fixed SSL on Linux

## 3.1
+ added ELF Carbon loader
+ added edit bytes command to Carbon
+ added write method to Carbon
+ added detection of 16-bits wide strings in Carbon
+ added open in hex editor action in Carbon
+ added filters to Carbon
+ added Carbon Monokai theme
– added single view mode (Ctrl+Alt+S)
– improved deployment on Linux
+ improved x86/x64 disassembly
– improved hex workspace
– updated capstone to 4.0.1
– fixed misidentified object crash
– fixed disappearing lines in disassembly
– fixed some bugs

## 3.0
+ added Carbon interactive disassembler
– added hex editing workspace
– added command line workspace
+ added Windows DMP format support
+ added Windows Hibernation files format support
– added undo capability in hex views
– exposed workspaces to Python
– improved appearance on high resolution displays
– improved support for SQLite files
+ improved support for EML files
– included local python on Windows

## 2.9
+ added parsing of Windows heap
+ added parsing of Windows 10 heap
+ added file detection in memory regions and heap
+ added file detection in memory regions and heap via libmagic
– added CCITTFax decoder for PDFs
– added detection of DDE field codes
– added support for 64-bit shellcode to executable
+ added display of page flags in hex views
– added actions for text modification
– added action to dump mapped PEs to disk
+ added signature for automatic recognition of EML files
+ improved identification speed of raw Windows memory images
+ improved loading speed of raw Windows memory images
+ improved scanning speed of memory images
+ improved global address space hex view
+ improved user address space view
– improved fault tolerance of the XML parser
– improved CFBF support
– improved support of embedded OLE objects
– improved extraction of VBA code
– improved PDF decryption
– updated SQLite to 3.21.0
– updated libmagic to 5.32
– fixed XML to text action
– fixed Python multithreading issues
– fixed many small issues
– removed PasteBin action

## 2.8
+ added support for Windows raw memory images
– added unhandled exception debug tools on Windows
– added unhandled exception notification for Python
– exposed tree control to the Python SDK
– improved CFBF support
– improved PDF parsing against new malware samples
– fixed PDB issue with zero-sized streams
– fixed issues in JBIG2 decoder
– fixed display of PE timestamps in UTC

## 2.7
+ added experimental support for Windows raw memory images
+ added support for EML files
+ added TOR-based URL download action
– added JBIG2 decoder for PDFs
– improved PDF parsing against new malware samples
– improved search in hex view
– updated OpenSSL to 1.0.2
– updated Python to 3.6
– reduced dependencies on Linux
– fixed possible division by zero in PEObject::RvaToOffset
– fixed filter preview crash
– fixed Python multi-threading issue
– fixed PasteBin plugin
– fixed recognition of newer DEX files
– default to SHA-2/256 instead of SHA-1
– various bug fixes and improvements

## 2.6
– added initial support for XML files
– added support for XDP files (extraction of embedded PDFs)
– exposed the ABC format
– improved the parsing of malformed PDF streams
– fixed the code signing on OS X to meet El Capitan requirements
– fixed the JS debugger on Linux
– various bug fixes and improvements

## 2.5
– introduced scan provider extensions
– added support for Torrent files
– added the capability to display views as dialogs
– exposed official Python bindings for capstone
– added new controls to custom views
– updated capstone to 3.0.3
– fixed failed allocation security issue
– various bug fixes and improvements

## 2.4
– added initial support for PDB files (including export of types)
– added support for Windows Encoded Scripts (VBE, JSE)
– introduced fixed xml structures
– added automatic string decoding in struct tables
– added Python string command line execution
– remember the last selected logic group
– fixed missing support for wchar_t in C types
– updated Qt to 5.4.1
– various bug fixes

## 2.3
– introduced YARA 3.2 support
– added groups for logic providers
– added Python action to encode/decode text
– added Python action to strip XML down to text
– added the possibility to choose the fixed font
– added color randomization for structs and intervals
– added close report and quit APIs
– exposed more methods of the Report class (including save)
– improved indentation handling in the script editor
– synchronized main and workspace output views
– improved output view
– updated libmagic to 5.21
– updated Capstone to 3.0
– many small improvements
– fixed libmagic on Linux
– removed the tray icon
– minor bug fixes

## 2.2
– ported Cerbero Profiler to Linux x64
– fixed some small issues

## 2.1
– ported Cerbero Profiler to MacOSX
– added command-line scripting support
– updated Header Manager to Clang 3.5
– improved parsing of PE Delay Import Descriptors
– fixed some small issues

## 2.0
– switched to Visual Studio 2013
– updated Qt to 5.2.1
– updated Python to 3.4
– updated SQLite3
– updated OpenSSL
– switched from the XED2 to the Capstone disasm engine
– added disasm filters for ARM, Thumb, ARM64, MIPS, PowerPC and 8086
– implemented some custom view notifications in Python
– added UI controls to custom views
– made layouts available in the context of the main window
– improved Python SDK
– fixed many small issues

## 1.2
– added magic info action
– fixed crash when removing an embedded file currently open in a filters view
– fixed C++ ctor conflict which resulted in a crash when viewing Mach-O symbols (1.1 regression)
– small improvements

## 1.1
– added libmagic to the SDK
– added preliminary ELF support
– added TIFF support
– added GZ, BZ2 and LZMA file support
– exposed internal API for files and paths to Python
– hooks are now triggered even when loading embedded objects in the workspace
– added magic info extension script
– exposed more DEX methods to Python
– remember manually enabled extensions
– capability to add individual files in the scan page
– some bug fixes

## 1.0
– introduced logic provider extensions
– added SQLite3 support including free pages inspection
– exposed internal database access to extensions
– fixed some issues when executing Python code from other threads
– made actions available in the context of the main window

## 0.9.9
– added support for docked views in the main window
– added scanning and rload (report load) hook notifications
– partially exposed custom views to Python
– exposed addEmbeddedObject method to Python
– exposed NTContainer find methods to Python
– improved importing of anonymous records (C11)
– added recognition of volatile keyword in types
– moved the message box constants to the Pro.Core module
– added tools view
– added quoted-printable decoding filter
– added format quota calculator extension
– added experimental EML attachment detection extension

## 0.9.8
– improved support for Windows 8.1 PEs
– added language options to Header Manager
– improved anonymous types renaming logic
– improved TrueType font disassembler
– many small improvements
– fixed some minor bugs

## 0.9.7
– introduced C++ class/struct parsing with Clang
– introduced headers, layouts and manual analysis in hex mode
– exposed all the above to the Python SDK
– added capability to turn into a portable application
– added SHA-3 hashes
– updated Qt to 4.8.5
– updated OpenSSL
– behavior change: displaying table flags now requires a double click
– fixed bug in the core introduced with this version
– fixed some small regressions introduced with this version

## 0.9.6
– added support for Mach-O files
– added support for fat/universal binaries
– added support for Apple code signatures
– exposed DemangleSymbolName to Python

## 0.9.5
– introduced Lua filters: lua/custom and lua/loop
– added optional condition to misc/basic
– added JavaScript execute action
– added JavaScript debugger
– simplified save report/project logic
– included actions among the extensions views
– improved detection of shellcodes
– introduced max file size option for shellcode detection
– improved OLE Streams parsing and extraction from RTFs
– exposed getHash method in ScanProvider to Python
– added text replace functionality to text controls

## 0.9.4
– added RTF support including OLE extraction and raw text preview
– added file times support and extraction in Zip archives
– added disasm options to several engines
– added support for Android Binary XML format
– exposed several disasm engines as filters
– introduced metadata strings to SDK
– exposed Zip format class to Python
– fixed module initialization problem in the SDK

## 0.9.3
– subdivided the Python SDK into modules
– exposed many core and file format classes to Python (among them PE, PDF, CFBF, DEX, Class, SWF)
– exposed filters to Python
– introduced Python hooks
– introduced Python key providers
– improved SDK documentation
– added extensions view
– added file formats scan option
– added decryption keys view
– fixed occasional concurrency issue with large files
– fixed embedded files manual addition issue (affected versions: >= 0.9.1)

## 0.9.2
– removed virtual memory constraint: large files are now supported
– added decompression bomb detection
– added media preview for image files
– added preview for several PE resources
– added text preview for Office Word Documents
– added format selection to open file dialog
– display format choose dialog when more than one format has been detected
– added XFA interactive forms detection inside PDFs
– added from/to hex and base64 filters
– automatically detect files in Zip archives missing a Central Directory
– increased PySide integration
– fixed Office VBA extraction bug
– fixed bug in PDF V4 and V5 Revision encryption

## 0.9.1
– added capability of opening multiple analysis views
– added capability of switching root object in the workspace
– added navigation in analysis views
– added bookmarks
– added PySide integration
– added user application data folder support
– added history for the Python command line and script dialog
– added save option to the keys input dialog
– improved notes: the toolbar now signals their presence
– updated Qt to 4.8.4

## 0.9.0
– added Java Class support including byte code disassembler and layout ranges
– added .NET support including byte code disassembler and layout ranges
– added DEX support including byte code disassembler and layout ranges
– added dedicated view to display data like raw PDF objects
– added PE MUI resources validation
– added Adler32 to filters
– updated jsbeautifier
– separated malicious threats from intrinsic ones in the report view
– fixed update with unprivileged user account on Windows
– fixed several bugs

## 0.8.9
– increased python integration and exposed more parts of the SDK
– added SDK documentation to the docs directory
– added Python command line
– added global and individual file notes
– improved filters and added range parameters
– introduced fullscreen modality in workspace (F11)

## 0.8.8
– introduced new multi-file report and project technology with compression and encryption
– introduced new UI for workspace mode
– added Windows Lnk support
– added file extensions scan option
– added directory scan to command line
– added PNG CRC validation
– added new filters: misc/replace and dev/array
– several UI improvements
– hex editor improvements
– increased memory limit

## 0.8.7
– exposed filters and made them available to the file loader
– improved hex editor in editing mode: added cut/delete/paste operations
– made embedded files loadable from most custom hex views
– added whirlpool to hashes

## 0.8.6
– further improved hierarchy view
– introduced optional type grouping to hierarchy view
– added Portable Executable embedded resources validation
– added validation of Portable Executable digital certificates
– added SEH search functionality in the PE Exception Directory view
– added support for DIB and BMP files
– updated Qt to 4.8.2
– improved XML indenter

## 0.8.5
– finished support for Portable Executable directories (.NET excluded): Delay Import, Bound Import, Exception (x64, IA64), Security
– improved detection of files in MSI archives
– replaced the native scan table with the custom table control: now it’s fast and efficient
– added threat highlighting and jump in scan table and hierarchy view
– increased the UI responsiveness during batch scans
– introduced option to disable intrinsic risk factors
– added search functionality to every control which lacked it
– added support for PNG and APNG files
– added support for GIF files
– improved PE Debug directory view
– added language switch in text view
– improved file format choose dialog
– improved initialization performance by delay-loading some modules
– updated OpenSSL

## 0.8.4
– added Portable Executable analysis
– added Portable Executable ranges in-depth analysis
– added ActionScript2 disassembler

## 0.8.3
– added support for these Portable Executable directories: Resource, Load Config
– added smart PE address conversion
– added LZMA decompression to Zip files

## 0.8.2
– added unmangling for GCC 3 & 4 names
– added TLS & Debug directories to Portable Executable
– added metadata information to Office documents

## 0.8.1
– change in UI internals: use of new custom views boosts file report speed
– initial Portable Executable file format support, still missing many directories and ranges
– improved JavaScript detection in PDFs

## 0.8.0
– added support for InfoTech Storage Format (CHM) files
– introduced entropy computation functionality with graphical plot
– PDF object searches can now print results to output
– improved statistics report of file

## 0.7.9
– added support for the still to be publicly released PDF symmetric encryption revision 6 (AES256)
– minor improvements

## 0.7.8
– added support for Zip archives (Deflate, BZip2) with decryption (WinZip AES, ZipCrypto)
– improved hierarchical view to include name and format groups
– added RIPEMD 128 and 160 hashing methods
– added multiple password input dialog
– improved detection of Type1C fonts in PDFs

## 0.7.7
– added support for MicroType Express decompression of Embedded OpenType fonts
– added detection of fonts inside Word Document files
– added a customizable XML indent action
– updated jsbeautifier
– updated pastebin upload

## 0.7.6
– added support for Adobe Type1 fonts: includes a disassembler for Type1 opcodes
– added support for Adobe Compact Font Format (CFont): includes a disassembler for Type2 opcodes
– added support for uncompressed Microsoft Embedded OpenType (EOT) fonts: includes converter to TrueType/OpenType
– added support for Web Open Font Format (WOFF) Fonts: includes converter to TrueType/OpenType
– improved support for OpenType fonts: the CFF table is now analyzed
– improved detection of fonts inside PDFs
– added U3D and Flash to PDF dictionary searches

## 0.7.5
– added support for the SFont format
– added support for TrueType collections
– added TrueType byte code disassembler
– profiling of SFonts inside PDF documents
– added configuration for the JavaScript beautifier

## 0.7.4
– added property editor dialog for settings and parameters and exposed it to the Python SDK
– added Python settings API
– added PDF object search: just open a PDF and run the actions dialog (Ctrl+R)
– added Pastebin upload action
– implemented format specific actions

## 0.7.3
– added first version of the Python SDK
– added Python plugins support
– introduced JavaScript Beautifier plugin (jsbeautifier.org)

## 0.7.2
– implemented automatic scan of embedded files. This means that the whole hiearchy of a file will be scanned automatically. Issues will be caught even in files contained themselves in other files contained in the originally profiled file.
– added support for the PDF symmetric encryption revision 5
– improved JPEG support (complete metadata is now displayed)

## 0.7.0
– added support for the Compound File Binary Format (*.doc, *.ppt, *.xls)
– improved PDF scan

## 0.6.0
– added support for the Shockwave Flash format, including the ability to disassemble ActionScript3 byte code.

Leave a Reply

Your email address will not be published. Required fields are marked *