What skill to “recognise” someone?

As in, if for example a character hears a voice recording of someone. Such as them listening to a recording, that a journalist made of an interview. Then later incidentally meeting, someone who spoke in that recording.

What should they be called to roll, to see if they can realise that it was of them? That they’ve heard this voice before in the recording? Or to see if they don’t pick up on it.

I’m uncertain, which of the skills by the official mechanics of the system, would be the one supposed to be used. The mental ones of "discipline/conviction" don’t seem appropriate as described. But I don’t think the usual knowing people one of contacts is either.

With Crossbow Expert feat – can you Bonus Action attack on your turn, and then use a readied action to attack on someone else’s turn?

I am playing a crossbow expert ranged rogue and trying to maximize my sneak attack capabilities in order to remain competitive with regard to DPR (Paladin and Fighter in the group).

I am wondering if by RAW, I can use the bonus action attack provided by this feat first and then if it is successful, ready my regular attack to trigger on someone else’s turn – essentially allowing me a chance at two sneak attacks within the round.

I am solo-classed, so I don’t have access to Extra attack and not looking to abuse Haste. I am wondering if this is in DM-rule territory or if there is some source I can point to that would allow something like this?

How do I engage someone who is playing his character poorly?

I am DMing a game where one player has never quite seemed happy. He regularly questions rulings and gets quite hurt when he tries to do things with his character and they don’t succeed.

He is playing an elf rogue/warlock, but consistently tries to play the character like a tank, running to the front and attacking. Many of the encounters I design have a high (difficult or near deadly) CR but include puzzle elements to allow the party to win them either by achieving their goal without killing all of the opponents or by using the environment to their advantage (one was designed to give them an advantage in pushing opponents off of a high ledge, another included grease bombs that they could set on fire).

While the rest of the party tends to squeak through these encounters and have fun while they’re doing it, he has died five times. At each death I’ve come up with a way to revive or reincarnate his character, but he is still upset. I have given him numerous opportunities to roll a new character that fits his play style, but he has rejected them. I obviously cannot tell him how to play his character, but I’m at a loss for how to make the game feel fun for him, as well as the rest of the party that seems to enjoy it as is.

When I have tried to guide his character and the party more closely, he has complained about railroading. He does very little roleplaying and instead focuses almost exclusively on his stats and abilities. Put differently, how do I engage a player who is playing his character poorly?

¿Can someone impersonate you on WhatsApp?

Well I’m not a developer so I’m here to resolve a specific question.

I have been investigating this subject for a while now and I need and opinion from experts or developers which really understand about application development (I know something but not this advance) in terms of application security.

I was wondering if someone can impersonate someone on WhatsApp. That is the main objetive of this post: to specify, clarify and how to avoid this.

There is a article from CheckPoint (https://research.checkpoint.com/2018/fakesapp-a-vulnerability-in-WhatsApp/) which talks about this in detail but Check Point has not updated the article since 2018. It wouldn’t be strange that this type of vulnerability could have evolve into one that is more serious and that implies a more serious security issue to users.

That type of vulnerability which you can buy from Black Hat hackers or directly on the Deep Web.

In relation with Check Point article, I did not buy Burp Suite Pro so I could not prove the vulnerability my self, but obviously the video shows how easy is to carry out the attack specially if you are on the same network as the victim; it’s a vicious and unethical attack.

I did an experiment which consisted on the following:

1.) Install WhatsApp on an iOS Smart Phone non-rooted. 2.) Install WhatsApp on an Android Smart Phone non-rooted. 3.) Compare two type of conversations: individual and group

It is very important to highlight that the origin of the conversations where made on an iOS Smart Phone: all the conversations where made on a first instance or their origin on an iOS Smart Phone. They where also backup on an i-Cloud account and then migrated to the Android Smart Phone with a program which is specifically design to transfer iOS WhatsApp backups to Android and files in general.

The experiment was the following:

1.) I screen shot the personal and group conversations of the iOS device before transfer them to the Android device with the program. I did this because I suspected something was strange about the conversations. They did not have any type of sense in terms of: time, date and content.

2.) The last was checked with people in person. The people did not acknowledge and didn’t know about what was talked on that WhatsApp conversations. I did some light social engineering to obtain the information so the experiment will not fail (the social engineering was made through questions not computer software) and the result was quite interesting but worrying. When I installed Whats App on the Android Smart Phone and uploaded the WhatsApp backup, the personal conversations preserved their integrity but the group conversations did not. To be more specific, the group conversations came from known contacts but they came from only TWO contacts of a group of almost 100 contacts. All the conversations made on a particular group appeared to be made up by this TWO contacts not the 100 individual contacts who appear to have done the group conversation on the iOS device; another important thing is that some parts of the group conversations where missing such as: photos, videos and other common media.

3.) I obviously did not ask the two contacts which supposedly impersonate the 100 contacts and the reason for this is quite simple: they can be the attackers or the attacker used both contacts to access the WhatsApp group and impersonate the 100 contacts with or without their consent. Both of this contacts DO NOT have programming knowledge or hacking skills what so ever but may be they have and I don’t know about it; anyway is not likely that they have this type of skills because I know them personally so I did the light social engineering again and the outcome was the same.

In conclusion I can tell you that it seems to be a way to impersonate people on group conversations now a days. The most important thing in my opinion is to realize the attack vector.

In my opinion it is important to clarify if the attack vector is through the application it self (WhatsApp), the SmartPhone or the i-Cloud, G-Mail account or may be other medium from which I’m not aware.

I would appreciate if you could be specific and may be share some documentation if it exists.

can someone please tell me how can we download malware pcap in ubuntu VM in microsoft azure?

I tried to download malware pcap on ubuntu VM in microsoft azure from the putty but it is not allowing me to do so .It gives following output: 2016-12-17-traffic-analysis-exercise.pcap.zip: Permission denied Cannot write to ‘2016-12-17-traffic-analysis-exercise.pcap.zip’

can someone please tell me how can we download malware pcap in ubuntu VM in microsoft azure?

Adding Google Ad scripts in someone else’s website? [closed]

Recently I got to know about Google Ads and how to earn money by putting Google ads on a website.

I have lots of clients and I have access to their sites. What if I put Google Ads scripts on their websites and earn money from the traffic they got on their websites?

For example, I put a Google Ad script into 10 websites, and after one month, I get some revenue from their sites by traffic without letting them knowing that there is Google Ads in their site.

Might any change if they get to know there is Google Ads script in their site? Maximum chances will be that they remove that script. Is there any chances of serious problems or not?

What prevents someone from spoofing their public key when trying to establish an SSH connection?

Recently I’ve been trying to learn the mechanisms behind SSH keys but I came across this question that I haven’t been able to find an answer to (I haven’t figured out how to word my question such that searching it would give me the answer).

Basically, we add our local machine’s public key to the server’s authorized_keys file which allows us to be authenticated automatically when we try to ssh into the server later on. My question is: what if someone takes my public key (it is public after all) and replaces their public key with it? When the "attacker" tries to connect to the server, what part of the process allows the server to know that they do not have the correct private key?

I read somewhere that for RSA, it is possible for a user (let’s say user A) to encrypt/sign a message with their private key, and then for others to decrypt this message using A‘s public key, thus proving that A is really who they claim to be. However, apparently, this is not true for all cryptosystems, where it is not possible to sign with a private key (according to What happens when encrypting with private key?, feel free to correct this information if it is wrong). In those cases, how does the server make sure that the user is really who they claim to be?

What happens when you heal someone who is under the effects of Feign Death in response to Harm?

Here is a hypothetical scenario:

  1. Have Harm Cast on a player (reducing the maximum hit points)
  2. Cast Feign Death on the player, suppressing (not removing) the effects of the disease (not healing, but restoring the maximum hit points they have)
  3. Heal them (now that their maximum hit points are no longer reduced)
  4. Wake them up…

Does their hitpoint stay as they are (at maximum), or are they reduced back down (effectively taking damage again)?

Feign Death:

If the target is diseased or poisoned when you cast the spell, or becomes diseased or poisoned while under the spell’s effect, the disease and poison have no effect until the spell ends.

Harm:

If the target fails the saving throw, its hit point maximum is reduced for 1 hour by an amount equal to the necrotic damage it took. Any effect that removes a disease allows a creature’s hit point maximum to return to normal before that time passes.

Can Someone hack your phone? [closed]

Is it possible for someone to hack your phone and be able to receive replies from websites, but it still show up as your IP address’?

For instance, over time, can someone access websites etc through your phone, and get the replies back from websites but make it look as though it’s coming from your phone? (Your data connection/WiFi)