diff --git a/planning_notes/overall_story_plan/mission_initializations/m03_ghost_in_the_machine/STAGE_0_SUMMARY.md b/planning_notes/overall_story_plan/mission_initializations/m03_ghost_in_the_machine/STAGE_0_SUMMARY.md new file mode 100644 index 0000000..c560159 --- /dev/null +++ b/planning_notes/overall_story_plan/mission_initializations/m03_ghost_in_the_machine/STAGE_0_SUMMARY.md @@ -0,0 +1,356 @@ +# Mission 3: Stage 0 Development Summary + +**Mission:** Ghost in the Machine +**Stage:** 0 - Scenario Initialization +**Status:** πŸ”„ IN PROGRESS (2/4 documents complete) +**Date:** 2025-12-24 + +--- + +## Overview + +Mission 3 "Ghost in the Machine" is an undercover intelligence gathering operation where players infiltrate WhiteHat Security Services (Zero Day Syndicate's front company) to scan their network and intercept evidence of cross-cell ENTROPY coordination. This mission introduces RFID keycard cloning mechanics and reinforces network reconnaissance skills. + +--- + +## Stage 0 Completion Progress + +### βœ… Completed Documents + +#### 1. Scenario Initialization (00_scenario_initialization.md) - 820 lines βœ… + +**Contents:** +- Mission overview (tier, playtime, ENTROPY cell, SecGen scenario) +- CyBOK knowledge areas (NSS, SS, ACS, SOC, HF, AB) +- Technical challenges summary +- 3-act structure with scene breakdown +- Key NPCs (Victoria Sterling, James Park, Cipher, Agent 0x99) +- 4 LORE fragments +- Victory conditions and failure states +- Educational objectives +- Campaign arc connections (M1, M2, M4, M6, M7-9) +- Post-mission debrief script +- Critical decisions documented + +**Key Decisions Made:** +- βœ… RFID cloning: Proximity-based (10s) + social engineering alternative +- βœ… Network scanning: Automated flags + educational tutorial +- βœ… Double agent choice: Long-term intelligence vs. immediate disruption +- βœ… Architect reveal: Name only (identity reserved for M7-9) +- βœ… Setting: WhiteHat Security Services corporate office +- βœ… Structure: Daytime recon β†’ nighttime infiltration + +#### 2. Technical Challenges (technical_challenges.md) - 812 lines βœ… + +**Contents:** + +**Break Escape Challenges:** +1. RFID Keycard Cloning (NEW) - Proximity (2 GU, 10s), visual feedback, tutorial +2. Lockpicking (Reinforced) - 4 locks, safe PIN 2010, LORE access +3. Guard Patrol Stealth (Reinforced) - 60s loop, LOS detection, timing strategies +4. Social Engineering (Advanced) - Victoria trust system, James intel, guard cover stories +5. Multi-Encoding Puzzle - ROT13, Hex, Base64, double-encoded (ROT13+Base64) + +**VM/SecGen Challenges:** +1. Network Port Scanning - nmap, service enumeration, flag{network_scan_complete} +2. Banner Grabbing (FTP) - netcat, codename "GHOST", flag{ftp_intel_gathered} +3. HTTP Analysis - Base64 in HTML, pricing intel, flag{pricing_intel_decoded} +4. distcc Exploitation - CVE-2004-2687, M2 connection reveal, flag{distcc_legacy_compromised} + +**Integration:** +- Challenge matrix (9 total: 5 in-game, 4 VM) +- Difficulty scaling (Easy/Normal/Hard modes) +- Educational assessment rubric +- Implementation priority (3 phases) + +--- + +### πŸ”„ In Progress Documents + +#### 3. Narrative Themes (narrative_themes.md) - NEXT + +**Planned Contents:** +- Recommended theme deep dive (corporate espionage setting) +- Full inciting incident (Zero Day intelligence leak) +- Stakes across all levels (ENTROPY coordination discovery) +- Central conflict (undercover operation + moral choice) +- Beat-by-beat narrative arc (all 3 acts expanded) +- NPC deep dives with voice examples +- Tone and atmosphere (espionage thriller, professional facade) +- Setting details (WhiteHat Security office layout conceptual) + +#### 4. Hybrid Architecture Plan (hybrid_architecture_plan.md) - PENDING + +**Planned Contents:** +- VM scenario role (network reconnaissance validation) +- ERB narrative content plan (encoded messages, client lists) +- Dead drop system integration (VM flags β†’ intelligence unlocks) +- Objectives system integration (VM tasks + in-game tasks) +- In-game education approach (Agent 0x99 tutorials) +- Flag-to-unlock mapping table +- Technical specifications for integration + +--- + +## Key Mission Features Defined + +### New Mechanic: RFID Keycard Cloning + +**Specification:** +- **Method:** Proximity-based (2 GU range, 10-second clone window) +- **Visual Feedback:** Progress bar, particle effects (blue glow), audio beeping +- **Success:** Cloned keycard added to inventory β†’ server room access +- **Alternative:** Social engineering (victoria_trust >= 40) β†’ Victoria grants access +- **Tutorial:** Agent 0x99 pre-mission briefing + first-use overlay +- **Educational:** RFID security vulnerabilities, proximity attacks, physical security bypass + +### Campaign-Critical Revelations + +**Revelation 1: M2 Connection (distcc VM Challenge)** +> "ProFTPD exploit (CVE-2010-4652) sold to Ransomware Incorporated for $12,500" +> "Client: Ghost - St. Catherine's Hospital target" + +**Player "Aha Moment":** +> "Zero Day sold the exploit used in Mission 2's hospital ransomware attack!" + +**Revelation 2: The Architect Introduction (Double-Encoded USB)** +> "From: The Architect's Directives +> +> Cipher, Future exploitation priorities for Q4: +> 1. INFRASTRUCTURE EXPLOITS (PRIORITY) +> 2. CROSS-CELL COORDINATION +> 3. OPERATIONAL SECURITY" + +**Campaign Impact:** +- First direct communication from The Architect discovered +- Confirms ENTROPY cells are coordinated network (not independent) +- Reveals strategic planning across cells +- Sets up M7-9 investigation of Architect's identity + +### Moral Choices + +**Choice 1: Victoria Sterling** +- **Option A:** Arrest (disrupt cell, blow cover, lose long-term intelligence) +- **Option B:** Double Agent (maintain cover, risk exposure, long-term intel feeds) +- **Variables:** `arrested_victoria`, `became_double_agent` + +**Choice 2: James Park (Innocent Employee)** +- **Option A:** Protect James (warn privately, document innocence) +- **Option B:** Focus on Mission (James faces consequences for cleaner operation) +- **Variable:** `protected_james` + +**Debrief Tracking:** +- All choices reflected in Agent 0x99's closing debrief +- Consequences tracked with global variables +- No "right" answerβ€”both paths valid strategies + +--- + +## Educational Objectives Defined + +### Primary CyBOK Knowledge Areas + +**Network Security (NSS) - Primary Focus:** +- Port scanning fundamentals (nmap) +- Service enumeration and banner grabbing (netcat) +- Network mapping methodology +- Service identification from port numbers (21, 22, 80, 3632) + +**Systems Security (SS):** +- Service exploitation (distcc CVE-2004-2687) +- Legacy system targeting +- Post-exploitation enumeration +- Metasploit framework usage + +**Applied Cryptography (ACS):** +- Multiple encoding types (ROT13, Hex, Base64) +- Multi-stage nested encoding (ROT13 + Base64) +- Pattern recognition for encoded data +- Encoding vs. encryption distinction (reinforced from M2) + +**Security Operations (SOC):** +- Intelligence gathering and correlation +- Systematic investigation methodology +- Evidence collection from multiple sources (physical + digital) +- OSINT principles (reconnaissance before action) + +### Learning Outcomes + +**After completing Mission 3, players should be able to:** +1. Explain purpose of port scanning in penetration testing +2. Identify common port numbers and associated services +3. Conduct banner grabbing for intelligence gathering +4. Distinguish between encoding types (ROT13, Hex, Base64) +5. Decode multi-stage nested encoding +6. Understand RFID security vulnerabilities +7. Apply systematic investigation methodology +8. Correlate physical and digital evidence +9. Research and exploit CVEs (CVE-2004-2687) +10. Use nmap and netcat for network reconnaissance + +--- + +## LORE Fragments Designed + +### LORE 1: Zero Day Client List (Hex-Encoded) +- **Location:** Victoria's computer (executive office) +- **Difficulty:** Intermediate +- **Content:** Complete client roster showing Ransomware Inc, Critical Mass, Social Fabric +- **Significance:** Reveals cross-cell coordination, all Season 1 cells working together + +### LORE 2: Exploit Catalog & Pricing (Safe, PIN 2010) +- **Location:** Executive office safe +- **Difficulty:** Intermediate +- **Content:** Systematic pricing model, ProFTPD sale details ($12,500 healthcare premium) +- **Significance:** Shows exploit marketplace economics, M2 connection confirmed + +### LORE 3: The Architect's Requirements (Double-Encoded USB) +- **Location:** Hidden USB in Victoria's desk drawer +- **Difficulty:** Advanced +- **Content:** Q4 priorities, cross-cell coordination, "Phase 2" reference +- **Significance:** First direct Architect communication, campaign arc progression + +### LORE 4: Victoria Sterling's Manifesto (Whiteboard) +- **Location:** Conference room (daytime visible) +- **Difficulty:** Easy +- **Content:** "Information asymmetry is market value" philosophy +- **Significance:** Victoria's true believer status, free-market ideology + +--- + +## NPCs Characterized + +### Victoria "Vick" Sterling (Antagonist) +- **Age:** 38, Former NSA contractor, MIT MBA +- **Philosophy:** Free market of vulnerabilities, no moral responsibility for client use +- **Voice:** Professional corporate language, economic/libertarian logic +- **Role:** Double agent recruitment target OR arrest target +- **Quote:** "Security is an economic problem, not a moral one." + +### James Park (Innocent) +- **Age:** 29, OSCP certified pen tester +- **Awareness:** Genuinely believes WhiteHat is legitimate +- **Function:** Intel source, moral complexity character +- **Role:** Optional protection choice (protect innocent vs. mission efficiency) + +### "Cipher" (Cell Leader) +- **Status:** Referenced but not seen +- **Role:** Zero Day Syndicate leader, builds mystery for future missions +- **References:** Email approvals, operational logs, Victoria's comments + +### Agent 0x99 (Handler) +- **Role:** Briefing, tutorials, closing debrief +- **Function:** RFID cloning tutorial, network reconnaissance guidance +- **Debrief:** Reflects all player choices with specific acknowledgments + +--- + +## 3-Act Structure Defined + +### Act 1: Undercover Infiltration (20-30% / 15-25 minutes) +1. **Briefing:** Agent 0x99 explains undercover mission, provides RFID cloner +2. **Daytime Recon:** Pose as corporate client, meet Victoria Sterling +3. **RFID Cloning:** 10-second proximity window during conversation +4. **Optional:** Meet James Park, gather office layout information +5. **Build Trust:** Social engineering for alternative paths (victoria_trust >= 40) +6. **Extraction:** Leave office, regroup with Agent 0x99, plan nighttime infiltration + +### Act 2: Investigation & Escalation (50-55% / 30-40 minutes) +7. **Nighttime Infiltration:** Return after hours, navigate guard patrol +8. **Server Room Access:** Use cloned RFID card OR lockpick security room +9. **Network Reconnaissance:** Scan network (nmap), banner grab (netcat), exploit distcc +10. **Evidence Collection:** Decode whiteboard (ROT13), client list (Hex), email (Base64) +11. **LORE Discovery:** Find USB with double-encoded Architect communication +12. **Correlation:** Connect VM flags + physical evidence β†’ "Zero Day sold M2 exploit!" + +### Act 3: Climax & Choice (20-25% / 10-15 minutes) +13. **James Discovery (Optional):** Realize James will be collateral damage if firm exposed +14. **James Choice:** Protect innocent OR focus on mission +15. **Victoria Confrontation:** Double agent offer OR arrest decision +16. **Major Choice:** Become double agent (long-term intel) OR arrest Victoria (disrupt cell) +17. **Closing Debrief:** Agent 0x99 reviews choices, M2 connection, Architect revelation + +--- + +## Victory Conditions Specified + +### Full Success (100%) +- βœ… All 4 VM flags submitted +- βœ… All 4 in-game encoded messages decoded +- βœ… All 3 LORE fragments collected (4th optional) +- βœ… RFID card cloned successfully +- βœ… M2 connection discovered +- βœ… Architect communication found +- βœ… Victoria choice made (arrest OR double agent) +- βœ… James choice made (protect OR ignore) +- βœ… Never detected by guard (stealth bonus) + +### Standard Success (80%) +- βœ… 3/4 VM flags +- βœ… 3/4 encoded messages +- βœ… 2/3 LORE fragments +- βœ… Server room accessed +- βœ… M2 connection discovered +- βœ… Victoria choice made + +### Minimal Success (60%) +- βœ… 2/4 VM flags +- βœ… 2/4 encoded messages +- βœ… Server room accessed +- βœ… Victoria choice made + +--- + +## Next Steps + +### Immediate (Complete Stage 0) +1. **Create narrative_themes.md** (Expanded narrative details, NPC voices, tone/atmosphere) +2. **Create hybrid_architecture_plan.md** (VM + ERB integration specification) +3. **Update README.md** with Stage 0 completion status + +### After Stage 0 Complete +4. **Proceed to Stage 1:** Narrative Structure Development + - Scene-by-scene breakdown (12-15 scenes) + - Dramatic moments identification + - Emotional arc mapping + - Pacing chart design + +--- + +## Stage 0 Deliverables Checklist + +- [βœ…] `00_scenario_initialization.md` (820 lines) - Complete mission initialization +- [βœ…] `technical_challenges.md` (812 lines) - Detailed challenge breakdown +- [πŸ”„] `narrative_themes.md` - IN PROGRESS (Next) +- [⬜] `hybrid_architecture_plan.md` - PENDING +- [⬜] Update README.md with Stage 0 completion + +**Progress:** 50% (2/4 documents complete) + +--- + +## Key Achievements + +βœ… **New Mechanic Designed:** RFID keycard cloning with full specification +βœ… **Campaign Arc Advanced:** First direct Architect communication designed +βœ… **M2 Connection Established:** ProFTPD exploit sale revelation planned +βœ… **Educational Value Defined:** 9 challenges mapping to 6 CyBOK areas +βœ… **Moral Complexity Created:** Victoria double agent choice, James protection choice +βœ… **VM Integration Planned:** 4 flags with narrative context (network scan, FTP, HTTP, distcc) +βœ… **LORE Framework Set:** 4 fragments connecting Season 1 cells and Architect +βœ… **NPC Voices Established:** Victoria (free market ideologue), James (innocent), Cipher (mysterious) +βœ… **Victory Conditions Scaled:** 100% (perfect), 80% (standard), 60% (minimal) + +--- + +**Status:** Stage 0 Scenario Initialization - 50% COMPLETE +**Estimated Remaining:** 2-3 hours for narrative_themes.md + hybrid_architecture_plan.md +**Target Completion:** Ready for Stage 1 by end of session + +--- + +**Document Version:** 1.0 +**Last Updated:** 2025-12-24 +**Next Milestone:** Complete Stage 0, begin Stage 1 (Narrative Structure) + +---