Can a character wear both Chain mail and Leather to get a higher AC and to fool an enemy?

Background:
I am reading the anime book "Goblin Slayer", the light novel not the comic.

In it the main character wears leather armor over plate or chain to both stack his AC and to confuse his (not very intelligent) enemies into hitting where leather is vulnerable but plate or chain is not.

Question:
In dnd 5th edition, can one wear multiple types of armor and get an AC stack? Can it confuse weak foes like goblins?

Notes:
Here are answers that don’t speak to this question:

  • Can a chain shirt be concealed under normal clothing? (this is about concealed, I’m asking about stacked)
  • Stacking multiple types of armor (this is not dnd 5e centric)
  • Can you wear a Mithral Chain over Snakeskin Tunic and have their effect stack? (this is pathfinder)

Please, if you are going to down-vote, say why in the comments. If I don’t know what I did wrong, it is literally impossible for me to willfully act better and change that thing. It might happen by accident, but the universe doesn’t like happy accidents.

How to fool characters while avoiding metagame

Normally, both player and DM rely on stealth checks and secret messages when one player wants to do something without the rest of the party knowing, regardless of the motivation behind it.

This offers other players a fair chance thanks to Perception checks or just being in the right place at the right moment. And if they are not, they don’t get the chance to metagame as they just ignore what happened.

But we know bad things just happen sometimes at the table, and I want to use that to my advantage.

For example, were I to destroy a fellow Hunter’s bow. Instead of reaching for their bow while they sleep, I am going to walk around camp, knife in hand for some other reason and suddenly I will “trip” over a rock and “accidentally” cut his bow’s rope (hopefully without losing an eye in the process). Of course the DM will know I was aiming to do that and I will make the fitting rolls, probably also Deception, to achieve it and put up an act.

A success will make the Hunter believe this was just a product of misfortune. But my problem lies with the Hunter’s player, which I want to fool as well.

I would tell the other players it was on purpose if I trusted them not to metagame, but I don’t think that is an easy feat.

In my opinion this may have many uses, such as purposely alerting guards, triggering traps, breaking important items, all kind of naughty stuff, while not having to be stealthy about it, just “clumsy”.

If I roll successfully, how can the DM or I narrate this flow of events while appearing inconspicuous to the players?

Is it possible to fool an animal companion?

Is it possible to fool an animal companion impersonating its owner? For example, if a druid is fighting with his party and its animal companion – let’s say a wolf – would its opponent be able to get the wolf attack an ally of the druid imitating the druid’s voice?

If it is possible, how can it be done? Is a skill check on Handle animal or Bluff a good way?

How do keyloggers tell it’s a password? (And how to fool them.)

This question also applies to clipboard monitoring.

Imagine you are planning to deploy 100,000 copies of a Windows trojan with keylogger functionality. (For the record, I’m not talking about myself here.) Your trojan is going to send you megabytes of user input every day, 99.999% of it irrelevant. How do you find passwords in this flood of text and what can your victims do to mitigate the threat?

I see but one possibility: You have to intercept only the text entered after a known bank/email/etc page became active in a browser. But to tell it did?

1a) Monitor the titles of browser windows for known pages.

Mitigation: Use a browser with bank mode that does not reveal page name in its window title.

1b) Break into the address space of a browser to see what it is actually working with.

Mitigation: Impossible apart from relying on your antivirus. However, this approach is highly sophisticated and used mostly in government-made malware in targeted attacks on political opponents. A simple guy like me is not likely to run into this.

2a) Monitor DNS requests for known domains with WinPcap and such.

Mitigation: Don’t have WinPcap installed.

2b) Monitor DNS requests with a custom firewall-type driver.

Mitigation: Same as 1b.


Overall, from the common user’s perspective a browser with bank mode plus the absence of WinPcap plus an antivirus for general safety seems to be a sufficient protection against keyloggers. Did I miss anything?

Fool SAML authentication

My company’s has given a corporate membership to Udemy, which is accessible from company’s laptop only.

I tried to look into it and it uses SAML. If I open my company’s Udemy website on any other laptop, it redirects to an IDP server (https://sso.connect.pingidentity.com/sso/sp/initsso) of my company which fails.

Can I open the Udemy site on my company’s laptop, and get the SAML token/key; Take it to some other system and access the website on other laptop as well?