Ideas on how to handle a denying/unaware team attacking player? [closed]

Short: Right now I’m thinking about our next session and how to handle a PC who has attacked us the second time with an AoE spell. To defend him: he’s denying that he has done it intentionally and even saying that he doesn’t know anything about it.

First: I don’t want/need the best solution, just some ideas – like "how would you react?".

But I will start by describing the whole situation:
We are a group of 5 PC – there are two double-pre-mates and I’m the lonely fifth one. Two sessions ago the fighter in question attacked two of us the first time while we explored a mine occupied by wererats and some following smaller ones. The first small rat attacked him, as he’s always the one going first. Our archer, the rat and I were attacked by black tentacles getting out of the face of our knight and/or the rat – as the rat bite him in his face. The rat was slashed in three parts and the archer and I were lucky enough to dodge. After we cleared the room we surrounded the fighter and asked him what it was, if he has any explanation or why he did it to us. He has only answered that he doesn’t know what it was and he hasn’t done it. We told him that we will watch him and aren’t really trusting him anymore.

Some days (in-game) later we got to an old cathedral occupied by orcs and ogres. We attacked the orcs with the help of the wererats, as the cathedral is the real home of them. While fighting the first ogre (the fighter his accompanying cleric and I) these black tentacles popped up again, this time clearly out of his mouth, and attacked the ogre, an orc, the cleric and me. All were damaged (necrotic) and also prevented reactions for one round as we had to get rid of these tentacles first.
During the fight we haven’t talked about it as there were a lot more orcs than we thought first. The end of our last session was that we have "finished" (we haven’t checked the cathedral – only surrounding) the fight. We’ve lost some wererats and we all are heavily damaged, nearly all spell-slots are used and we have this big-black-mysterium in our group.

As it was the second time, this time we were damaged and we’ve clearly seen that the origin of these tentacles is the fighter we have to react somehow.

My current idea is to call the archer, as he still doesn’t trust the fighter and was betrayed in his past, so he will very likely support me. After this I would like to approach the fighter and "command" him to drop his weapon and get on his knees. I have placed a force-ballista (artificer) during the battle and can use my crossbow. If he doesn’t follow we get to the first problem – if I really attack him he will get very likely unconscious as he has 4HP remaining. Should I? I’m a lawful-neutral/good dwarven artificer, trying to get part of "Hammers of Moradin" and waiting for a sign of Moradin himself that I’m worthy to join the hammers.
So from my perspective it would be possible for my PC to attack a presumably lying, betraying, team-attacking, necromancy casting human fighter.
But in success-case, he’s now on his knees, I would at first arrest/tie him, ask him again in hope that he will talk more about these tentacles and otherwise transport him to the next town to present him to the local guards or similar and get him judged.

Now the question: do you have other ideas? How would you react? Everything is possible/valid response – as I’m pretty new to DnD (it’s my first campaign) and I want to get some ideas about what else could be possible.

Where to store tokens for analysis team members

As part of their day-to-day work, each member of our analysis team must handle a variety of sensitive information. For example: username and passwords for our internal databases, and tokens for accessing APIs. Some of this is specific to each individual, while some are shared by the whole team.

Ideally, each team member would only need to enter some individual login information once and then have automatic access to everything. For instance, our custom analysis libraries would need to be able to find the tokens it needs to access the web services we use.

What is a best practice for handling this type of situation?

Balancing story with team play

The crux of the problem is that to stick true to my character and the situation he is in I feel he wouldn’t bring the rest of the party along to something he needs to do. Me the player, however, is aware that this breaks up the flow of play and other players will have to sit around for a while waiting.

I’ve spoken to my DM and without giving anything away they said I should feel free to stick to my character. We’re all fairly new to DnD though so I don’t want to put too much strain on us at this point.

There are plenty of people here with more experience than us, how would you proceed? Split up? Keep together? What about at different levels of experience?

How do you know when its best to split up and stick to your character?

cybersecurity startup (vulnerability research & red team )

If I wanted to move from independent to a good plan to build a startup based on what I basically have been worked on corporates penetration testing, some red team engagements, but I have been for the last few years into vulnerability research, but I would like to apply to business too. of course, I cannot start with everything, but how do companies offering vulnerability research sell the service without having a product like Metasploit, core impact or selling exploits to the government? the closest to this area is application vulnerability analysis/product security that it takes from web app to software, looking for loopholes, and giving remediation. it may also involve the following stuff depending on engagement restrictions

fuzzing reverse engineering protocol analysis data injection target application binary analysis and debugging session manipulation flow analysis 

Can a Nova use “Boost” and spend Team on the same roll?

The Nova class has a flare entitled “boost” (bold added for emphasis):

Spend 1 burn to supercharge a teammate’s efforts with your powers, giving them a +1 bonus to their roll as if you had spent Team from the pool.

Now, I know that the rules for using Team state (Masks, p. 82):

each teammate can only spend one Team out of the pool for any single roll

But I’m not clear whether the “as if you had spent Team” part of the Boost flare means that you are restricted from spending an actual Team on the same roll.

So if a Nova has already spent a blaze to add a +1 to a teammate’s roll with Boost, could that Nova also spend a Team to add an additional +1 to that same roll?

What’s the RPG about a journey from A to B, with examples about French soldiers going to kill Hitler and a team trying to win a TV race contest?

There’s this roleplaying game that’s all about a group of people trying to get from point A to point B.

The two example scenarios that are the base for all the examples in the manual are French soldiers going to Berlin to kill Hitler and guys on a TV game show needing to reach point B to win a prize before a team of hunters catches them.

If I’m not mixing two different games together, the main game mechanic is throwing dice from a certain distance at a target lying flat on a table. Rolling outside the target (too long or too short) or knocking over the pile of dice stacked in the center of the target means failure.

Should I present forged documents in a Penetration Test/Red team engagement?

A previous question of mine lead to this discussion which mentioned the subject of Document forgery.

I’ve seen many people (in videos) forge IDs and employee badges for such engagements so that seems fine as a test. However, if asked to present a more critical/serious document like a “Permission to Attack” slip (when caught), or asked by a police officer to present some ID, should we test them by first show them a forged “Permission to Attack” slip or ID and only show the real documents if caught?

What to do if caught in a Red Team engagement?

I’ve seen a lot of people talk about how to pentest and how NOT to get caught during engagements but have a hard time finding “How to behave when caught during a Red Team engagement”.

Red Teams are to simulate adversaries attacking systems. Many actions can’t be done (or at least very hard to) with just some computers and Red Teams often have to go on site and break in (legally). What I’ve seen so far is people succeeding in not getting caught. However, I haven’t seen anyone talk about what to do when caught. It may just be some suspicion or even being chased by security (possibly armed).

In cases wear a Red Teamer is caught during an engagement, what should he/she do?

  • Say “I’m a security tester. You’ve caught me so I’ll just leave.”
  • Run away like a criminal with their stolen data (which sounds fun but dangerous) to be more like an actual criminal attacker
  • Contact the employer to report it and get a “just continue” pass
  • Quietly come along for some possible interrogation (I think this would be the safest)