You are browsing the archive for Puzzles.

Command line do-nothingness

May 23, 2020 in Puzzles, Random ideas, Silly

Yesterday I came up with a silly game – find commands that do nothing, when executed from command line. I didn’t specify rules very precisely, but the rough idea was that the commands shouldn’t modify the environment. Grzegorz and a few other researchers joined me in this game and they added a lot of twisted and creative ideas (thx!).

One may ask: why doing it at all?

First of all it is fun. Secondly, it is a good research exercise as it brings ideas that may expose imperfections of a command line interpreter and tools. These in turn may lead to some new research avenues. In fact, many lolbin and persistence discoveries started with observing what commands and programs do, when executed (including checking the command line arguments they expect).

This is a list of all commands we came up with:

rem foo
:foo goto foo
for %k in () do echo
goto :eof
if foo==foo goto :eof
pushd . & popd
type nul
:: foo
echo > nul
copy nul nul
copy nul .
copy nul con
call call
cmd /c exit
cmd /r exit
cd .
cd .\.\.\.\.\.
cd ./././././.
cmd /c exit
cmd /r exit

We also had a few cheats (stream redirection/piping):

ver > nul
vol > nul
time /t >nul
set foooooo=
copy nul nul > nul
echo > NUL
copy nul > nul

And the funny bits discovered? Let’s have a look.

  • nul – non existing and non-sensical command, but you can still launch it and cmd.exe will report “Access is denied.”
  • copy nul nul – reports “1 file(s) copied.”
  • certutil – when launched w/o any command line argument, it prints out non-sensical “CertUtil: -dump command completed successfully.”
  • hostname – when launched with an invalid command line argument it shows non-sensical “sethostname: Use the Network Control Panel Applet to set hostname. hostname -s is not supported.”
  • set ” ” – prints additional 2 extra lines that don’t show up when you run “set”

Bits about People Management, and Team Building for IT Sec teams

November 15, 2018 in People Management, Preaching, Puzzles

Over years I had a privilege of managing a number of teams at different companies. While the feedback I get from my old reports is typically positive, I only hear it from people who are happy to maintain a friendship with me after our professional paths split. So, while this pleasant availability error could put me on a  pedestal of people management… the reality could be as well that I totally suck at it. Who knows?

People Management is hard.

People often ask: how to get better at people management, especially in a technical world?

I think the question like this is a premature one.

First of all, people management s not for everyone. And IMHO most of technical people should not be doing it, unless they have a real call for it. Seriously. No hurt feelings, but just no. Individual contributor can climb the corporate ladder too and very high, with no burden of ‘having to deal with reports’.

Also, not every manager position is good for every people manager, yes, even a good one, one that ‘delivers’. Some people managers find themselves performing better with younger teams, because they can ‘energize’ them, mentor them and empathize with their struggles during these first years of a professional career. Others will find such tasks daunting as they just want to get stuff done. Quickly. Such people managers will work very well with a well-developed, and often older, more experienced team. Let’s be honest, they are actually more Project Managers than People Managers. It is a HUGE difference. Directing multiple and multi-level teams is a completely different game as well.

So, how to get better at it?

It is still a premature question.

Do you know why you are there? What are your powers and responsibilities?

I didn’t know when I became one. It escalated quickly, because as a technical person I had to suddenly have a lot of 1:1 with individuals. And I am not too social. But I know my reports are not either. So that helps. We are sitting there barely looking at each other and we are both getting better at it.

Still… such a new experience, cuz… we no longer talk binary. We talk about life. Mainly their life and aspirations. And this is one of the reasons why people management can be very tough, mentally; you really need to deal with your employees’ personal life, and understand their circumstances. Very technically ‘non-sexy’. And when it gets ugly for some reason it is something that a regular employee typically deals with on a ‘office gossip’ level. And usually ‘after the fact’ , while a people manager hears first hand and has to think on his/her feet pretty quickly. Other than the usual admin work (and there is plenty!), s/he encounters cases of personal tragedies, unexpected life circumstances, new&better, or ruined futures, sudden departures, hassles with req approvals, HR and legal involvement in some cases, and not only exciting hiring process, but also laying off. Not fun. And there are metrics to maintain too 😉

So, how to get better at it?

Practice. Do not treat people like reports. Treat them as your SMEs. Empower to speak, shut up and listen and then discuss, in the end be _decisive_. Keep your promises, or tell your side of a story to give the context if you can’t. Be HONEST. It goes a long way. And IMHO nothing kills technical people more than a corporate jargon. So, there you have it.

But… that’s not all…

Managers are often tasked with organizing team events. If they are lucky to have some ‘people person’ on the team it’s easy to delegate. If not, you just need to deliver on your own…

And now, after such a long intro tirade it:

  1. … actually gives me an excuse to write some more about people management in the future
  2. … is time to bring up the topic that I actually want to talk about today!

I love puzzles and riddles. Not all of them, but… since I was a kid I was always a big fan of crosswords, any sort of word plays (anagrams, palindromes, homonyms, etc.), pun games of any sort, “Weird Al” Yankovic and –wannabe songs, as well as mechanical puzzles (if you never heard of Hanayama, please drop everything and look it up, like… right now).

Recently, I had a chance to play the escape room game.

While it was something I heard of before, I had a very incorrect perception of what it is. I don’t watch too much TV in last 15 years, never really played MUDs, and not that many board or card games, plus never bothered to actually look it up to correct this wrong perception so… mea culpa. For some, more or less biased reason, anytime I thought of it I had the mix of a Survivor, ‘panic room’, Houdini escapes, and Fort Boyard games in my mind (again, I don’t watch TV, but have a vague idea of what these TV shows are or were). Since I assumed it includes some cheezy role-playing, lots of muscle work in closed tight spaces,  plus I am cynical and bit claustrophobic I simply stayed away from it.

What a strategic mistake…

Playing the game for the first time I realized that I was totally wrong about what it is + I actually really liked it. In case you don’t have a clue what it is about, perhaps this post will make it easier for you to try…

The escape room is basically a room full of puzzles.

Whatever the escape room game setup is… doesn’t really matter. You get some intro story that sets you up in the escapist mood (oh man, it is actually a bit of a cheezy role-playing after all!), and the narrative of what happens next. You will get some vague instruction and… off you go. And of course, you are in the room or rooms and you can walk out anytime you like.

You and your buddies may get a few props. It can be a treasure chest, a cryptex, a map, a puzzle pieces that need to be put together, a key or a clue hidden inside a mechanical puzzle, a word riddle, a bunch of mathematical equations that need a solution, sometimes may have a few, pieces of wood, metal with some magic symbols on it, and plenty of red herrings, as well. You may need to write things down, search the room for clues, and use your detective and investigative skills.

The props may be ‘HarryPotterized’ or otherwise ‘alchemized’ and ‘mystified’; while their role is to fit the narrative and help setup the mood+actually give you the riddles to solve, it’s actually pretty cool to see them having the ‘look and feel’ that makes them more ‘real’, and aligned with a particular story play. Some may include ‘burnt’, crumpled, stained  sheets of papers with various types of riddles, 3d-puzzles, mazes, cryptogames, substitution ciphers, riddles hidden in poems, etc.. Some may use a different medium. I am intentionally writing about in a generic way, because the less you know about it, the better it is when you have to solve things on the spot!

The common denominator is that the whole experience relies on solving puzzles. No muscle work, no confined spaces, no holding your breath under water for extended periods of times, no crocs, no magic tricks. There is also an element of time pressure, some ad hoc challenges for your team, and really surprising collaboration that you will encounter during this puzzle solving experience.

The last bit is especially interesting to me as a people manager, because my skepticism towards team building activities is usually pretty high. Participating in the escape room game actually changed my opinion about it. Probably for the first time I felt it was a team building experience that is almost by design aiming at your regular IT SEC person, and not a sales guy, an HR person or C-level guys. No off roads, no shooting ranges, no golf, no Disney world, no go-go clubs, no gambling, no alcohol, no karaoke singing, no dry presentation quizzes, no motivational training and shpiels, no human knots, etc. Maybe I am in minority, but these don’t speak to me at all. I find these pretty irritating, to be honest. (and okay, I lied a bit, some alcohol is ok 😉

But… puzzle solving ?


And then comes the collaboration element:

  1. you will see natural leaders, or alphas at work; there may be actually a few of them, and also quite naturally all of them moving places, positions of influence as the game progresses; it’s definitely not democratic at all, there is a bit of an internal competition, but it shows the strengths of each temporary leader emerging for a moment as a Subject Matter Expert; it’s pretty cool to observe; it is a moment of empowerment for everyone
  2. you will realize that while you are good at some puzzles, other guys are good at puzzles you don’t have a clue about! this is a very nice, humble lesson; probably the best part of it really; you may be caught off-guard when you notice some of the coworkers you know not that much about actually killing it; yes, THEY TOO, same as you, if no more, DO have IT in them; mutual respect grows this way quickly
  3. the collaboration, even with complete strangers, is actually possible; you will form small teams organically; they will rise and they will die down quickly, but it does build that ‘solving problem together’ atmosphere which is very rewarding, especially if your mini-team solves the puzzle and gets the whole team that one more step closer to the final riddle; it is to be expected that next time you meet the ‘stranger’, s/he is no stranger at all, you will have a great memory to share (no ice breakers needed!)
  4. solving problems together gets both very creative and dumb – depends on the puzzle, and overall progress of the game; you will get stuck, go back, regroup, rebuild mini-teams, and the solutions will appear; pretty cool demo of testing solving problems in pairs, triplets, fours: some of them don’t work & some deliver beyond expectations; and lots of laughs and head scratching
  5. cheating is an art form – you need to quickly develop the per-game skill and hide it from opposing teams and escape room ‘guides’ 😉 yes, you need to cheat by all means (but not by googling the answers; more by changing the odds of the game to your favor – again, I won’t cover in detail not to spoil anything to anyone)

Overall, building teams is a really hard work; there are conferences (quite a passive interaction), the gamut of HR-driven activities I partially described above (usually not attractive to naturally introspective individuals, let alone imposter syndrome badge holders), there are very active technical CTF exercises, but these are not for everyone either (the bar is typically set at least ‘high’+it’s almost like work since you get stuck at the computer for many hours), and then there is an opportunity to go out, meet in a strange new place, and together solve the puzzles… of an escape room. And that’s probably the best way to build the team – escape the room/office/cubicle and… together solve problems. That human interaction is not imposed on anyone. It just happens and it’s great to watch and participate in.

p.s. one may argue there always individuals who love some of the ‘other’ activities I listed; I can see that of course and not arguing to completely abandon it; I am also aware that I have a very subjective view that is based on years of participating in various activities that were supposed to build a team, but imho failed miserably due to managers not understanding what makes the audience ‘kick’. Perhaps an anonymous poll is a good way to choose what clusters of reports like? perhaps there is a need to have all these different activities at some time to keep everyone happy? I really don’t know. This is a moving target and people managers have to keep up. I know I just like puzzles, and I hope you and your team do too.