Welcome to Cerberus Atlas.

Evidence-first malware analysis.

Cerberus is a personal lab for turning noisy incidents and sandboxes into structured knowledge: behaviour, mapped TTPs, and portable detection logic.

Backed by lab + sandbox artefacts Conservative ATT&CK mapping Detections described conceptually

Browse Cerberus Atlas Library→

Latest From The Cerberus Atlas

Snapshot of the most recent entries. For the full library and filtering, head to the Cerberus Atlas Library page.

View the full findings library →

Analysis & detection philosophy

Findings are built from a mix of sandbox output, lab execution, and static analysis. If a behaviour isn’t backed by artefacts (process tree, network, config, or code), it doesn’t go in the entry.

The goal isn’t to exhaustively reverse every sample, but to extract reusable behaviours and pivots that survive across versions and campaigns.