Once upon a time, we had to reverse engineer an Android application. To do that, we've decided to use our favorite tool of choice - JEB. All was good until we noticed something suspicious…

The story about finding RCE in the JEB decompiler.

Recently p4 team (which includes a few of our coworkers) was invited to play the @Hack CTF Final - stationary CTF organized during @Hack conference in the capital of Saudi Arabia - Riyad. Here you can read about our impressions of the CTF and the writeup for one of the reverse engineering challenges - ENIPTX.

Can you see the difference between " and “ or ' and ‘ ? You can? You've got sharp eyes! Well, PowerShell can't see it. Now, imagine an application which inserts user-provided input into string in dynamically generated PowerShell script while sanitizing only "typical" quotes... Sounds like trouble? RCE handed on a silver platter? But hold your horses, it's not that easy!

Excel 4.0 XLM macros are useful for the Red Team. But it is often the case that when using publicly available generators, samples are detected. Then you usually have to invent your own techniques or modify existing ones. Another problem is the Excel language. If the target's Excel is set to a language other than […]

As Excel 4.0 is becoming more popular, more and more attackers use it in phishing campaigns. In this blog post, we will dive into the topic of Excel 4.0 macros and learn about techniques that are useful during Red Team and analysis. Additionally, we will present to you our new tool that will assist you […]