Discover a Monsters Weakness?

As a newbie player, I’m getting to grips with all my skills and abilities and when to use them.

One thing that’s come up is when we encounter monsters … what do you roll against when trying to gauge a monsters weaknesses, so we can use fire, water, light, etc, against it?

Do different types of monsters require different rolls to understand what their possible weaknesses could be, eg Insight, Nature, Arcana, etc?

Some players round the table are GM’s themselves and very knowledgeable about what to use against monsters, but their characters wouldn’t have a clue, having never encountered them before, so it’s difficult to find the right balance as a newbie who doesn’t want to buy a monster manual or use an online search!

Any advice appreciated! .:. Walts

How can my PCs discover an NPC’s class if they are trying to hide it?

I’m pretty new to DMing and I’m working on writing a campaign in which it’s important to the plot that the characters not know at first that the BBEG is a multiclass wizard-warlock. Basically, this character is an Elf Prince who is widely known to be a modestly skilled wizard, but he’s also secretly taken on a warlock patron and is the leader of a small rebel cult.

Other than dropping hints about his patron, are there mechanics that can allow my PCs to discover his class, similar to a detect magic spell or an arcana check? I’d like to avoid relying on meta-knowledge like “oh, that’s a warlock spell” as much as possible.

Does this even make sense?

How can PCs discover embedded Deep Scions against their will?

The deep scion is a monster detailed in the fifth edition supplement Volo’s Guide to Monsters (p. 135). I’m unaware if deep scions have featured in previous editions of DnD.

Deep scions are people who have been subjected to a ritual that transforms them into an evil shapechanger capable of:

wearing the mind and body of the person it once was as a sort of mask.

Imagining that a coastal village has been infiltrated by deep scions, who are stealing away residents and assimilating them one by one, once the wider threat has been discovered (perhaps a group of deep scions surprised while in piscine form) how would other individual deep scions be unmasked?

Deep scions seem to be extremely capable of maintaining their humaniod disguises in the long term, so having dealt with / questioned all of the obvious candidates how would PCs know whether the threat had been neutralised?

Is there any relevant deep scions lore in other supplements, or even other editions, that might provide some transferable guidance?

How did Microsoft discover 44 million user passwords were breached? [closed]

In December 2019, tons of new sites reported Microsoft ran a security research that found out over 44 million of user passwords were breached. The news sites said Microsoft used third-party resources and public databases in order to discover this, and forced all these users to change their passwords (which is nice!), but I still don’t get it.

If the password is properly hashed, how did they manage to look them up on these databases? I’m not a security expert or anything, but the only possibility I could come up on my mind was to hash the passwords on these public databases and compare with the users’ hashed passwords, but that sounds absurd considering salt (they would have to hash every leaked password to every account, right?). Does anyone understand how they did that?

EDIT: @schroeder’s comment and closing the question doesn’t make sense. The question is valid – how could they check so many password to so many accounts, if that’s how they did it.

