Okay, I talk about “Backdooring MS Office
documents with secret master keys”. We made
a lot of CTF challenges such as a XSS, reversing,
pwn, cryptography at SECCON CTF project.
when I created some cryptography challenges,
I found this backdoor problem. Microsoft Office
twenty ten or later version employ "Agile
Encryption" algorithm in their OOX documents.
We found a vulnerability in the file format
specification that can allow an attacker to later
decrypt strongly encrypted documents without
the password. This is possible by tricking MS
Office into creating an undetectable secret
master key when it creates encrypted
5