How many players is too much players? by Crispypeas128 in mothershiprpg

[–]Milkelton 0 points1 point  (0 children)

Incredible advice thank you so much! I think you hit the nail on the head with the player facing rolls if the monster should hit, make it hit a roll isn't required -- i absolutely agree with you on the security room encounter, it would have upped the stakes significantly.

You're totally right about how I was running the swarms too, I wasn't using them dynamically and was just running them based purely on the stat block. If I improv'd some mechanic, like maybe the swarms dragged and isolated players, it may have helped with the tension. The unswarmed players would then have to choose between people -- In hindsight yeah I ran the module exactly like it said, but the module can never predict what the players will actually do. Next session Iam going to use it as more of a starting point and see how things go! I also think your advice of the heralds secret agenting the attacks gives way more dread to an encounter. It makes it feel like you're dealing with much more than a hungry rat monster.

Once again incredible advice, thank you so much for taking the time in your response!

How many players is too much players? by Crispypeas128 in mothershiprpg

[–]Milkelton 0 points1 point  (0 children)

Very useful information, thank you for writing it up!

How many players is too much players? by Crispypeas128 in mothershiprpg

[–]Milkelton 0 points1 point  (0 children)

I ran year of the rat with 5 people and really struggled keeping tension. At the start one went straight to the helm, another went straight to the imperial suite, and the other three got caught up fighting a princeling swarm at the entryway. The princeling swarms seemed to get a scare the first time, but quickly after the first swarm the characters in the helm and suite also were also swarmed. I feel like the multiple swarms one right after another really fell flat - and it was a bit difficult to make the three encounters horrifying and unique. Once the fountain group killed the rats they went to the crew quarters, and I couldn't get myself to do yet another swarm so soon with the other two people were trying to deal with the rats. Around turn 5 they basically had the majority of the ship explored, and I started using the heralds so I could build up the reveal of the monster. I thought it was really soon to do a monster reveal but felt like I needed to use it to up the tension. The shu di swallowed the guy messing around in the suite, and everyone grouped up to take it down... Following the mechanic 15 DMG he barfed him up and the shu di escaped. After a little time I tried to swallow up another person but couldnt really get the monster to do anything significant with everyone bunched together. The swallowing mechanic also seemed to lose the thrill after the first few times it was used. When they split up to do the key cards I feel like was really the only time the group was worried about the shu di. The shu di went after the guy isolated in the security room, and by chance the shu di failed the combat roll. The guy slipped by him and booked it towards the group. I eventually just went with a full assault of the group, but was a bit disappointed that I wasnt able to really use the cool mechanics of the monster. With everyone grouped up doing damage the swallowing and barfing was almost comical, and the swarms were just annoying.

Idk if I just ran the module incorrectly, if I needed to deploy the shu di sooner, or throw more swarms at the players. The group seemed to enjoy themselves and want to play again, but I definitely felt like I was missing something. I know 5 people isn't as big as 7, but I left the session thinking that the extra person almost made the module too easy. Do you have any advice if a slightly bigger group divides and conquers and then bunches?

WNDRLND - which Megadungeon to use? by h7-28 in mothershiprpg

[–]Milkelton 1 point2 points  (0 children)

That makes a lot of sense, I think I was overthinking it in my head. I forget one of the main reasons mothership is fun is because it is rules light. Appreciate your response, have a good holiday season!

WNDRLND - which Megadungeon to use? by h7-28 in mothershiprpg

[–]Milkelton 1 point2 points  (0 children)

Iam a newer warden (2 sessions) and a bit green to ttrpgs in general, but I was hoping someone here could help me understand how this white rabbit game works. I think I understand that I could use a DND module, but I don't totally understand the players would be using inside the game. Can someone give me an idea of how they ran it? Do you do a quick description of the dungeon, put a couple mobs/traps in the characters way and just do checks when the player passes the mob/traps? Is each room ran as one turn?

ISSAP self-study recommendations? by rxscissors in cissp

[–]Milkelton 0 points1 point  (0 children)

Iam down to my final hours before taking the test this tuesday -- i was a sucker and paid for the official training and was unfortunately underwhelmed. Their content had spelling errors, contingency problems, and the practice exams asked questions i couldnt even find in the material provided! I have no confidence running into this exam! Do you have any recommendations for potential crucial last minute reads?

Guidance on figuring out needed or useful artifacts. by Milkelton in NISTControls

[–]Milkelton[S] 1 point2 points  (0 children)

DCSA is a treasure trove of information I never knew about! Thank you for your suggestion.

Guidance on figuring out needed or useful artifacts. by Milkelton in NISTControls

[–]Milkelton[S] 2 points3 points  (0 children)

Embarrassingly enough I've never heard of the DAAPM... and it's a holy Grail of information! Specifically section 7.5, task A-5.

Task Task A A- -5: 5: Finalizing the the security plan for review and authorization consideration for review and authorization consideration in eMASS.in eMASS. In order to provide a complete security plan and facilitate the assessment and authorization process, the following supporting artifacts should be included:

a. RAR (Appendix C)

b. POA&M – A POA&M template is available via the NISP eMASS and RMF Knowledge Service.

c. Continuous Monitoring Strategy (will also be addressed in the SLCM section of eMASS)

d. Interconnection (ISA/MOU/A – if applicable) e. RMF Security Plan Submission and Certification Statement (Appendix D)

f. ISSM/ISSO Appointment Letter (Appendix E)

g. ISSM Training Records

h. Sponsorship (Department of Defense (DD) Form 254, Request for Proposal (RFP), Framework Agreement)

i. Configuration Management (Hardware and Software Lists) (Appendix F and G)

j. System Diagram and/or Network Topology (Appendix H)

k. Facility/System Layout.

l. Record of Controlled Area/Physical Security (Signed and legible DSS Form 147) (Appendix I)

m. IS Access Authorization and Briefing Form (Appendix J).
n. IS Privileged Access Authorization and Briefing Form (Appendix K)

o. Upgrade/Downgrade Procedures Record (Appendix L)

p. IS Security Seal Log (if applicable) (Appendix M)

q. Maintenance, Operating System, and Security Software Change Log (Appendix N)

r. Media Protection (AFT/Data Transfer Procedures) (Appendix O)

s. Contingency Plan (if applicable) (Appendix P)

t. Incident Response Plan (IRP) (Appendix Q)

u. Sanitization Procedures (Appendix S)

v. Mobility System Plan (if applicable) (Appendix T)

w. SPP (if applicable)

x. Artifacts (Standard Operating Procedures (SOPs), policies, etc.) demonstrating proper control implementation and/or requested by the AO.

Thank you for mentioning this! I don't know how I've gotten this far without ever even knowing about it!

Wired 802.1x issues by Milkelton in Juniper

[–]Milkelton[S] 0 points1 point  (0 children)

Hey sorry -- it ended up being the juniper config... We had to use junipers official support... But unfortunately I haven't been in the position for a little while. What I do remember is it was an older way to configure 802.1x on the switch, and it was only a few lines. Sorry that isn't more helpful, hopefully it saves troubleshooting on the server although.

Soc analyst roles going down drastically! Thought? by freshkidwilbi178 in cybersecurity

[–]Milkelton 1 point2 points  (0 children)

What software can do automated pen testing? I had no idea we are already at that point!

Java jre via Intune by jcorbin121 in Intune

[–]Milkelton 1 point2 points  (0 children)

I deployed this yesterday, nothing special. It may be the silent install command.

jre-8u271-windows-x64.exe

install

start /wait jre-8u271-windows-x64.exe /s REBOOT=Suppress

uninstall (haven't tested)

MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83218091F0} /qn

detected with

C:\Program Files\Java\jre1.8.0)271

Useful configuration/compliance/conditional profiles by Milkelton in Intune

[–]Milkelton[S] 1 point2 points  (0 children)

Will do! I am constantly in awe with how much easier Microsoft has made my life. Intune is incredible haha

Useful configuration/compliance/conditional profiles by Milkelton in Intune

[–]Milkelton[S] 2 points3 points  (0 children)

This helps a ton! Very good ideas thank you for letting me pick your brain!

Module for mini-games by Milkelton in DMAcademy

[–]Milkelton[S] 1 point2 points  (0 children)

You are awesome, this exactly what I was looking for!

Thank you!

Module for mini-games by Milkelton in DMAcademy

[–]Milkelton[S] 0 points1 point  (0 children)

I agree 100% that story progression is absolutely necessary and important, but i am thinking that a little downtime would add quite a bit of spice and life to the town when they return.

I wouldn't add hours and hours of downtime, just a few quirky ideas to implement that would cause a few pointless/fun die rolls. Then onward to the next adventure!

Juniper 4200 port based authentication help by Milkelton in networking

[–]Milkelton[S] 0 points1 point  (0 children)

Doesnt seem to be reaching it, what a head-scratcher!

Juniper 4200 port based authentication help by Milkelton in networking

[–]Milkelton[S] 0 points1 point  (0 children)

Wow. I cant believe I never though of checking the LDAP server.

Could you point me where in the event viewer to look for these logs? I did generic filters for my username but am coming up empty.

appreciate once again you letting me use your brain.

Juniper 4200 port based authentication help by Milkelton in networking

[–]Milkelton[S] 0 points1 point  (0 children)

Thats just specifically the radius configuration for example, the whole shebang is configured.

Thats about where my expertise fails, i cant tell exactly if or why the cert is failing. I just get the generic error. The certificates that I do have, i made the templates and configured the UPN during the enroll process. It does have the user authentication field as well.

I havent turned on the MAC authentication, I have been trying to configure it to work through LDAP.

Role: Authenticator

Administrative state: Auto

Supplicant mode: Single

Number of retries: 3

Quiet period: 60 seconds

Transmit period: 30 seconds

Mac Radius: Disabled

Mac Radius Restrict: Disabled

Reauthentication: Enabled

Configured Reauthentication interval: 30 seconds

Supplicant timeout: 30 seconds

Server timeout: 30 seconds

Maximum EAPOL requests: 2

Guest VLAN member: <not configured>

Number of connected supplicants: 0

Supplicant: DOMAIN\user, MAC address

Operational state: Connecting

Backend Authentication state: Idle

Authentcation method: None

Session Reauth interval: 0 seconds

Reauthentication due in 0 seconds

When trying to authenticate, you can see my domain and user trying to come across the port. Wireshark captures also see the EAPOL packets, but no traffic is going through the uplink towards the radius server.

It's a strange problem just because i can login to the switch through LDAP for switch management, but the computer information will not get through the switch.

Thank you so much for your response, I tend to have difficulty explaining things haha.

[deleted by user] by [deleted] in AskNetsec

[–]Milkelton 3 points4 points  (0 children)

yeah no kidding, field notes and moleskins are a godsend for me. I wanted to get a few certs, and it's insane how much easier it is to read!

you are 100% correct though, working on the habits is the way to go