PAINT IT BLACK

📋 Description

Description missing..

🎯 Goal

Find the redacted PII (Personal Identifiable Information) parts of the file: case-2025-0412-public.docm

🔗 Given Files

case-2025-0412-public.docm

🛠️ Tools Used

olevba (oletools)
python (for XOR decryption)

💡 Walkthough

The goal of the challenge was to find the redacted PII (Personal Identifiable Information) parts of the file: case-2025-0412-public.docm.

Analysis of the DOCM and Macro extraction.

Applied a repeating-key XOR to each character (using variables like xorChar and keyPos).

We opened case-2025-0412-public.docm and extracted its VBA project streams. Using standard OLE‐macro tools "olevba" in oletools, we found a macro named .

Command Palette

PAINT IT BLACK

PAINT IT BLACK

📋 Description

🎯 Goal

🔗 Given Files

🛠️ Tools Used

💡 Walkthough

🏴Flag