Cerbero Suite is the first Swiss Army Knife for cybersecurity professionals, honed and refined since 2011. It offers a comprehensive collection of seamlessly integrated tools tailored for low-level experts, notably malware and forensic analysts.
State-of-the-art solution for malware triage, Cerbero Suite stands as a formidable force in the landscape of malware and forensic analysis, capable of handling both rapid triage and in-depth examination of suspect files. One of its remarkable features is the capacity to manage vast datasets; a single project within Cerbero Suite can accommodate millions of files. This makes it an invaluable tool for comprehensive malware investigations, whether they are large-scale or targeted. While the suite offers an extensive range of analysis tools to fully dissect potential threats, it also provides the flexibility for users to transition to other specialized tools. Loading files into specialized tools like Ghidra or IDA Pro is most often an option, not a necessity. Thus, with Cerbero Suite, analysts have a versatile platform that can serve as both the frontline and the deep dive in malware and forensic analysis.
Enhancing Efficiency for Malware & Forensic Analysts
For both malware and forensic analysts, managing the complexity of various file formats, especially when these files may contain embedded formats, presents significant challenges. Each format introduces unique issues and necessitates specific tools and methods for thorough examination. Analysts often face substantial overhead as they collect, learn, and frequently switch between different tools to dissect each file layer by layer. This fragmented approach can disrupt their workflow, increase the risk of errors, and lead to inefficient use of their time.
The integrated platform of Cerbero Suite addresses these challenges by consolidating a variety of tools into one environment. Within this ecosystem, tools enhance each other’s capabilities, sharing insights and data for a more comprehensive output than could be achieved with isolated applications. By centralizing all necessary functionalities, it reduces the need to juggle multiple tools, facilitating a more intuitive analysis process. This allows analysts to focus more on unpacking the behavior, intent, and impact of their subjects. Ultimately, this not only simplifies their tasks but also saves time, allowing them to concentrate on deriving deeper insights from their analyses.
Imagine a tool that, with a single click, lets you explore the contents of an HTML file nested within a CHM Windows help file, enclosed in an ISO archive, embedded in a Microsoft OneNote document, and wrapped up in a GZ compressed archive. This is the practical functionality our solution provides.
At Cerbero Labs, we understand the dynamic nature of cyber threats and the importance of staying ahead. We continually update our tools to handle the latest threats and actively conduct research on advanced malware. For those in need of technology capable of analyzing the newest malware forms, Cerbero Suite provides a robust solution.
Arsenal
Our suite encompasses a comprehensive set of tools including file analysis, memory analysis, disassemblers, decompilers, emulators, a hex editor, and much more. For low-level professionals and forensic analysts, these tools are indispensable:
File Analysis: Inspect and understand the structure and content of diverse file formats, crucial for uncovering hidden data or malicious code. Dive deep into your analyzed files with our comprehensive analysis workspace, equipped with all the essential tools to explore scan items, structures, and embedded files.
Memory Analysis: State-of-the-art visual Windows memory forensics, powered entirely by technology built by Cerbero Labs and delivered without relying on external frameworks. The feature is available through the Memory Analysis package, which all Cerbero Suite customers can obtain through Cerbero Store.
Disassemblers: By translating machine code back into assembly language, disassemblers provide insights into the underlying operations of a program, assisting in understanding its flow and potential vulnerabilities. Our native code Carbon disassembler is designed with cutting-edge algorithms and optimization techniques. It boasts incredible processing speed and is capable of handling even entire process address spaces. Our disassembler suite encompasses managed binaries, diving deep into platforms like .NET and Java.
Decompilers: These convert machine code or bytecode back to high-level source code, which makes the process of understanding and analyzing software’s functionality much more intuitive. Be it in a single binary or inside of a crash dump, our decompilers will help you make sense of enigmatic low-level code. In addition to native code, .NET, Android DEX, and Java are all supported.
Emulators: By mimicking hardware or software behavior, emulators allow analysts to observe the behavior of potentially malicious code in a controlled environment without executing it on actual hardware. Our suite includes a diverse range of emulators to handle different technologies.
Hex Editor: An advanced hex editor, equipped with a rich feature set. It provides editing capabilities not just for files, but also for disks and live processes on systems that permit it. The editor is designed to handle both raw binary data and intricate data structures, ensuring that users can seamlessly switch between hex and text views. Users can also benefit from advanced functionalities like layouts, data filters, and plugins.
Other Tools: Our suite offers an array of versatile tools, including data filters, actions, a fast native UI for the Ghidra reverse engineering tool, an advanced Python editor enhanced with auto-completion, and the ultimate toolkit for downloading, scanning with, creating, editing, and testing YARA rules. Add-on packages also come with advanced deobfuscation and cryptographic tools.
All these tools collectively empower professionals to dissect, understand, and analyze software or data artifacts, ensuring thorough investigation and robust countermeasure development in the realms of cybersecurity and digital forensics.
Features Overview
This table offers a broad overview of a number of built-in and optional features present in Cerbero Suite. If you’re interested in a detailed list of optional features, we recommend visiting the packages page of Cerbero Store, where you can find a complete list of all available add-on packages.
| Personal | Commercial | |
|---|---|---|
|
€299
|
€1399
|
|
| Cross-Platform License | ||
| Cross-Platform License | ✔ | ✔ |
| File Analysis | ||
| File Analysis | ✔ | ✔ |
| Memory Analysis | ||
| Memory Analysis | ✔ | ✔ |
| PE, MachO & ELF Binaries | ||
| PE, MachO & ELF Binaries | ✔ | ✔ |
| .NET, DEX, Java & Flash Binaries | ||
| .NET, DEX, Java & Flash Binaries | ✔ | ✔ |
| PDF Documents | ||
| PDF Documents | ✔ | ✔ |
| Office Documents | ||
| Office Documents | ✔ | ✔ |
| Archives & Databases | ||
| Archives & Databases | ✔ | ✔ |
| Images | ||
| Images | ✔ | ✔ |
| Emails | ||
| Emails | ✔ | ✔ |
| File Systems & Disks | ||
| File Systems & Disks | ✔ | ✔ |
| Fonts | ||
| Fonts | ✔ | ✔ |
| Carbon Disassembler | ||
| Carbon Disassembler (x86, x64, ARM32, ARM64) | ✔ | ✔ |
| Sleigh Decompiler | ||
| Sleigh Decompiler (x86, x64, ARM32, ARM64) | ✔ | ✔ |
| Bytecode Disassemblers | ||
| Bytecode Disassemblers | ✔ | ✔ |
| Bytecode Decompilers (.NET, Android, Java) | ||
| Bytecode Decompilers (.NET, Android, Java) | ✔ | ✔ |
| File Carving | ||
| File Carving | ✔ | ✔ |
| Hex Editor | ||
| Hex Editor | ✔ | ✔ |
| JavaScript Debugger | ||
| JavaScript Debugger | ✔ | ✔ |
| Python 3 SDK | ||
| Python 3 SDK | ✔ | ✔ |
| Python Workspace | ||
| Python Workspace | ✔ | ✔ |
| Projects | ||
| Projects | ✔ | ✔ |
| Actions & Filters | ||
| Actions & Filters | ✔ | ✔ |
| Silicon Excel Emulator | ||
| Silicon Excel Emulator | ✔ | ✔ |
| Native UI for Ghidra | ||
| Native UI for Ghidra | ✔ | ✔ |
| YARA Toolkit | ||
| YARA Toolkit | ✔ | ✔ |
| Access to Cerbero Store | ||
| Access to Cerbero Store | ✔ | ✔ |
| Access to Commercial Packages | ||
| Access to Commercial Packages | ✔ | |
| Commercial Use | ||
| Commercial Use | ✔ | |
Add-On Packages
We prioritize a rapid response to emerging threats. A central part of this approach is Cerbero Store, an innovative solution developed at Cerbero Labs. This platform allows customers to quickly download optional packages with a simple click. Cerbero Store simplifies the process of finding and installing plugins within Cerbero Suite. This enhances user convenience and enables us to quickly address the newest threats with exceptional efficiency.
Our available add-on packages feature an array of tools, including emulators, deobfuscators, cryptographic utilities, integration with cloud intelligence providers, and even entire workspaces, such as our native UI for Ghidra. For a comprehensive list of available add-ons, we invite you to explore our packages page.
Purchasing Cerbero Suite
By purchasing a license for Cerbero Suite, you unlock these exclusive benefits:
- 💻 Enjoy a full year of access to Cerbero Suite and Cerbero Store, including updates. This even covers upgrades to major software versions.
- 🔀 Use Cerbero Suite across all supported platforms.
- 📦 Access Cerbero Store to download optional add-on packages and stay updated on the latest threats.
- 🛠️ Exceptional SDK documentation, paired with robust development tools, empowers you to craft your own plugins.
- 🗞 Enjoy exclusive early access to our company e-zine, a whole month ahead of the general public.
- 💰 Benefit from special rates on renewals, exclusive pricing for additional products, and volume licensing discounts.
- 💬 We provide fast-response support to all our customers.
- 🎓 Organizations that purchase 10 or more commercial licenses are eligible for our exclusive online webinar training at no additional cost.
Frequently Asked Questions
Cerbero Suite
What is Cerbero Suite?
Cerbero Suite is the first Swiss Army Knife for cybersecurity professionals, honed and refined since 2011. It offers a comprehensive collection of seamlessly integrated tools tailored for low-level experts, notably malware and forensic analysts.
What tools does it contain?
Our suite encompasses a comprehensive set of tools including file/memory analysis utilities, disassemblers, decompilers, emulators, a hex editor, and much more.
What platforms are supported?
Cerbero Suite runs on Windows (x86, x64), macOS (x64), and Linux (x64). We make an effort to support older systems. The minimum officially supported platforms are Windows 8.1, Ubuntu 12.04, and OS X El Capitan (10.11).
Although the macOS build is for x64 architectures, it has been tested on the M-Series.
Which file formats are supported?
Our supported file list is both extensive and constantly expanding. Below is a partial overview of the file categories we support:
Executables, Managed Executables, Microsoft Office Documents, PDF Documents, Archives, Databases, Fonts, Images, Emails, System Files, Certificates, Memory Images, XML Documents, Debug Files, Rich-Text Files, Firmware, File Systems, Disks.
Should you have doubts about Cerbero Suite's support for a particular file format, please don't hesitate to contact us.
Personal vs Commercial: what's the difference?
Personal licenses are designed for hobbyists and students and aren't valid for commercial use. To utilize Cerbero Suite professionally, a commercial license is required. Moreover, some features, plugins, and updates are either prioritized or exclusively available to commercial license holders.
Do you have a trial version?
We currently do not offer a trial version of Cerbero Suite. However, we understand the importance of ensuring that our product meets your specific needs. If you have questions about particular features, we invite you to get in touch with us. Our team is more than happy to discuss your requirements and confirm whether Cerbero Suite has the capabilities you're looking for.
Why should I invest time learning how to use it?
Investing time to learn Cerbero Suite is an investment in your own efficiency and expertise. The suite is designed to be a comprehensive solution for malware and forensic analysts, offering an array of advanced tools that can significantly speed up your work. Once you become proficient with Cerbero Suite, you'll find that tasks which previously took hours can be completed in a fraction of the time.
Furthermore, the skills you gain will make you more versatile and valuable in the cybersecurity landscape. Cerbero Suite is not just another tool; it's a multifaceted platform that can serve both as your frontline and deep-dive resource for malware and forensic analysis. By mastering it, you're not just learning to use a software, you're enhancing your professional toolkit and opening up new avenues for career growth.
How can I learn how to use it?
We provide a comprehensive user manual as the primary starting point for new users of Cerbero Suite. Additionally, we offer numerous videos and articles to enhance your experience. Begin your journey by exploring the user manual, then visit our resources page for additional materials. Organizations that purchase ten or more commercial licenses are eligible for our exclusive online webinar training at no additional cost.
What's the duration of a license?
A license is valid for a full year and provides access to Cerbero Suite and Cerbero Store, including updates. This even covers upgrades to major software versions.
Do you offer subscription licenses?
For organizations that favor structured budgeting, we provide an annual subscription option for commercial licenses.
Do you offer volume discounts on licenses?
Yes, we do offer volume discounts for Cerbero Suite licenses. If you're interested in purchasing multiple licenses, we recommend getting in touch with us for a tailored quotation. Our team will work with you to provide the most cost-effective solution to meet your needs.
How are licenses renewed?
When a license expires, we alert our customers and provide a 3-month renewal window. Commercial subscription licenses follow a calendar-year renewal cycle.
What is the renewal price?
The cost to renew your Cerbero Suite license is 50% of the current purchase price. Additionally, we offer loyalty and early renewal discounts on top of the standard 50% discount rate, rewarding your continued commitment to our services. Renewing your license ensures you continue to benefit from the latest updates and maintain access to the Cerbero Store, all while enjoying a discounted rate.
How do I get notified about license renewal?
We'll notify you via email during the renewal window.
What happens if I don't renew my license?
You may use the last downloaded version of Cerbero Suite prior to your license expiration, but you'll forfeit access to updates and the Cerbero Store. To continue benefiting from the latest features and maintain access to the Cerbero Store, it's important to renew your license. By doing so, you'll also be eligible for discounted renewal rates.
Subscription licenses only: commercial subscription licenses won't be able to use the current Cerbero Suite version.
Can I download the software after my license expires?
No, access to both previous and new downloads, including software updates and packages, is not available once your license expires. We advise our users to save copies of the necessary binaries and packages while their license is active. Our licenses provide a one-year access to all software updates. However, post-license expiration, we cannot provide downloads of either previous versions or updates released during your active subscription period. It is essential for users to ensure they have saved the required software versions before their license expiry date.
Cerbero Store
What is Cerbero Store?
Cerbero Store is a platform where customers can swiftly download optional packages with a simple click. Cerbero Store streamlines the process of searching for and installing plugins within Cerbero Suite. This not only enhances user convenience but also empowers us to address the newest threats with unmatched speed.
What are packages?
Packages contain add-on plugins and extensions for Cerbero Suite and Cerbero Engine.
How do I install and update packages?
After activating your Cerbero Suite license, click on 'Store' to access Cerbero Store, where you can install and update packages.
Are packages signed?
Yes, all packages on Cerbero Store are securely signed.
Can I create my own packages?
Absolutely, the procedure for creating packages is comprehensively detailed on our SDK page.
Can I sign packages with my own signature?
Absolutely, to validate the package signature, add a new public key by navigating to 'Settings' → 'Certificates' → 'Packages'. The procedure for signing packages is comprehensively detailed on our SDK page.
Purchasing
What payment methods do you support?
We accept multiple payment methods, including PayPal and credit cards via Stripe. For commercial license purchases, bank wire transfers are also available—please contact us.
Can I pay with Bitcoin?
At this time, we don't accept Bitcoin.
How does the purchasing process work?
When you make a purchase through our online store, you'll receive the license and download instructions by email. To safeguard against fraud, we manually approve each transaction. This typically takes no longer than a business day. If you don't receive an email from us within that time, please get in touch.
