![](https://colelato.com/wp-content/uploads/2023/11/MacroHardWeakEdge-1024x623.png)
.pptm is a Microsoft Powerpoint file extension, if you’re not running windows you can use the free and open source libreoffice to view the file. I downloaded mine using sudo apt.
The first command I did was strings to see if there was any hidden text in the file.
![](https://colelato.com/wp-content/uploads/2023/11/strings.png)
![](https://colelato.com/wp-content/uploads/2023/11/strings-hidden.png)
There is a hidden slide within the file so I opened it with libreoffice
![](https://colelato.com/wp-content/uploads/2023/11/hidden-slide-1024x640.png)
The hidden slide is denoted with the grayed out bars, but sadly it is just a rabbit hole. When I initially opened the file I received a security warning about macros, so let’s look there next.
![](https://colelato.com/wp-content/uploads/2023/11/viewing-macros-1024x640.png)
Another false flag. Next I decided to use binwalk to see if there were any files I could extract.
![](https://colelato.com/wp-content/uploads/2023/11/binwalk-extract.png)
![](https://colelato.com/wp-content/uploads/2023/11/binwalk-hidden-1024x22.png)
Another hidden file. Viewing the hidden file I found this cipher.
![](https://colelato.com/wp-content/uploads/2023/11/cipher-form-binwalk-1024x257.png)
The spaces were making it difficult for online decoders to recognize so I quick removed them using python.
![](https://colelato.com/wp-content/uploads/2023/11/python-removing-spaces-1024x175.png)
After that I was able to decode it using cyberchef. I could have used python, but cyberchef’s gui and auto recognition features make it much faster and efficient.
![](https://colelato.com/wp-content/uploads/2023/11/flag-1024x880.png)
And there’s the flag!