Feed aggregator

Flashback: DC at Marvel Collected Edition

Sorcerer's Skull - Fri, 03/26/2021 - 11:00
The original version of this post appeared in 2018...

In case you missed the previous installments, here's a collated list of the posts I've done so far based on the idea that the staff at Marvel in the late 50s early 60s got to revamp DC's Golden Age characters (except for those that never stopped being published). The idea was introduced here.

All the characters presented so far are statted for the TSR Marvel Superheroes rpg:

The Atom The Nuclear Man!
Green Lantern Most Cosmic Hero of Them All!
Hawkman Master of Flight!
And a couple of villains Silver Scarab, the nemesis of Hawkman, and Star Sapphire--is she Green Lantern's lover or his enemy--or both?


VIDEO PANEL EXCLUSIVE – Who’s The Best? … Debates the Doctor Who Companion

Blogtor Who - Fri, 03/26/2021 - 09:49

CNN’s Sandro Monetti, host of the award-winning podcast, Who’s the Best? is a favourite on the San Diego Comic-Con.  But since fan-based conventions have been on hold for the past year, he’s pulled together one of his famous Doctor Who panels together online Exclusively for Blogtor Who. Sandro as previous chatted with several of the […]

The post VIDEO PANEL EXCLUSIVE – Who’s The Best? … Debates the Doctor Who Companion appeared first on Blogtor Who.

Categories: Doctor Who Feeds

Doctor Who: Extra Stories Added to Fourth Doctor Adventures Series 11 and 12

Blogtor Who - Fri, 03/26/2021 - 09:00

More Tom for all! The Fourth Doctor Adventures moves to a three volume format with Series 11 There’s bonus Baker in the upcoming Doctor Who – The Fourth Doctor Adventures, with extra full-cast audio adventures now planned throughout 2022 and 2023. In addition to the stories already announced for each series, a third release will […]

The post Doctor Who: Extra Stories Added to Fourth Doctor Adventures Series 11 and 12 appeared first on Blogtor Who.

Categories: Doctor Who Feeds

Further OSR Commentary With Lamentations of the Flame Princess & CM2: "Death's Ride" (1984) by Garry Spiegle

Swords & Stitchery - Fri, 03/26/2021 - 02:13
"A strange black cloud hangs over the Norworld barony of Two Lake Vale, which is cut off from the rest of the world. As the player characters move to investigate, they encounter armies of the living dead and other vile creatures besieging the last pockets of human resistance." Tonight we're fufilling an email request for using CM2 Death's Ride with LoFP. And yes this would also work as a Lion & Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Doctor Who: Philip Hinchcliffe Presents: The God of Phantoms – COMING SOON!

Blogtor Who - Thu, 03/25/2021 - 21:20

It’s getting ghostly for the Fourth Doctor! Big Finish delves once more into the gothic era of classic 1970s Doctor Who, with a brand-new thrillingly epic adventure In the mid-1970s producer Philip Hinchcliffe was a driving force behind some of the most popular seasons of Doctor Who ever. Since 2014, he’s also been the mind […]

The post Doctor Who: Philip Hinchcliffe Presents: The God of Phantoms – COMING SOON! appeared first on Blogtor Who.

Categories: Doctor Who Feeds

Perkiler malware turns to SMB brute force to spread

Malwarebytes - Thu, 03/25/2021 - 20:52

Researchers at Guardicore have identified a new infection vector being used by the Perkiler malware where internet-facing Windows machines are breached through SMB password brute force.

Perkiler is a complex Windows malware with rootkit components that is dropped by the Purple Fox exploit kit (EK) and was spread by phishing campaigns.

What is SMB?

Server Message Block (SMB), aka Common Internet File System (CIFS), is the network-protocol that enables file exchanges between Microsoft Windows computers. You will find it wherever Windows computers are sharing printers, files, and sometimes remote control. By default, SMB is configured to use the ports 139 and 445.

SMB vulnerability history

SMB has a history of being used by malware (coupled with a history of being enabled by mistake and exposed to the Internet by accident). The most famous example of SMB-exploiting malware is WannaCry. This worm-like outbreak spread via an operation that hunted down vulnerable public facing SMB ports and then used the EternalBlue exploit to get on the network, chained with the DoublePulsar exploit to establish persistence, and allow for the installation of the WannaCry ransomware.

What are brute force attacks?

A brute-force password attack is a relentless attempt to guess the username and password of one or more systems. As it sounds, a brute-force attack relies on force rather than cunning or skill: It is the digital equivalent of throwing everything and the kitchen sink at something. Some attacks will try endless combinations of usernames and passwords until finding a combination that works, others will try a small number of usernames and passwords on as many systems as possible.

Brute force attacks are usually automated, so they don’t cost the attacker a lot of time or energy. Certainly not as much as individually trying to figure out how to access a remote system. Based on a port number or another system-specific property, an attacker picks the target and the method and then sets his brute force application in motion. He can then move on to the next target and wait to get notified when one of the systems has swallowed the hook.

Not a new infection method

The fact that the researchers found the Perkiler malware attacking Windows machines through SMB password brute force came as something of a surprise. Not because of the SMB brute force per se. SMB has always been brute forced, but why would you bother when you have:

  • EternalBlue that allows you to own every single unpatched SMB server without going through the brute force routine.
  • A few million RDP ports you can brute force with a potentially bigger gain. Remote desktop is exactly what the name implies, an option to remotely control a computer system. Which is much more interesting to an attacker than just being able to drop a file on an SMB server.

The answer to this question remains a mystery for now. Maybe they are planning ahead for when the number of vulnerable RDP servers dries up.

Using compromised machines

Perkiler uses a large network of compromised servers to host its dropper and the payloads. These servers appear to be compromised Microsoft IIS 7.5 servers. Most of these Windows Servers are running IIS version 7.5 and Microsoft FTP, which are known to have multiple vulnerabilities with varying severity levels.

The rootkit

Once a machine is infected with the new variant of Perkiler, it reboots to load the rootkit that’s hidden inside the encrypted payload. The purpose of this rootkit is to hide various registry keys and values, files, etc. Ironically enough, the hidden rootkit was developed by a security researcher to conduct various malware analysis tasks and to keep the research tasks hidden from the malware.

Infected machines

Once the machine is restarted, the malware will be executed as well. After its execution, the malware will start its propagation process: the malware will generate IP ranges and start scanning them on port 445. When a machine responds to the SMB probe on port 445, it will try to authenticate to SMB by brute-forcing usernames and passwords, or by trying to establish a null session.

One interesting detail is that the malware will install an IPv6 interface on the infected machine to allow the malware to port scan IPv6 addresses as well as to maximize the efficiency of the spread over (usually unmonitored) IPv6 subnets.

Mitigation

In theory, brute force password attacks conducted over the Internet can be defeated by even moderately strong passwords (six characters should be enough). However, even the threat of big-game ransomware using RDP brute force attacks hasn’t been enough to get people using stronger passwords. And if the prospect of facing a $50 million ransom isn’t enough motivation, it’s hard to see anything else working.

Luckily there are other, easier ways to blunt brute force attacks. The best defence of all is to remove the SMB (or RDP, or anything else) service from the Internet entirely, if possible, or to put it behind a VPN protected by two-factor authentication if it isn’t possible.

The post Perkiler malware turns to SMB brute force to spread appeared first on Malwarebytes Labs.

Categories: Techie Feeds

OSR Sword & Sorcery Commentary - CM2: "Death's Ride" (1984), by Garry Spiegle

Swords & Stitchery - Thu, 03/25/2021 - 19:44
"A King's Commission leads to danger!All communication with the barony of Twolakes Vale has ceased. King Ericall, worried about the security of his border and angered at the loss of tax revenues, has commissioned you, a delegation of powerful adventurers, to investigate. This is not a petty problem to by solved by the armies of local nobility. Indeed, the king's forces are desperately needed Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Slack hurries to fix direct message flaw that allowed harassment

Malwarebytes - Thu, 03/25/2021 - 18:37

The enormous work messaging platform Slack quickly reversed course yesterday, promising to revise a brand-new direct message feature that could have been misused for harassment.

Added to the company’s “Slack Connect” product—which lets enterprise users share messages with contract workers and third-party partners outside their company—the new “direct message” feature allowed paying Slack users to message anyone outside of their company or organization, so long as they had another person’s email address. The messages came attached to an invite, but as many tech news outlets and concerned online users noted, there was no way for recipients to block the invites, or to block the content of the messages that came attached to the invites.

As Twitter product employee Menotti Minutillo said on Twitter, the implementation of Slack Connect DMs meant that malicious users could send repeated DM invites with harassing language, and that Slack would also email the DM’s recipient with the invite, including the harassing language. DM recipients would also have trouble blocking those emails as they came from a generic email address, too, Minutillo said.

well that was easy as shit to abuse

– send invite with nasty language
– slack emails you w/ the full content of the invite
– can't block the emails because they come from a generic slack address that informs you of invites
– abuser can keep inviting w/ abusive language https://t.co/Mw9W5L251a pic.twitter.com/dWEAD7ccRO

— Menotti Minutillo (@44) March 24, 2021

Further, according to TechCrunch, the Slack Connect DM feature is opt-in at the organizational level, meaning that individual employees could not, alone, overwrite their company’s decision, should it choose to enable the feature.  

Less than 24 hours after Slack Connect DM’s full release, Slack realigned. According to Slack Vice President of Communications and Policy Jonathan Prince, the company will disable the capability to customize messages that are attached to Slack Connect DM invites.

Prince’s full statement is as follows:  

 “After rolling out Slack Connect DMs this morning, we received valuable feedback from our users about how email invitations to use the feature could potentially be used to send abusive or harassing messages. We are taking immediate steps to prevent this kind of abuse, beginning today with the removal of the ability to customize a message when a user invites someone to Slack Connect DMs. Slack Connect’s security features and robust administrative controls are a core part of its value both for individual users and their organizations. We made a mistake in this initial roll-out that is inconsistent with our goals for the product and the typical experience of Slack Connect usage. As always, we are grateful to everyone who spoke up, and we are committed to fixing this issue.”

Slack’s quick work to fix the problem is appreciated, but it is curious that the company did not catch the problem before the full rollout. The company has already faced complaints about the limited features in the free version of its platform, which allows users to visibly show harassing language without even having to actually write and send messages. This is because Slack automatically sends notifications when new users join a thread, so if those new users stylize their username to be an insult, then the users in that thread will receive a notification that includes that language.

Further, the problem of harassment on messaging platforms is far from new. On the Lock and Code podcast, when we spoke with Electronic Frontier Foundation’s Director of Cybersecurity Eva Galperin, Galperin warned about this very issue.

“Primarily, the onus for making safe platforms, is on the makers of the platforms,” Galperin said. “And so, if there are people who are listening to this podcast, who are developing software or who are developing platforms or services for commercial use, I encourage them to think about how their tool will be used for harassment.”

Galperin provided specific guidance for any platform with messaging capabilities. She said that those platforms should make it possible for users to not use their real names, and for users to block other users or to mute certain keywords. This setup, Galperin said, is beneficial for both the user and the company.

“If you give the power to the users, then they can decide what is harassment and what is abuse, and it really takes the onus off the platform to be judge, jury, and executioner for every communication that somebody has online.”

Unfortunately, Slack users could not block users—and in fact the company has pushed back against such a feature for years—or mute keywords, and users would have trouble filtering out emails from Slack’s generic email addresses that included the DM invites and the accompanying messages.

These may sound like high-level discussions that are difficult to forecast, but there is actually a far simpler way to look at the problem. To borrow the words of Twitter user @geekgalgroks, a developer and accessibility advocate:

“Seriously with every new messaging system and feature ask yourself if people can send unsolicited dick pics and if those receiving them can block the sender.

Because it will happen.”

The post Slack hurries to fix direct message flaw that allowed harassment appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Bunny Squish Tutorial

Moogly - Thu, 03/25/2021 - 15:15

The Bunny Squish Tutorial will take you through the tricky bits of this easy crochet bunny stuffie pattern – in both right and left-handed videos! Follow along with the free pattern here on Moogly! Disclaimer: This post includes affiliate links; materials provided by Yarnspirations. Bunny Squish Tutorial: How to Crochet the Bunny Squish – Right...

Read More

The post Bunny Squish Tutorial appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

2
Categories: Crochet Life

On time running out

Hack & Slash - Thu, 03/25/2021 - 13:47

I've been live streaming for 19 hours. I will continue to do so for another 10!!

My Kickstarter just crossed 12.8k!!! Don't miss out.

You will be sad. You will say, "Why don't I have the special Kickstarter edition with extra monster gooey gonzo goodness." You can not buy it. It will make you sad when other people are happy with what you cannot have.


CHANGE YOUR FUTURE NOW!!! 




Hack & Slash 

FollowTwitchNewsletterSupportDonate to end Cancer (5 Star Rating)


Categories: Tabletop Gaming Blogs

'Playing Out In The Rocks' Cepheus Engine Rpg Session Report - Surprise Attack In The Asteroids!

Swords & Stitchery - Thu, 03/25/2021 - 06:06
 Tonight's Hostile Cepheus Engine hybrid game picks up immediately after last week's session here. We find the New England Bouys not in a happy place tonight. They've sent a probot on a mission to check out the alien power station in tonight's game with a solid sensor package. Ron Cobb Nostromo interior concepts from here They have the option of sending in a manned  Horizon Survey craft ( they Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

1490

Looking For Group - Thu, 03/25/2021 - 04:00

The post 1490 appeared first on Looking For Group.

Categories: Web Comics

Torchwood: Lease of Life – OUT NOW from Big Finish

Blogtor Who - Wed, 03/24/2021 - 22:29

This month’s Torchwood adventure is a real grower for Dr Owen Harper The latest Torchwood adventure from Big Finish is out today. Joining Burn Gorman as Owen in Lease of Life are Rosalie Craig (Company, City of Angels), Luyanda Unati Lewis-Nyawo (The War Master) and Angus Yellowlees (Last Commanders). Together they navigate the houseshare from […]

The post Torchwood: Lease of Life – OUT NOW from Big Finish appeared first on Blogtor Who.

Categories: Doctor Who Feeds

'The Wish Echoed ' OSR Readings - Illusionists, Dragon issue#12 & Astonishing Swordsmen & Sorcerers of Hyperborea

Swords & Stitchery - Wed, 03/24/2021 - 19:53
Recently the Astoninshing Swordsmen & Sorcerers of Hyperborea humble bundle came into my greedy hands & upon rereading AS&SH some very interesting things came to light.  Sometimes you've got to go back to the well & in this case it was Disney+'s Wandavision ( watched the entire run over a friend's house. Because I absolutely refuse to give Disney the time of day. This has nothing to do with Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

GFL – Page 0051

Looking For Group - Wed, 03/24/2021 - 16:20

Grouping For Looks is a page-by-page retelling of the Looking For Group saga through the lens of a mirror universe where Cale is a goateed tyrant and Richard is a holy soul trying to set him on a good path. […]

The post GFL – Page 0051 appeared first on Looking For Group.

Categories: Web Comics

Software renewal scammers unmasked

Malwarebytes - Wed, 03/24/2021 - 16:01

We’ve been tracking a fraudulent scheme involving renewal notifications for several months now. It came to our attention because the Malwarebytes brand as well as other popular names were being used to send fake invoices via email.

The concept is simple but effective. You receive an invoice for a product you may or may not have used in the past for an usually high amount. Feeling upset or annoyed you call the phone number provided to dispute the charge and ask for your money back.

That was your first mistake. The second is letting strangers access your computer remotely for them to uninstall the product in order to avoid the charge. Before you know it your computer is locked and displaying random popups.

In this blog, we follow the trail from victim to scammer and identify one group running this shady business practice.

Fake renewal notifications

We’ve received a number of similar reports from people that have been scammed or simply wanted to alert us. It starts from an email using branding from a number of security companies, although in this blog we will focus on those that impersonate Malwarebytes.

The email includes an invoice renewal for the product stating that it has already been processed via credit card. The amount usually is in the $300 to $500 range, which is a lot more than what we normally charge.

The scammers are hoping victims will call them to dispute the automatic renewal. In the heat of the moment, most people would not think to check their bank or credit card statement instead.

This scheme is essentially a lead generation mechanism, just like what we see with fake browser alerts (browlocks). It just happens to use a different delivery vector (email) and is perhaps just as, if not more effective.

Remote access and sales pitch

Victims are instructed to visit a website to give the ‘technician’ access to their computer. The reason given is that the service needs to be uninstalled first before a refund can be granted.

In this instance, the scammers asked us to visit zfix[.]tech, a website linking to a number of remote access programs. They asked us to download TeamViewer and share the ID and password so they could connect.

They also quietly downloaded and installed another program (SupRemo) to maintain unattended access. This means that even if you shutdown TeamViewer, the scammers can still connect to your computer when they feel like it.

The next part of the scheme is interesting because it shows how the fraudsters are able to extort money from their victims. Since the renewal email is fake they have to find a way to trick you into paying them even if you refuse to.

The scammers take to their favorite tool, notepad, to start typing away about the risks of not renewing the service. They particularly insist on the fact that the computer may not work anymore if they proceed.

Locking up the machine

Scammers have been known to lock victims’ machines on numerous occasions. They typically use the SysKey Windows utility to put a password that only they know.

In this case, they used a different technique. Working behind the scenes, they downloaded a VBS script onto the machine which they placed into the Startup folder.

The Startup folder location is a loading point that can be abused easily because it can trigger code to run when the system loads Windows. Unsurprisingly, before parting ways, the scammers asked us to restart the machine to complete the uninstallation process.

After a restart, we see an alert dialog about the Windows license being out of date. This message keeps on showing despite clicking the OK button and also starts to open a number of browser windows to mimic some kind of malware infection.

At this point, you might be tempted to call the number for help but this would end in paying hundreds of dollars to fraudsters. There is a way to restore your computer safely which we cover in the next section.

Disabling the locking script

The first thing to do is disconnect your machine from the Internet. If it’s using a wired cord to the modem unplug it, otherwise simply turn off the modem or your WiFi access point.

Then proceed to disable the script:

  • Ctrl+Alt+Delete
  • Select Task Manager
  • Select Microsoft Windows Based Script Host
  • Click ‘End task’

Then delete the script:

  • Click ‘More details’ (if needed) in Task Manager
  • Choose ‘Run new task’
  • Type explorer in the box

Your Desktop will be visible again, allowing you to browse to:

C:\Users\[your username]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

From there, delete the WIN LICENSE.vbs file

Identifying the scammers

We don’t always get too many details from scammers that could help us to identify who they are, but sometimes with luck, skill and tools like HYAS Insight we can shed light on adversary infrastructure. Here the scammers left a few trails with the VBS script but more importantly the first website we visited to download remote access software.

We were able to identify the registrant behind the zfix[.]tech domain as being Aman Deep Singh Sethi using the aman.techsquadonline@gmail[.]com email address. Pivoting on the associated phone number [+9]19810996265 we uncovered a larger piece of their scamming infrastructure as well as an associate named Swinder Singh.

Both individuals are registered as directors of a company in New Delhi called Lucro Soft pvt located at 14/28, F/F SUBHASH NAGAR NEW DELHI West Delhi DL 110027.

Although this company was incorporated in 2018, the scammers have been active since at least 2015 and used several different domain names and identities. We are blocking this infrastructure and reporting it for takedown as well. If you would like more information about this group, please get in touch with us.

An active scheme

This particular scheme has been very active for the past few months and it is difficult to estimate how many people fell victim to it.

Tech support scams have been around for many years and continue to be a huge problem in part because of the lack of action on the field where they are known to take place.

However, there is also a strong community out there that is pursuing scammers and giving back to victims. The likes of Jim Browning who made headlines for his hacking into the CCTV of a call centre are doing a tireless job. For this investigation, we used a Virtual Machine that was made by @NeeP that mimics a normal user desktop.

If you are a Malwarebytes customer and have any questions about your renewal, please visit our official page here.

Indicators of Compromise

Phone numbers:

1[-]833[-]966[-]2310
1[-]954[-]800[-]4124
1[-]909[-]443[-]4478 
1[-]877[-]373[-]2393
1[-]800[-]460[-]9661
1[-]325[-]221[-]2377
1[-]800[-]674[-]5706
1[-]855[-]966[-]6888
1[-]877[-]373[-]2393
1[-]866[-]504[-]0802

Emails:

aman.techsquadonline@gmail[.]com
aman.bigrock1@gmail[.]com
aman.bigrock2@gmail[.]com
aman.bigrock3@gmail[.]com

Domain names:

help-live[.]us
live-support[.]us
quick-help[.]us
network-security-alerts[.]com
cyberonservices[.]com
zfix[.]tech
2fix[.]tech
cybersmart[.]xyz
live-support[.]us
safebanking[.]biz
classifiedlookup[.]com
quickhelpdesk[.]in
cyberonservices[.]com
support247live[.]us
help-live[.]us
2fix[.]tech
cmdscan[.]info
rrlivehelp[.]com
delvelogic[.]us
quickhelpdeskk[.]us
quick-help[.]us
quickhelpdeskk[.]us
amazondevicesupports[.]xyz
live-online-support[.]info
help365[.]us
cyberonservices[.]com
rightassists[.]com
yahoomailhelplinenumber[.]com
hotmailhelplinenumber[.]com
webroot-support-number[.]com

The post Software renewal scammers unmasked appeared first on Malwarebytes Labs.

Categories: Techie Feeds

BBC Studios Introduce New ‘Doctor Who: The Collection’ Standard Packaging Range with Season 12 and 19 Re-Releases

Blogtor Who - Wed, 03/24/2021 - 12:00

BBC Studios have announced a new range of standard packaging releases as part of its Doctor Who: The Collection blu-ray range, beginning with Seasons 12 and 19 Over the past few years, Doctor Who: The Collection has allowed fans to rediscover Doctor Who‘s classic era, as several seasons from the show’s original run have been […]

The post BBC Studios Introduce New ‘Doctor Who: The Collection’ Standard Packaging Range with Season 12 and 19 Re-Releases appeared first on Blogtor Who.

Categories: Doctor Who Feeds

Night of Blood, Warhammer adventure review

Ten Foot Pole - Wed, 03/24/2021 - 11:31
By Jim Bambra, Lindsay Law Cubicle 7 WFRP 4e "Relatively new characters"

It’s a dark, stormy night, and the forest creaks as foul creatures howl through the undergrowth. As freezing rain slices from the roiling sky and attack threatens from all sides, the desperate adventurers stumble upon the warm glow of a fortified inn. But everything isn’t as it seems, and soon the unwitting heroes face deceit, betrayal, and horror as they strive to survive a terrifying Night of Blood.

This eleven page adventure details a small inn that has been taken over by cultists posing as the innkeeper & staff. It sets up some interesting situations and has some decent specificity and flavor, but could use a little less abstracted generalities and a little more traditional formatting. It comes to me as a request to review.

It looks like this adventure appeared in a 1987 edition of White Dwarf, and then was updated and released as a separate product in 2018 for the 4e version of the WFRPG. This explains the original writing credit (Bambra) and the updated one (Law.) I’m not sure how he original went. This one has some issues.

There is some great color in this adventure. That, and the setting up of situations, is one of its great strengths. It starts with the party caught out in a forest road, in a storm, at night. You can hear the braying of the beastmen in the distance. The braying gets closer, and closer. And then it stops, they having brought down the deer they were chasing. The party, of course, doesn’t know this. They are just shitting themselves by this point, this early in the adventure! They see an inn in the distance. The gates in the walls are locked. The ferryhouse, unlocked, shows signs of a struggle and blood, if investigated. Getting in through the side doors of the walls, the party hears unhappy horses from the stables through the storm, and sounds of laughter and mirth from the inn. 

What the adventure does very well is create tension and go back and forth between creating suspicion and plausible explanations. The horses could be loud because of the storm. The laughter in the inn dies when the party knocks on the door … which is to be expected. The innkeeper is portly and gruff, having well to do guests staying and not wanting the parties kind tonight. The roadwardern inside asks the party questions. A worker mops the floor. And … theres a mutie in the stable hayloft munching on the dead stable boy. The worker is actually mopping up blood. The portly innkeep is a fat mutie. The roadwardens outfit  has bloodstain at the base of his back. The floor upstairs to the common room is wet … hmmm, are those remnants of carpet where the hallway wood is now? Was a carpet just pulled up? 

Suspicion. Plausible deniability. Things that makes sense. With alternative facts …

 The adventure does this sort of brooding and tension building very very well. 

It also does a great job with its monster descriptions. Short and good. A beastman with a cattlehead (with a great little illustration) andmutie descriptions that are both short and decent enough to run with. A great description of a little situation and enough personality and mannerisms for the DM to run with it pretty well.

And it makes a lot, A LOT, of bad decisions.

To begin with, the location key. You get the standard numbered map. In a nice surprise, there’s a little key on the map to tell you which room is which. Room 11 is the stable, for example. But, then, the adventure text doesn’t use the numbers. It uses the room names. SO you have to go find “Bedroom” in the text. And it’s not in alpahbetical order. Instead it’s in some kind of plot order. The party will be outside first, as they approach the inn, so the ferry and stable are outside he inn, and the party might explore there first, so those descriptions come first. Then, in some fucked up decision that only its mother could love, we get a background/introduction section that explains what is going on in the rinn, what has happened and what will happen, kind of. Then we get the main floor inn descriptions. Them ots assumed the party goes upstairs to sleep, cause thats where the loose plot is taking us, so we then get the description of the upstairs of the inn. Then, more plot/timeline stuff and the cellar of the inn is described. It’s a completely fucke dup way to describe the place. Yeah, I get it. I get what is trying to be done. Butit’s nonsense. The monsters/staff/etc are all mixed up in there. This experimental formatting is NOT good. Room/Key format is not perfect for every adventure, but it DOES help you find things easier. Unlike this mess.

It’s also a little handwavey in areas that I think could have emphasized better. Cutting down the word count (A LOT) would have focused better what’s remaining, in the DM’s head. Emphasizing the storm and the chaos/sounds it creates would have gone a long way. As would more advice on playing up suspicion and plausible deniability. Teasing the entire thing out just a bit more. Maybe an order of batt;e/advice section for how things could go down in a couple of situations, just a few sentences each. 

In short, it’s an open ended situation. That’s GREAT. But it could have been focused on that and provided some hints to the DM about how to run that and be organized around that, with better break outs of the NPC”s, clues, and little events like the blood mopping. Instead you get this fucked up little plot thingy going on instead of a proper timeline. ANd then it ends with the cops showing up and taking the worst read possible on the situation and the party getting a decent chunk of XP for explaining to them. This partis totally handwaved, with almost no more words than I have typed here. A little more on the cops would have been much appreciated, especially given the XP reward it comes with. 

It’s a nice try, and I see the potential it has for a great night of gaming. Good concept here and one of the better “fucked up roadside inn” situations, but severely missing some things. 

This is free at DriveThru.

https://www.drivethrurpg.com/product/259967/WFRP-Old-World-Adventures–Night-of-Blood?1892600

Categories: Tabletop Gaming Blogs

Pages

Subscribe to Furiously Eclectic People aggregator