I have always been interested in riddles and puzzles, and I have a lot of respect for people who create them. So, when I’ve been thinking of opening this blog I always had in mind a section that would be dedicated to riddles. The idea is of course not new. I borrowed this particular one from Richard Wiseman – one of my favorite authors. He posts a puzzle every Friday and provides an answer to it on Monday.
So, stepping on giant’s shoulders I will be posting a new riddle every Friday as well. The topic will be forensics, malware analysis, and any sort of binary-data related fun facts. The goal is to post something short, simple, and relatively easy to crack, yet a bit quirky or with a twist, so that you may have fun and hopefully learn something new. Of course, if you are in the industry long enough, you will crack it in no time.
I will start with something I have came up with 2 years ago while working for my previous employer. I modified it to avoid potential copyright issues, yet the fundamental principle stays the same. In a hindsight, it is not that difficult, yet I think the guys who faced it found it challenging at that time and their interesting approach to the problem (they generated a lot of ideas!) led me to post a few more riddles on our internal mail list.
The Riddle:
- command executed on the same system
- command is “dir wimmount.sys”
- 2 different windows, 2 different results
- why?
Answer here
I think I came up with the answer. It took me a few minutes to find the article I read about how this behavior would be possible.
2 minutes 😉