Ways to prevent Counterspell from being cast?


What ways can a character (PC or Monster) prevent an enemy from casting counterspell?

What I can think of so far:

  • Surprise the enemy and win initiative
  • Cause the enemy to be incapacitated (or stunned/paralyzed/unconscious)
  • Provoke the enemy into using a reaction earlier in the round (readied action, opportunity attack, previous spell)
  • Avoid using perceivable spell components
    • Sorcerer subtle spell metamagic
    • Level 20 Druid Archdruid feature
    • Casting a spell with only material components (eg. Minor Illusion)
  • Prevent somatic components
    • The enemy is holding objects in both hands
  • Block line of sight (often interferes with targeting)
    • Spells such as Fog Cloud, Darkness, etc.
    • Physical barriers such as walls or large creatures

Are there any other options available that I am missing?

Does losing the use of a feat also prevent the use of feats that have that feat as a prerrequisite?

I’ve seen many similar questions but I’ve not seen this exactly answered.

Let’s say that I’m rolling a 10 Int character and gets a temporary buff to Int by an item that let’s him pick Combat Expertise. Sometime after, he picks the item again on a level up and picks Karmic Strike. If he loses the Int bonus, aside from the use of Combat Expertise, does he also lose the use of Karmic Strike due to losing the use of Combat Expertise?

Prevent directory traversal vulnerability in bash script

How can I prevent directory traversal attacks in a bash script, where arguments contain directory names?

Example:

$  STAGE=$  1 $  APP=$  2 deploy.sh dist/ /opt/apps/"$  STAGE"/"$  APP" 

The $ STAGE and $ APP variables are set from outside. An attacker could change this to an arbitrary path with "..".

I know the usual solution is to compare the directory string with the result of a function that returns the absolute path. But I couldn’t find a ready solution and don’t want to come up with my own.

How to prevent from DNS spoofing in Java code which obtains a name of localhost

FORTIFY static scan has detected that this piece of our java code is vulnerable to DNS spoofing attack:

public String getLocalhostName(){     try {         return Inet4Address.getLocalHost().getHostName();     } catch (UnknownHostException e) {         return null;     } } 

FORTIFY also gives these recommendations:

Recommendations:

You can increase confidence in a domain name lookup if you check to make sure that the host’s forward and backward DNS entries match. Attackers will not be able to spoof both the forward and the reverse DNS entries without controlling the nameservers for the target domain. This is not a foolproof approach however: attackers may be able to convince the domain registrar to turn over the domain to a malicious nameserver. Basing authentication on DNS entries is simply a risky proposition.

My questions are:

  1. Is getting the local host name really vulnerable to such an attack ? I can’t imagine such a scenario.
  2. How to implement this check in practice (in this code snippet)?

Tkank you.

How do you prevent the appearence of ‘immortals’

I haven’t played Microscope yet, but I’ve watched various playthroughs and read the book multiple times. One thing I’m struggling to understand is the game’s stance on how period lenght should relate to the characters’ lifespan. The book says this:

“Another good rule of thumb is never to have character lives span more than one Period since that starts to weld adjacent Periods together.”

Which makes sense. Not only does this weld adjacent periods together, but also makes the two periods dependent on each-other and harder to wedge anything in between. If a character appears in multiple periods, she becomes immortal almost ‘by definition’ as from that point onwards it doesn’t matter how many new periods will be inserted between those initial two, the character would still be alive in both.

And there seems to be a natural tendency for the players to try to tie the history together, by putting the same character into different periods. I’ve seen it in multiple games, but no one called it out as a violation of the rules, or something that should not be done. If such thing happened, the players always commented along the lines of “Oh, so those two periods are that close together. Now we know that. Okay, let’s move on”.

I do understand that a group could put ‘Immortality’ (and ‘Time travel’) on the Palette, but for me that sounds like a waste of Palette space, and if someone has to explicitly add it to the Palette, this robs the player from adding something of her own. I also do understand that a group can make a house rule of not having these things in game even if they are not on the Palette. Or to add them to the Palette ‘by default’. It just seems weird for me that banning these is not among the rules. Not even as optional ones.

How do you manage this in your group? Is this really such a problem, or am I reading too much into it and Microscope is really entirely functional if characters’ life can span across multiple periods?

Prevent XXE attack by preprocessing XML

I have an old project which parses XML files coming from an external origin, so it is at least in principle vulnerable to XXE.

It is difficult to update the project to use newer versions of XML libraries, which can be configured to prevent XXE from happening. So I am looking instead for a “manual” solution; since XML files which arrive, should not have <!ENTITY and such, it looks to me that it should suffice to remove from the text of the XML file the <!DOCTYPE> content for this purpose.

Am I missing something here?

What mechanisms prevent me from “ptraceing” a signed OSX application?

I want to debug an application I have installed on my Mac.

The application comes in a “.app” format, which is basically a folder including the binary and some other frameworks and resources.

I was trying to attach to the process using ptrace(), but it seems that I get blocked by doing so (even while running as root).

I am able to debug other apps (which I compiled myself).

I was wondering what mechanism is stopping me from doing so, and, is there is any way to bypass it.

Thanks!

Help me to prevent my site from negative SEO

Hi guys,

I’m not sure if here is the right place to post my thread but I’m desperate.
As here most of you are familiar with software that create automatic backlinks I hope to find some help here.

Few months ago my my website started loosing rankings in Google and when I checked on google search console i found that my site was hit by a negative seo campaign – someone blasted few thousand backlinks ( mostly on russian language) with anchors: “forex”, “trading”…and so on. I want to point that my site has nothing to do with forex – it is a London based man and van company). Just open ahrefs and check my site and you will see these spam anchors are still there.

Then they just remove these spam links somehow and over 70% of my traffic disappeared. How is that possible?

I have checked all backlinks one by one and added the spam ones in the disavow file but the site doesn’t recover – the traffic now is 70% less then before the negative seo campaign.

My question is how can I prevent from such negative seo campaigns and most importantly – how to recover my site?

Does a Paladin’s Aura of Courage prevent or suspend frightened effects?

While you’re standing in a Paladin ally’s Aura of Courage:

[the Paladin] and friendly creatures within 10 feet of [the Paladin] can’t be Frightened while [the Paladin is] conscious.

Does this prevent effects that cause Frightened from applying at all, or only suspend them while you stand near your Paladin?

Example: I am standing next to my level 10+ Paladin friend, and we are facing an Ancient Red Dragon. It uses its Frightful Presence.

Do I:

A) Do nothing – I am immune to this effect as a result of the aura.

B) Roll the saving throw – and if I fail the effect is applied to me, but the Frightened condition involved in it is suppressed as long as I am near my Paladin.

This Q&A asks a similar question, but after such an effect has already been applied to a PC – I feel the answer may be different when it comes to the initial application of the effect.

Due to the identical wording, it’s likely that any answers to this question would apply to the Devotion Paladin’s Aura of Devotion and charm effects as well.