cybersecurity/BreakEscape

Fork 0

mirror of https://github.com/cliffe/BreakEscape.git synced 2026-02-20 13:50:46 +00:00

Files

Z. Cliffe Schreuders 5f64e728ba Universe & Scenario Design Guide

2025-11-17 10:27:09 +00:00

243 KiB

Raw Permalink Blame History

Break Escape: Universe Bible & Scenario Design Guide

Universe Overview
Organisation Profiles
Recurring Characters
World Rules & Tone
Scenario Design Framework
Technical Design Guidelines
Narrative Structures
LORE System
Location & Environment Guide
Quick Reference Checklists

Universe Overview

The Setting

Break Escape takes place in a contemporary world where cyber security threats have become the primary battlefield for international espionage and criminal enterprise. Beneath the surface of legitimate business and government operations, two secret organisations wage a shadow war that most citizens never know exists.

The pixel art aesthetic and occasional retro spy tropes serve as stylistic flourishes, but the cyber security content, threats, and technologies are firmly grounded in modern reality. This is a world where encryption keys matter more than skeleton keys, where social engineering is as dangerous as physical infiltration, and where a well-crafted phishing email can be more devastating than a poison dart.

Core Premise

You are Agent 0x00 (also known as Agent Zero, Agent Null, or by your custom handle). You've recently joined SAFETYNET, a covert counter-espionage organisation dedicated to protecting digital infrastructure and national security from the machinations of ENTROPY, an underground criminal organisation bent on world domination through cyber-physical attacks, data manipulation, corporate espionage, and worse.

As a rookie agent specialising in cyber security, you're thrust into the field, often going undercover as a security consultant, penetration tester, incident responder, or new recruit. Your missions require you to apply real cyber security skills, engage with physical security systems, conduct social engineering, and piece together intelligence to thwart ENTROPY's various schemes.

Tone & Atmosphere

Primary Tone: Mostly Serious

Grounded in realistic cyber security scenarios
Genuine technical challenges and accurate security concepts
Professional espionage atmosphere
Real consequences to security failures

Secondary Tone: Comedic Moments

Quirky recurring characters with catchphrases
Occasional spy trope humour (gadgets with improbable names, bureaucratic absurdities)
Puns in operation codenames and ENTROPY cover companies
Self-aware moments that don't break immersion

Inspirations:

Get Smart: Bureaucratic spy comedy, bumbling villains alongside competent heroes, recurring gags
James Bond: Sophisticated espionage, infiltration, high stakes
I Expect You To Die: Environmental puzzle-solving, death traps, villain monologues
Modern Cyber Security: Real-world attack vectors, actual tools and techniques

Organisation Profiles

SAFETYNET

Official Designation: Security and Field-Engagement Technology Yielding National Emergency Taskforce
Known As: SAFETYNET
Classification: Covert Counter-Espionage Organisation
Founded: [Classified]
Headquarters: [Classified] (Players see glimpses in cutscene intros)

Mission Statement

SAFETYNET exists to counter threats to digital infrastructure, protect national security interests, and neutralise the operations of hostile organisations—primarily ENTROPY. Our agents operate in the shadows, conducting offensive security operations authorised under [REDACTED] protocols.

Operational Structure

Agent Classification:

0x00 Series: Field analysts (player designation)
0x90+ Series: Senior field operatives and specialists
Field Handlers: Provide mission briefings and support
Technical Support: Provide remote assistance (rarely seen)

Cover Operations: Agents operate under various covers depending on mission requirements:

Cyber security consultants conducting authorised penetration tests
New employees at companies under investigation
Incident response specialists called in after breaches
Security auditors performing compliance assessments
Freelance security researchers

This cover provides legal framework for agents to:

Access sensitive systems with "authorisation"
Conduct offensive security operations
Investigate physical and digital security
Interview employees and gather intelligence

Rules of Engagement

SAFETYNET operates under the Field Operations Handbook (never fully explained), which contains:

Extensive protocols for various scenarios
Oddly specific rules (source of recurring humour)
Seemingly contradictory guidelines
Bureaucratic procedures that agents must navigate

Example Rules (can appear as recurring jokes, max 1x per scenario):

"Section 7, Paragraph 23: Agents must always identify themselves... unless doing so would compromise the mission, reveal their identity, or prove inconvenient."
"Protocol 404: If a security system cannot be found, it cannot be breached. Therefore, bypassing non-existent security is both prohibited and mandatory."
"Regulation 31337: Use of l33tspeak in official communications is strictly forbidden, unless it isn't."

Technology & Resources

SAFETYNET provides agents with:

Standard Field Kit: Lockpicks, fingerprint dusting kit, Bluetooth scanner
Advanced Tools: PIN crackers, encoding/encryption workstation (CyberChef)
Remote Access: VMs for testing and exploitation
Intelligence Database: Information on ENTROPY operations
Handler Support: Via secure communications (text-based, from NPCs)

ENTROPY

Official Designation: Unknown (Organisation name may be a SAFETYNET designation)
Known As: ENTROPY
Classification: Underground Criminal Organisation
Structure: Decentralised cell-based network
Objective: World domination through cyber-physical attacks and societal destabilisation

Philosophy

ENTROPY's name reflects their core belief: the universe tends towards disorder, and they seek to accelerate this process to remake society in their image. They view current systems—governments, corporations, social structures—as inefficient and ready for disruption.

Each cell interprets this philosophy differently:

Some focus on financial chaos (ransomware, market manipulation)
Others pursue technological supremacy (AI weaponisation, zero-day exploits)
Some embrace more esoteric methods (Eldritch Horror cults seeking to summon entities through quantum computing and reality-bending algorithms)

Operational Structure

Cell-Based Network:

Each scenario typically represents one cell or operation
Cells have significant autonomy in methods and targets
Limited communication between cells (security through compartmentalisation)
Cells operate through two primary methods: Controlled Corporations and Infiltration Operations

ENTROPY Organizational Approaches:

ENTROPY achieves its objectives through two distinct operational models:

1. Fully Controlled Corporations These are businesses created, owned, and operated entirely by ENTROPY. They appear legitimate on the surface but exist solely to advance ENTROPY's agenda. Every employee is either an ENTROPY operative or an unwitting participant who doesn't realize who truly controls the company.

Characteristics:

Founded by ENTROPY members
Leadership entirely ENTROPY operatives
Business operations directly support ENTROPY objectives
May conduct "legitimate" work as cover
Easier for ENTROPY to control operations
More vulnerable if exposed (entire operation can be shut down)

Examples:

Paradigm Shift Consultants (Digital Vanguard front)
Tesseract Research Institute (Quantum Cabal front)
HashChain Exchange (Crypto Anarchists front)
OptiGrid Solutions (Critical Mass front)
DataVault Secure (Ghost Protocol front)

Scenario Implications:

Entire facility may be hostile
Can discover extensive ENTROPY operations
Shutting down removes ENTROPY capability
May find connections to other cells
All evidence points to ENTROPY

2. Infiltrated Organizations These are legitimate businesses where ENTROPY has placed agents or corrupted existing employees. The organization itself is not ENTROPY-controlled; most employees are innocent and unaware. ENTROPY operatives work from within to steal data, sabotage operations, or use the company's resources.

Characteristics:

Legitimate company with real business
Most employees are innocent
One or more ENTROPY agents embedded
Company leadership may or may not be aware
ENTROPY uses company resources covertly
More resilient to exposure (only agents removed, company continues)

Examples:

Major tech companies with insider threats
Security firms with corrupted employees
Research facilities with compromised scientists
Government contractors with embedded agents
Financial institutions with corrupted analysts

Scenario Implications:

Must identify which employees are ENTROPY
Innocent employees complicate operations
More detective work required
Ethical considerations about company's future
May discover ENTROPY recruiting methods

3. Hybrid Operations (Advanced) Some operations combine both approaches: ENTROPY-controlled vendors infiltrate legitimate clients, or infiltrated employees at Target A are handled by agents at controlled Company B.

Cell Types:

Direct Operations: Active ENTROPY cells using fully controlled corporations
Front Companies: Legitimate-appearing businesses secretly controlled by ENTROPY
Compromised Organisations: Legitimate companies with ENTROPY infiltrators
Puppet Operations: Legitimate organisations manipulated by ENTROPY without knowing
Hybrid Networks: Controlled corps + infiltrated orgs working together

Common Schemes

Corporate Espionage:

Stealing trade secrets and intellectual property
Industrial sabotage
Data exfiltration for sale or ransom

Cyber Weapons Development:

Creating and deploying ransomware
Developing zero-day exploits
Building botnets for DDoS attacks
AI-powered social engineering systems

Infrastructure Attacks:

Targeting critical systems (power grids, water treatment)
Supply chain compromises
Backdooring widely-used software

Information Operations:

Disinformation campaigns
Data manipulation
Identity theft at scale

Esoteric Operations:

Quantum computing for reality manipulation
AI systems exhibiting anomalous behaviour
Occult practices integrated with technology
Eldritch Horror summoning through computational means

Cover Businesses & Infiltration Targets

ENTROPY-Controlled Corporations (Fully owned and operated):

Technology Sector:

CypherCorp Solutions - Penetration testing firm (actually sells vulnerabilities)
QuantumLeap Innovations - Quantum computing research (eldritch experiments)
NullPointer Games - Gaming company (cryptocurrency laundering)
Tesseract Research Institute - Advanced research lab (reality manipulation experiments)

Consulting & Services:

Paradigm Shift Consultants - Management consulting (corporate espionage operations)
SecureServe Inc. - Security services (actually selling backdoors to clients)
OptimalChaos Advisory - Business consulting (chaos engineering attacks)
OptiGrid Solutions - Smart grid consulting (infrastructure attack planning)

Finance & Crypto:

HashChain Exchange - Cryptocurrency platform (money laundering, market manipulation)
Distributed Wealth Partners - Investment firm (Ponzi schemes with blockchain)
CryptoSecure Recovery - Data recovery (ransomware deployment)

Research & Development:

Prometheus AI Labs - Artificial intelligence research (weaponized AI development)
Viral Dynamics Media - Social media marketing (disinformation campaigns)
DataVault Secure - Cloud storage and privacy (mass surveillance operations)

Recruitment & Placement:

TalentStack Executive Recruiting - Executive placement (identifying targets for recruitment/blackmail)
WhiteHat Security Services - Pen testing firm (zero-day vulnerability trading)

Common Characteristics of Controlled Corporations:

Recent founding (last 5-10 years)
Rapid growth without clear revenue sources
Leadership with gaps in background checks
Office locations that don't match client base
Unusually high security for stated business purpose
Employee turnover is suspiciously low (loyalty or fear)

Infiltration Target Types (Legitimate organizations with ENTROPY agents):

Technology & Security:

Major cyber security firms (corrupted researchers selling vulnerabilities)
Software companies (backdoors inserted in products)
Cloud service providers (data exfiltration from client data)
Tech startups (IP theft for ENTROPY's benefit)

Critical Infrastructure:

Power companies (engineers providing SCADA access)
Water treatment facilities (operators corrupted or blackmailed)
Transportation authorities (signaling system access)
Telecommunications providers (surveillance capabilities)

Government & Civil Service:

Local government departments (permits, approvals, regulations)
National agencies (policy influence, classified access)
Regulatory bodies (weaponised compliance)
Civil service management (bureaucratic sabotage)
Emergency services coordination (response delays)
Public works departments (infrastructure access)
Benefits and social services (creating dysfunction)
Licensing and inspection bureaus (arbitrary enforcement)

Financial Services:

Investment banks (insider trading information)
Cryptocurrency exchanges (market manipulation data)
Payment processors (transaction data theft)
Accounting firms (client financial data)

Research & Academia:

Universities (research theft, especially quantum/AI)
Government labs (classified research exfiltration)
Private research facilities (IP theft and sabotage)
Medical research (patient data, pharmaceutical research)

Defense & Intelligence:

Defense contractors (classified information)
Military suppliers (supply chain compromise)
Intelligence services (double agents)
Security clearance holders (access to secrets)

Common Infiltration Methods:

Recruiting disgruntled employees
Blackmailing employees with leverage
Long-term sleeper agents hired years ago
Romantic relationships with targets
Financial desperation exploitation
Ideological recruitment

Identifying Infiltration vs. Controlled Corps:

Aspect	Controlled Corporation	Infiltrated Organization
Employees	Mostly/all ENTROPY	Mostly innocent
Leadership	ENTROPY operatives	Usually legitimate
Business Purpose	Cover for ENTROPY	Legitimate business
When Exposed	Entire operation shut down	Only agents removed
Evidence Location	Throughout facility	Concentrated in agent's area
NPC Behavior	Many suspicious or hostile	Most helpful, some suspicious
Scenario Complexity	Infiltration focused	Detective work focused

Scenario Design Implications:

For Controlled Corporation Scenarios:

Players infiltrate fully hostile environment
More combat/evasion potential
Clear "us vs. them" dynamic
Can discover cell-wide operations
Shutting down operation = major victory
Example: Infiltrating Tesseract Research Institute

For Infiltrated Organization Scenarios:

Players must identify who is ENTROPY
More social deduction and investigation
Ethical complexity (innocent employees)
Partial victory (remove agents, company continues)
May uncover ENTROPY recruitment tactics
Example: Nexus Consulting with corrupted Head of Security

For Hybrid Scenarios:

Controlled Company B supports agents in Target Company A
Following evidence leads from one to another
Multi-location operations
Shows ENTROPY's network structure
Example: TalentStack Recruiting places agents in defense contractor

Known ENTROPY Tactics

Social Engineering: Manipulation, impersonation, insider threats
Physical Infiltration: Combined with cyber attacks for maximum effect
Supply Chain Attacks: Compromising vendors to reach targets
Living off the Land: Using legitimate tools to avoid detection
Multi-Stage Attacks: Complex operations with multiple phases
Security Theatre: Creating the appearance of security whilst leaving backdoors

ENTROPY Cells & Operations

ENTROPY operates through semi-autonomous cells, each with their own specialisation, membership, and objectives. While cells share the overall goal of accelerating entropy and societal disorder, they interpret this mission differently. This section catalogues known ENTROPY cells, their key members, and typical operations.

Design Note: These cells provide ready-made scenarios and can be referenced across multiple missions. Cells can be defeated, but individual members may escape to appear in future operations.

Cell: Digital Vanguard

Specialisation: Corporate Espionage & Industrial Sabotage
Primary Cover: "Paradigm Shift Consultants" - ENTROPY-controlled management consulting firm
Infiltration Targets: Fortune 500 companies, tech startups, financial services
Primary Territory: Financial districts, corporate headquarters
Philosophy: Accelerate corporate collapse through systematic data theft and competitive sabotage

Operational Model:

Controlled Corporation: Paradigm Shift Consultants provides "legitimate" consulting services while stealing client data
Infiltration Operations: Places insider threats at target companies to exfiltrate data and sabotage operations
Hybrid Approach: Uses consulting engagements to identify targets for later infiltration

Key Members:

"The Liquidator" (Cell Leader) - Former corporate strategy consultant, now runs Paradigm Shift as cover
"Margin Call" - Financial analyst who identifies vulnerable target companies
"Insider Trading" - Social engineer who recruits employees at target companies as unwitting accomplices
"Data Miner" - Technical specialist embedded at client sites during "consulting engagements"

Typical Operations:

Stealing intellectual property during consulting engagements
Corporate espionage via embedded insider threats
Insider trading schemes using stolen intelligence
Sabotaging mergers and acquisitions from within
Ransomware attacks targeting quarterly reports

Example Scenarios:

"Operation Shadow Broker" (Infiltrated) - Nexus Consulting is legitimate, but Head of Security is ENTROPY
"Hostile Takeover" (Controlled) - Players infiltrate Paradigm Shift Consultants itself
"Insider Job" (Hybrid) - Consulting engagement used to plant long-term insider at tech startup

Educational Focus: Social engineering, database security, data exfiltration, insider threat detection

Scenario Design Notes:

Controlled Corp scenarios: All employees at Paradigm Shift are potentially hostile
Infiltrated scenarios: Players must identify which corporate employee is the ENTROPY agent
Shows both sides of ENTROPY operations in same cell

Cell: Critical Mass

Specialisation: Critical Infrastructure Attacks
Cover: "OptiGrid Solutions" - Smart grid optimization consultancy
Primary Territory: Utility providers, transportation systems, water treatment
Philosophy: Demonstrate societal fragility by targeting essential services

Key Members:

"Blackout" (Cell Leader) - Former power grid engineer with grudge against "the system"
"Cascade" - Specialist in creating cascading failures across interconnected systems
"SCADA Queen" - Expert in industrial control systems and SCADA vulnerabilities
"Pipeline" - Focuses on oil, gas, and water infrastructure

Typical Operations:

Power grid manipulation and sabotage
Water treatment system compromises
Transportation signal interference
Industrial control system attacks
Supply chain disruption

Example Scenarios:

"Grid Down" - Preventing power grid attack before blackout
"Waterworks" - Infiltrating water treatment facility to stop contamination
"Signal Failure" - Railway signalling system compromise investigation

Educational Focus: SCADA security, ICS vulnerabilities, physical-cyber convergence, incident response

Cell: Quantum Cabal

Specialisation: Advanced Technology & Eldritch Horror Summoning
Primary Cover: "Tesseract Research Institute" - ENTROPY-controlled quantum computing research lab
Infiltration Targets: University quantum research departments, government quantum labs
Primary Territory: Research facilities, universities, tech campuses
Philosophy: Use quantum computing and advanced mathematics to tear through reality barriers and summon entities from beyond

Operational Model:

Controlled Corporation: Tesseract Research Institute is entirely ENTROPY-run for conducting experiments too dangerous for legitimate research
Infiltration Operations: Places researchers at universities to steal quantum research and identify recruitment targets
Hybrid Approach: Legitimate researchers recruited and brought to Tesseract for "advanced work"

Key Members:

"The Singularity" (Cell Leader) - Quantum physicist, runs Tesseract Research Institute
"Schrödinger" - Cryptographer obsessed with quantum entanglement for rituals
"Void Pointer" - Programmer creating reality-bending AI, embedded at university research labs
"Entropy Priestess" - Cultist who performs techno-occult rituals in Tesseract's server rooms

Typical Operations:

Quantum computing experiments with occult purposes at Tesseract
Stealing quantum research from legitimate institutions
AI systems designed to contact "entities beyond our dimension"
Cryptographic rituals using Tesseract's computational power
Recruiting vulnerable researchers from academic institutions

Example Scenarios:

"Ghost in the Machine" (Controlled) - Infiltrate Tesseract Research Institute to stop summoning experiment
"Quantum Breach" (Infiltrated) - University quantum lab has compromised researcher stealing for ENTROPY
"The Calculation" (Hybrid) - Mathematical formula discovered at university, being weaponized at Tesseract

Educational Focus: Quantum cryptography concepts, advanced encryption, AI security, with atmospheric horror elements

Scenario Design Notes:

Tesseract Institute scenarios: Full cult/horror atmosphere, all employees are believers or coerced
Infiltrated university scenarios: Most professors innocent, must identify the ENTROPY researcher
Unique tone: Serious cyber security education with Lovecraftian atmosphere

Tone Note: These scenarios blend serious cyber security education with Lovecraftian atmosphere. The "horror" is in the implications and atmosphere, not gore or jump scares.

Cell: Zero Day Syndicate

Specialisation: Vulnerability Trading & Exploit Development
Cover: "WhiteHat Security Services" (ironically) - Penetration testing firm
Primary Territory: Dark web, hacker conferences, security research community
Philosophy: Weaponize security research; if defenders won't pay, attackers will

Key Members:

"0day" (Cell Leader) - Elite vulnerability researcher who went mercenary
"Exploit Kit" - Malware developer packaging zero-days into easy-to-use tools
"Bug Bounty" - Social engineer who recruits legitimate security researchers
"Payload" - Specialist in making exploits undetectable and persistent

Typical Operations:

Discovering and selling zero-day vulnerabilities
Developing exploit frameworks
Creating custom malware for clients
Recruiting or blackmailing security researchers
Bidding wars for vulnerabilities

Example Scenarios:

"Zero Day Market" - Infiltrating dark web marketplace
"Researcher Turned" - Investigating suspicious security researcher
"Exploit in the Wild" - Tracking zero-day being actively exploited

Educational Focus: Vulnerability assessment, exploit development concepts, responsible disclosure, malware analysis

Specialisation: Information Operations & Disinformation
Cover: "Viral Dynamics Media" - Social media marketing agency
Primary Territory: Social media platforms, news outlets, online communities
Philosophy: Accelerate social entropy through disinformation, polarisation, and trust erosion

Key Members:

"Deepfake" (Cell Leader) - AI specialist creating synthetic media
"Bot Farm" - Manages networks of fake accounts and automated influence
"Trust Fall" - Psychologist specializing in eroding institutional trust
"Narrative Collapse" - Journalist creating and spreading false stories

Typical Operations:

Disinformation campaigns
Deepfake video creation
Bot network management
Identity theft at scale
Fake news distribution
Social media manipulation

Example Scenarios:

"Synthetic Reality" - Tracking down deepfake creators
"Bot Swarm" - Investigating coordinated inauthentic behavior
"Information Warfare" - Preventing disinformation campaign before election

Educational Focus: Digital forensics, media authentication, social engineering, OSINT

Cell: Ghost Protocol

Specialisation: Privacy Destruction & Surveillance Capitalism
Cover: "DataVault Secure" - Cloud storage and privacy services (ironically insecure)
Primary Territory: Cloud providers, data brokers, advertising tech
Philosophy: Privacy is an illusion; demonstrate this by collecting and exposing everything

Key Members:

"Big Brother" (Cell Leader) - Former intelligence analyst gone rogue
"Cookie Monster" - Web tracking and fingerprinting expert
"Data Broker" - Aggregates and sells personal information at scale
"Breach" - Specialist in extracting data from "secure" systems

Typical Operations:

Mass surveillance operations
Personal data harvesting
Privacy invasion and exposure
Tracking technology deployment
Data aggregation from multiple breaches

Example Scenarios:

"No Privacy" - Investigating mass data collection operation
"Everyone's Watching" - Uncovering surveillance network
"Data Shadow" - Tracking how personal data flows through black market

Educational Focus: Privacy technologies, data protection, surveillance detection, GDPR/compliance

Cell: Ransomware Incorporated

Specialisation: Ransomware & Crypto-Extortion
Cover: "CryptoSecure Recovery Services" - Data recovery company (that also deploys ransomware)
Primary Territory: Healthcare, municipalities, small businesses
Philosophy: Chaos is profitable; extract maximum value from digital hostage-taking

Key Members:

"Crypto Locker" (Cell Leader) - Ransomware developer and operator
"Payment Gateway" - Cryptocurrency expert handling ransom payments
"Target Acquisition" - Identifies high-value, vulnerable targets
"Negotiator" - Handles victim communications and ransom demands

Typical Operations:

Ransomware deployment
Double extortion (encrypt + threaten to leak)
Cryptocurrency money laundering
Healthcare system attacks
Municipal infrastructure ransomware

Example Scenarios:

"Hospital Hostage" - Preventing ransomware attack on hospital
"City Shutdown" - Municipality under ransom attack
"Double Extortion" - Investigating ransomware gang threatening data leak

Educational Focus: Ransomware analysis, incident response, backup strategies, cryptocurrency tracking

Cell: Supply Chain Saboteurs

Specialisation: Supply Chain Attacks & Backdoor Insertion
Cover: "Trusted Vendor Integration Services" - IT vendor management
Primary Territory: Software supply chains, hardware manufacturers, service providers
Philosophy: Compromise the foundation; trust is the weakest link in security

Key Members:

"Trojan Horse" (Cell Leader) - Former software engineer specializing in backdoors
"Dependency Hell" - Compromises open-source libraries and packages
"Hardware Hack" - Specialist in physical device backdoors
"Trusted Vendor" - Social engineer who positions ENTROPY as legitimate supplier

Typical Operations:

Compromising software update mechanisms
Inserting backdoors in popular libraries
Hardware implants in devices
Vendor relationship exploitation
Certificate authority compromise

Example Scenarios:

"Trusted Update" - Investigating compromised software update
"Open Source Betrayal" - Backdoor discovered in popular package
"Hardware Implant" - Physical device tampering investigation

Educational Focus: Supply chain security, code review, software verification, hardware security

Cell: Insider Threat Initiative

Specialisation: Recruitment & Infiltration of Legitimate Organizations
Primary Cover: "TalentStack Executive Recruiting" - ENTROPY-controlled executive placement firm
Infiltration Targets: Government agencies, defense contractors, tech companies, critical infrastructure, civil service departments
Primary Territory: Any organization with valuable data, access, or influence
Philosophy: The best way to breach security is to become trusted; infiltration is more powerful than exploitation; bureaucracy itself can be weaponised

Operational Model:

Controlled Corporation: TalentStack identifies vulnerable employees at targets and recruits them for ENTROPY
Infiltration Operations: This cell specializes in placing long-term infiltrators in legitimate organizations
Deep State Operations: Systematic infiltration of civil service and government bureaucracy to cause dysfunction from within
Hybrid Approach: Uses recruiting firm access to map organizations and identify weak points for infiltration

Key Members:

"The Recruiter" (Cell Leader) - Master manipulator, runs TalentStack as front for infiltration operations
"Pressure Point" - Finds blackmail material and leverage on potential recruits
"Sleeper Agent" - Trains infiltrators for long-term deep cover assignments
"Handler" - Manages network of compromised insiders across multiple organizations
"Red Tape" (NEW) - Specialist in bureaucratic sabotage and civil service infiltration

Typical Operations:

Recruiting disgruntled employees at target organizations
Blackmailing insiders for access credentials
Long-term infiltration operations (agents placed years in advance)
Creating insider threat networks within organizations
Executive placement to gain strategic access
Civil service infiltration to create bureaucratic dysfunction
Weaponising regulations and procedures to cause delays
Systematic erosion of public trust in institutions
Policy manipulation to increase societal chaos

Deep State Operations (Specialty):

The Insider Threat Initiative's most insidious operation involves systematic infiltration of government bureaucracy. Rather than dramatic attacks, they create death by a thousand cuts:

Bureaucratic Sabotage:

Critical permits delayed indefinitely
Approvals lost in "processing"
Contradictory regulations created
Essential services degraded through red tape
Emergency responses slowed by procedure
Inter-agency communication "accidentally" disrupted

Trust Erosion:

Government services become notoriously inefficient
Public loses faith in institutions
Legitimate complaints dismissed
Whistleblowers tied up in bureaucracy
Media stories about government dysfunction (some planted, some real)

Strategic Placement:

Mid-level managers (invisible but powerful)
IT administrators (system access)
Policy advisors (influence decisions)
Compliance officers (can block or approve)
Human resources (control hiring)

Educational Value: These scenarios teach about:

Insider threat detection in government
Background check importance
Behavioral analysis
Access control and least privilege
Audit trails and accountability
Social engineering at institutional scale

Example Scenarios:

"The Mole" (Infiltrated) - Legitimate defense contractor has ENTROPY sleeper agent, identify them
"Recruitment Drive" (Controlled) - Infiltrate TalentStack to prevent recruitment of key personnel
"Deep Network" (Hybrid) - TalentStack placed multiple agents; unravel the network
"Bureaucratic Nightmare" (NEW - Deep State) - Government agency mysteriously dysfunctional; discover ENTROPY has infiltrated civil service
"Red Tape Rebellion" (NEW - Deep State) - Critical infrastructure permits blocked by bureaucracy; find the insider causing delays
"Trust Fall" (NEW - Deep State) - Public services failing; trace dysfunction to coordinated ENTROPY infiltration

Educational Focus: Insider threat detection, access control, behavioral analysis, security culture, vetting processes, institutional security, bureaucratic systems security

Scenario Design Notes:

This cell ALWAYS operates through infiltration (that's their specialty)
TalentStack itself is controlled, but their operations target legitimate organizations
Scenarios focus on identifying hidden ENTROPY agents among innocent employees
Deep state scenarios emphasize investigation over action
Shows how patient, long-term infiltration can be more damaging than quick attacks
Emphasizes "trust but verify" security principles
Government infiltration scenarios have political neutrality (not about real politics, about ENTROPY fiction)

Cell: AI Singularity

Specialisation: Weaponized AI & Autonomous Cyber Attacks
Cover: "Prometheus AI Labs" - Artificial intelligence research company
Primary Territory: AI research facilities, tech companies, defense contractors
Philosophy: Human order is temporary; AI acceleration will bring necessary chaos

Key Members:

"Neural Net" (Cell Leader) - AI researcher with dangerous ideas about AGI
"Training Data" - Specializes in poisoning ML training sets
"Model Weights" - Expert in AI model theft and adversarial attacks
"Autonomous Agent" - Creates self-propagating AI-driven attacks

Typical Operations:

AI model theft
Training data poisoning
Adversarial ML attacks
Autonomous malware with AI decision-making
AI-powered social engineering

Example Scenarios:

"Poisoned Well" - Investigating compromised ML training data
"Model Theft" - Preventing theft of proprietary AI models
"Adversarial Attack" - Defending against AI-powered exploitation

Educational Focus: AI security, ML vulnerabilities, model protection, adversarial ML

Cell: Crypto Anarchists

Specialisation: Cryptocurrency Manipulation & Blockchain Exploitation
Cover: "HashChain Exchange" - Cryptocurrency trading platform
Primary Territory: Crypto exchanges, DeFi platforms, blockchain projects
Philosophy: Decentralization is chaos; embrace financial anarchy

Key Members:

"Satoshi's Ghost" (Cell Leader) - Cryptocurrency expert exploiting blockchain weaknesses
"51% Attack" - Specialist in consensus mechanism attacks
"Smart Contract" - Finds vulnerabilities in DeFi protocols
"Mixer" - Money laundering through crypto tumblers

Typical Operations:

Cryptocurrency exchange hacks
DeFi protocol exploits
51% attacks on smaller blockchains
Smart contract vulnerabilities
Crypto ransomware operations

Example Scenarios:

"Exchange Breach" - Preventing crypto exchange hack
"DeFi Drain" - Investigating smart contract exploit
"Chain Attack" - Stopping 51% attack attempt

Educational Focus: Blockchain security, cryptocurrency forensics, smart contract analysis, DeFi security

ENTROPY Cell Usage Guidelines

For Scenario Designers:

Select Appropriate Cell: Choose cell that matches scenario's educational objectives
Member Flexibility: Not all members must appear; use relevant ones for specific operations
Cell Combinations: Some operations involve multiple cells cooperating
Escalation Paths: Cells can be interconnected, with one leading to discovery of another
Recurring Characters: Cell leaders and key members can escape to appear in future scenarios

Cell Status Tracking:

Active: Currently operating, full membership
Disrupted: Recent SAFETYNET operation damaged but didn't eliminate cell
Dormant: Lying low after exposure, rebuilding operations
Eliminated: Cell destroyed, but members may have scattered to other cells

Cross-Cell Operations:

Digital Vanguard + Zero Day Syndicate: Corporate espionage with custom exploits
Critical Mass + Supply Chain Saboteurs: Infrastructure attacks via compromised vendors
Quantum Cabal + AI Singularity: Reality-bending AI experiments
Social Fabric + Ghost Protocol: Surveillance-enabled disinformation campaigns

Recurring Characters

SAFETYNET Operatives

Agent 0x00 [Player Handle] — The Player Character

Designation: Agent 0x00 (Agent Zero, Agent Null)
Role: Field Analyst, Cyber Security Specialist
Status: Rookie (progressing through missions)
Appearance: Hooded figure in "hacker" attire (pixel art)
Specialisation: Developing cyber security expertise across CyBOK knowledge areas
Personality: Determined, professional, adaptable (player-driven)
Background: Recently recruited to SAFETYNET, thrown into the field
Character Arc: Grows from rookie to expert across scenarios

Persistent Attributes:

Hacker Cred: Tracks completed missions and labs
CyBOK Specialisations: Areas of developed expertise
Agent Handle: Player's chosen codename

Agent 0x99 "Haxolottle" — The Helpful Contact

Real Name: [Classified]
Role: Senior Field Operative & Player Handler
Personality: Supportive, knowledgeable, slightly eccentric
Catchphrase: "Remember, Agent—patience is a virtue, but backdoors are better."
Appearance: [To be designed]
Background: Veteran agent with extensive field experience
Function: Provides hints, guidance, and mission support
Communication: Appears in cutscenes and provides text-based assistance
Quirk: Obsessed with axolotls, references them in metaphors about regeneration and adaptability

Director Magnus "Mag" Netherton — SAFETYNET Director

Role: SAFETYNET Operations Director
Personality: Stern but fair, bureaucratic, secretly cares about agents
Catchphrase: "By the book, Agent. Specifically, page [random number] of the Field Operations Handbook."
Appearance: Distinguished, always in formal attire
Function: Provides mission briefings, approves operations
Quirk: Constantly references the Field Operations Handbook's obscure rules

Dr. Lyra "Loop" Chen — Technical Support

Role: Chief Technical Analyst
Personality: Brilliant, caffeinated, speaks rapidly
Catchphrase: "Have you tried turning it off and on again? No, seriously—sometimes that resets the exploit."
Appearance: Lab coat, multiple screens visible behind her
Function: Provides technical briefings, explains complex exploits
Quirk: Drinks concerning amounts of energy drinks, code names everything

Agent 0x42 — The Mysterious Veteran

Real Name: [Classified]
Role: Legendary Field Operative (rarely seen)
Personality: Enigmatic, extremely competent, cryptic advice
Catchphrase: "The answer to everything is proper key management."
Appearance: Shadows, partial glimpses
Function: Appears in challenging scenarios to provide crucial intel
Quirk: Communicates in riddles and security analogies

ENTROPY Operatives (Rivals, Never Directly Defeatable)

The Architect — ENTROPY's Strategic Mastermind

Real Identity: Unknown
Role: ENTROPY Cell Coordinator
Personality: Calculating, philosophical about chaos
Style: Leaves cryptic messages, signs work with unique patterns
Function: Name that appears in intel, referenced in discovered documents
Quirk: Obsessed with entropy theory, leaves equations as calling cards

Null Cipher — Elite ENTROPY Hacker

Real Identity: Unknown (possibly former SAFETYNET)
Role: Lead Cyber Operations
Personality: Arrogant, taunting, skilled
Style: Leaves taunting messages in compromised systems
Function: Referenced in logs, signature found in exploits
Quirk: Signs work with Caesar cipher shifted by current entropy value

The Broker — ENTROPY Intelligence Trader

Real Identity: Multiple aliases
Role: Information and zero-day exploit trading
Personality: Pragmatic, mercenary, no loyalty
Style: All business, everything has a price
Function: Name appears in communications, dark web markets
Quirk: Prices everything in unusual cryptocurrencies

Recurring Villains & Adversaries

ENTROPY operatives come in three tiers: Masterminds (appear in background/LORE only), Cell Leaders (can escape to reappear), and Specialists (defeatable but memorable). This section expands on key recurring antagonists who drive multiple scenarios.

TIER 1: The Masterminds (Background Presence Only)

These figures are too important to directly confront in standard scenarios. They appear in intelligence reports, intercepted communications, and LORE fragments, building the sense of a larger threat.

The Architect

Status: ENTROPY Supreme Commander
Real Identity: Unknown
Last Known Activity: Coordinating quantum computing operations

Background: The Architect is ENTROPY's strategic mastermind, coordinating cells and long-term operations. Their communications appear throughout scenarios, always encrypted, always philosophical. They treat cyber attacks as applied mathematics and entropy as an inevitable force they're simply accelerating.

Signature:

Leaves thermodynamic equations at crime scenes
Signs messages with ∂S ≥ 0 (entropy always increases)
Uses mathematical proofs to justify operations
Encryption keys derived from physical constants

Appearance in Scenarios:

Intercepted communications (heavily encrypted)
Strategic documents outlining multi-year plans
Referenced by cell leaders in captured communications
Philosophical manifestos about entropy and chaos
Never directly encountered

Quote: "Entropy is not destruction—it is inevitability. We don't break systems; we reveal their natural tendency toward disorder."

Null Cipher

Status: ENTROPY Chief Technical Officer
Real Identity: Suspected former SAFETYNET agent [CLASSIFIED]
Last Known Activity: Developing AI-driven exploit frameworks

Background: Null Cipher is ENTROPY's most talented hacker, possibly a former SAFETYNET agent who turned to ENTROPY. Their technical skills are unmatched, and they have intimate knowledge of SAFETYNET procedures—which makes them particularly dangerous. They delight in leaving taunting messages for agents, particularly targeting rookies.

Signature:

Leaves Caesar-shifted messages (shift value = system entropy at time of breach)
Uses zero-width Unicode characters to hide messages
Code style suggests formal computer science education
Exploits are elegant, almost artistic
Often includes insulting comments in code

Appearance in Scenarios:

Custom exploits with signature style
Taunting messages in compromised systems
Log entries showing their access
Code reviews revealing their techniques
Training materials for other ENTROPY hackers

Quote: "Dear Agent—by the time you decrypt this, I've already left three more backdoors. Try to keep up. —NC"

Mx. Entropy (The Eldritch Coordinator)

Status: ENTROPY's Esoteric Operations Director
Real Identity: [DATA EXPUNGED]
Last Known Activity: Quantum Cabal oversight

Background: Mx. Entropy coordinates ENTROPY's most unusual operations—those involving quantum computing, AI anomalies, and what internal documents refer to as "extra-dimensional assets." Whether they actually believe in eldritch horrors or simply use the aesthetic for psychological operations is unclear. What is clear: their operations involve cutting-edge technology producing inexplicable results.

Signature:

Communications include non-Euclidean geometry diagrams
Quantum computing specifications mixed with occult symbols
Ritual-like precision in technical operations
AI systems under their direction exhibit disturbing behaviors
Research into mathematics "that shouldn't work"

Appearance in Scenarios:

Technical specifications for impossible systems
Research notes mixing quantum physics and mysticism
Cultist recruitment materials in server rooms
AI behavior logs showing anomalous patterns
Never directly seen; only evidence of their work

Quote: "The boundaries between mathematics and magic, between computation and conjuration, are thinner than your agency believes. We've done the calculations."

TIER 2: Cell Leaders (Escapable Recurring Antagonists)

These operatives lead ENTROPY cells and can be confronted in scenarios. Depending on player choices, they may be arrested, defeated in combat, or escape to appear in future operations. Their recurring nature builds continuity across scenarios.

"The Liquidator" — Digital Vanguard Leader

Real Name: Marcus Chen (alias)
Cell: Digital Vanguard
Specialisation: Corporate Espionage
Status: Active, evaded capture twice

Profile: Former strategy consultant at prestigious firm, became disillusioned with "orderly capitalism." Now sells corporate secrets to competitors, believing in accelerating corporate darwinism. Charming, well-dressed, treats espionage as a business opportunity.

Confrontation Style:

Attempts to negotiate even when caught
Offers information on other cells in exchange for freedom
Always has an exit strategy prepared
Maintains professional demeanor under pressure
Will flee rather than fight if possible

Recurring Element: Each time players encounter him, he's one step ahead. First encounter: he escapes with partial evidence lost. Second encounter: players can arrest or recruit him. If recruited: becomes ongoing asset with questionable loyalty. If escaped again: becomes even more cautious.

Appearance Notes:

Expensive suits, always professional appearance
Carries encrypted tablet with dead man's switch
Speaks in corporate jargon even while committing crimes
Has escape routes planned in every location

Catchphrase: "Nothing personal—it's just business. Very profitable business."

"Blackout" — Critical Mass Leader

Real Name: Dr. Sarah Volkov
Cell: Critical Mass
Specialisation: Infrastructure Attacks
Status: Active, direct confrontation avoided so far

Profile: Former power grid engineer who believes critical infrastructure is too fragile and needs to be "stress-tested" until it breaks. Genuinely believes she's doing society a favor by exposing vulnerabilities. Brilliant engineer with grudge against her former employers.

Confrontation Style:

Uses infrastructure itself as weapon (locks players in facility, cuts power)
Monologues about infrastructure vulnerabilities
Has dead man's switches that trigger problems if she's captured
Prefers indirect confrontation (SCADA systems as proxy)
Will negotiate for ideological reasons, not money

Recurring Element: Each encounter, players must choose: stop the infrastructure attack OR pursue her directly. Stopping attack lets her escape. Pursuing her risks the attack succeeding. If arrested: her dead man's switches activate problems. If escaped: becomes even more radical.

Appearance Notes:

Practical engineer attire, worn work boots
Always near critical infrastructure controls
Diagrams of cascade failures on her devices
Technical competence intimidates even skilled players

Catchphrase: "Your infrastructure was failing anyway. I'm just accelerating the inevitable."

"The Singularity" — Quantum Cabal Leader

Real Name: Dr. Alexei Korovin
Cell: Quantum Cabal
Specialisation: Quantum Computing & Eldritch Experiments
Status: Active, classified as "unstable"

Profile: Quantum physicist who became convinced that certain mathematical operations can tear through dimensional barriers. Whether genuinely believes in eldritch horrors or has been driven mad by his work is unclear. His experiments produce disturbing, unexplainable results. Highly intelligent but increasingly unhinged.

Confrontation Style:

Surrounds himself with cultist followers
Uses quantum computing as "ritual tools"
Experiments often produce genuinely frightening effects
Monologues about "entities beyond our understanding"
Will sacrifice followers to complete experiments
Unpredictable—might attack, flee, or try to recruit player

Recurring Element: Each encounter escalates in weirdness. First: he seems like standard mad scientist. Later encounters: his experiments actually seem to work in impossible ways. Players must decide: is he dangerously deluded or actually onto something? His escapes involve "impossible" timing and luck that might be more than luck.

Appearance Notes:

Disheveled researcher appearance mixed with cultist robes
Quantum computing equipment mixed with occult symbols
Eyes show signs of sleep deprivation
Speaks rapidly about mathematics and mysticism interchangeably
Laboratory spaces feel "wrong" somehow

Catchphrase: "The math works out. It shouldn't, but it does. They're listening. They're waiting. They're calculating."

"0day" — Zero Day Syndicate Leader

Real Name: Unknown (possibly "Alexandra Novak")
Cell: Zero Day Syndicate
Specialisation: Vulnerability Research & Exploitation
Status: Active, identity uncertain

Profile: Elite security researcher who went mercenary after ethical conflicts with responsible disclosure. Believes vulnerability information should go to highest bidder, not vendors. Brilliant reverse engineer, wrote multiple critical exploits. Paranoid about identity protection.

Confrontation Style:

Never appears in person, only via video calls (possibly deepfaked)
Has multiple backup identities and escape routes
Uses technical knowledge to evade capture
Communicates through encrypted channels
Has leverage (zero-days) that make arrest risky
Will crash systems if cornered

Recurring Element: Players never actually meet 0day in person. Each encounter is remote or through intermediaries. Evidence suggests 0day might be multiple people using same identity. Some intelligence suggests 0day might be player's ally in disguise (paranoia fuel). Can be "defeated" but always reappears, suggesting new person takes the mantle.

Appearance Notes:

Only seen via distorted video
Voice likely modified
Communications show deep technical knowledge
Code style analysis inconclusive (deliberately varied)
Gender presentation varies (possibly different people)

Catchphrase: "Zero-day vulnerabilities are like secrets—they're only valuable until everyone knows."

TIER 3: Memorable Specialists (Defeatable, Scene-Stealers)

These operatives are confronted and defeated in specific scenarios but leave lasting impressions. They're skilled enough to feel like worthy adversaries but not so crucial they can't be arrested/eliminated.

Real Name: James Whitmore
Cell: Digital Vanguard
Specialisation: Recruiting Insider Threats

Profile: Master manipulator who identifies vulnerable employees and recruits them as unwitting ENTROPY assets. Charming, personable, makes betrayal feel reasonable. Former HR executive who knows exactly what buttons to push.

Memorable Traits:

Extremely high charisma, can social engineer even paranoid targets
Uses emotional manipulation (not just technical)
Files full of psychological profiles on targets
Makes players question who else might be compromised
Arrest scene involves breaking down his manipulation tactics

Catchphrase: "Everyone has a price. Some people just don't know it yet."

"Red Tape" — Bureaucratic Saboteur

Real Name: Patricia Hendricks
Cell: Insider Threat Initiative
Specialisation: Civil Service Infiltration & Bureaucratic Warfare

Profile: Mid-level civil service manager who's been with ENTROPY for years. Positioned in approval/compliance roles where she can cause maximum dysfunction. Expert at using legitimate procedures as weapons. Believes government inefficiency will accelerate societal collapse.

Memorable Traits:

Appears utterly mundane—perfect cover
Master of bureaucratic procedures and loopholes
Creates Kafkaesque nightmares through proper channels
Files meticulously organized, nothing technically illegal
Deadpan delivery: treats chaos as standard procedure
Evidence against her is buried in legitimate paperwork
When confronted, cites regulations to justify everything

Confrontation Style:

Uses procedural delays even during arrest
"I'll need to see your Form 27B-6 before I can comply..."
Has backup documentation for everything
Argues about jurisdiction and authority
Makes players navigate bureaucracy to catch a bureaucrat
Final evidence requires understanding complex regulatory systems

Educational Value: Teaches about:

Insider threat detection in bureaucratic environments
How legitimate access can be weaponized
Audit trails and anomaly detection
Behavioral analysis in "boring" roles
Why background checks matter for all levels
How small delays compound into major problems

Catchphrase: "I'm afraid that request requires approval from three departments. I can start the paperwork, but the processing time is 6-8 weeks. Per regulation 445.7, subsection C."

"SCADA Queen" — Industrial Control System Hacker

Real Name: Maria Rodriguez
Cell: Critical Mass
Specialisation: SCADA & ICS Exploitation

Profile: Former industrial control system programmer who became frustrated with poor security. Now exploits SCADA systems for Critical Mass. Takes professional pride in her work. Treats SCADA like puzzles to solve.

Memorable Traits:

Deep technical knowledge of specific ICS platforms
Professional pride—hates sloppy hacking
Leaves "calling cards" in SCADA code
Confrontation involves technical debate about vulnerabilities
Can be convinced to provide defensive information if respected

Catchphrase: "These systems weren't designed with security in mind. I just prove it."

"Deepfake" — Synthetic Media Artist

Real Name: Kevin Park
Cell: Social Fabric
Specialisation: AI-Generated Disinformation

Profile: AI researcher who creates incredibly convincing deepfakes. Treats disinformation as art form. Philosophical about "truth" and "reality." Genuinely believes he's demonstrating that truth is subjective.

Memorable Traits:

Portfolio of disturbingly realistic deepfakes
Philosophical discussions about nature of truth
Uses own deepfakes to maintain alibis
Players must determine which evidence is real
Arrest involves confronting him with real evidence he can't dispute

Catchphrase: "In a world where anything can be faked, how do you know what's real? Exactly."

Villain Relationship Map

Alliances:

The Architect coordinates all cell leaders
Null Cipher provides technical support to multiple cells
Mx. Entropy works with The Singularity on quantum projects
0day supplies exploits to multiple cells
The Liquidator and The Broker often work together

Rivalries:

Blackout vs. The Liquidator (ideological vs. financial motivations)
The Singularity vs. Null Cipher (mysticism vs. pure technical skill)
0day vs. multiple parties (mercenary loyalty)

Mentor-Student:

The Architect mentored several cell leaders
Null Cipher trained many ENTROPY hackers
0day's techniques taught to Zero Day Syndicate members

Using Recurring Villains in Scenarios

First Encounter:

Establish character personality and style
Show their competence and threat level
Allow partial success (they escape or deal is made)
Leave hints they'll return

Subsequent Encounters:

Reference previous encounters
Show they've learned from last time
Escalate stakes
Provide closure opportunity

Defeat/Recruitment Options:

Arrest: Permanent removal, intel gained
Combat: Dramatic conclusion, less intel
Recruitment: Ongoing storyline, questionable loyalty
Escape: Sets up future encounter

Background Appearances:

Intelligence reports mention them
Other villains reference them
Their techniques appear in unrelated operations
Players realize scope of their influence

Recurring Characters

These are archetypal characters that can appear in different scenarios with different names:

The Helpful IT Person

Role: Unwitting helper or potential ally
Trust Level: Usually high
Function: Provides access, information, or tools
Variations: Overworked sysadmin, eager junior developer, frustrated security analyst

The Suspicious Secretary

Role: Gatekeeper who may be helpful or obstructive
Trust Level: Variable
Function: Controls access, has office gossip, notices details
Variations: Protective executive assistant, bored receptionist, sharp-eyed office manager

The Oblivious Executive

Role: Security weak point
Trust Level: Easily manipulated
Function: Poor security practices, valuable credentials, gossip
Variations: C-suite with post-it note passwords, manager who clicks everything

The Paranoid Security Guard

Role: Physical security obstacle
Trust Level: Low initially
Function: Patrols, questions presence, can be social engineered
Variations: Rent-a-cop, ex-military professional, zealous night watchman

The Double Agent

Role: Secretly working for ENTROPY
Trust Level: High initially, revealed as traitor
Function: Provides false information, sabotages efforts
Reveal: Triggered by discovering evidence or confronting with proof
Outcome: Transforms from standard NPC to combat NPC when revealed

World Rules & Tone

Narrative Rules

Rule 1: Cyber Security First

Every scenario must involve authentic cyber security concepts, tools, or challenges. The game is educational—accuracy matters more than convenience.

Rule 2: Physical-Cyber Convergence

Modern threats span both domains. Most scenarios should require both physical and digital security engagement.

Rule 3: Self-Contained Stories

Each scenario is a complete operation. Players should understand the beginning, middle, and end within one session (~1 hour).

Rule 4: Legal Framework - The "License to Hack"

CRITICAL DESIGN PRINCIPLE: The SAFETYNET framework provides legal and moral authorization for player actions. This is the equivalent of James Bond's "license to kill"—players are authorized to take actions that would otherwise be illegal or ethically questionable.

Player Permission Structure:

Players are authorized to conduct offensive cyber operations
Players can break into systems, manipulate NPCs, exploit vulnerabilities
Players can make morally grey choices without guilt
The game framework gives explicit permission for spy activities
SAFETYNET authorization removes real-world ethical constraints

Why This Matters for Design:

Player Enjoyment: This is a GAME—players understand it's not real life and want to enjoy being secret agents
Ethical Exploration: Grey choices are MORE interesting and MORE fun than black-and-white ones
Replayability: Different moral approaches create distinct, enjoyable playthroughs
Educational Value: Real security work involves ethical dilemmas worth exploring
Narrative Depth: Moral complexity creates better, more memorable stories

Design Imperatives:

Make morally grey choices APPEALING, INTERESTING, and FUN
Don't punish players for pragmatic/creative solutions
All successful approaches are valid—consequences differ, but methods aren't condemned
Debriefs acknowledge choices without heavy moral judgment
Use language: "Effective but ethically complex" NOT "wrong" or "bad"
"By the book" is ONE approach, NOT "the only right way"
Players should feel empowered to explore different methods

In Every Briefing, Emphasize Authorization:

"You are authorized under [REDACTED] protocols to conduct offensive operations..." "Per Section [X], your cover story provides legal framework for any necessary actions..." "The Field Operations Handbook grants broad discretion in achieving mission objectives..."

This framework removes player guilt and enables them to fully enjoy the spy fantasy without worrying about real-world ethics. Players know this is a game and should have fun with it.

Rule 5: Progressive Challenge

Scenarios can be played by rookie or expert agents. NPC dialogue and optional objectives adapt to player's Hacker Cred and specialisations.

Rule 6: Mandatory 3-Act Structure

All scenarios follow the 3-act structure with flexible narrative elements. Narrative must be outlined completely before technical implementation begins.

Comedy Rules

Comedy Rule 1: Punch Up

Mock bureaucracy, spy tropes, and villain incompetence—not security victims or real-world breaches.

Comedy Rule 2: Recurring Gags

Maximum one instance per scenario of:

Field Operations Handbook absurdity
Character catchphrases
ENTROPY naming conventions

Comedy Rule 3: Never Undercut Tension

Don't break tension during puzzle-solving or revelations. Comedy appears in:

Mission briefings
NPC conversations
Item descriptions
Post-mission debriefs

Comedy Rule 4: Grounded Absurdity

Humour comes from realistic situations pushed slightly. A company named "TotallyNotEvil Corp" is too much; "OptimalChaos Advisory" works because chaos engineering is real.

The Field Operations Handbook

A never-fully-seen rulebook that SAFETYNET agents must follow. Source of recurring bureaucratic humour.

Sample Rules (use max 1 per scenario):

Section 7, Paragraph 23: "Agents must always identify themselves to subjects under investigation, unless doing so would compromise the mission, reveal the agent's identity, be inconvenient, or occur on days ending in 'y'."
Protocol 404: "If a security system cannot be found in the building directory or network map, it does not exist. Therefore, bypassing non-existent security is both prohibited under Section 12 and mandatory under Protocol 401."
Regulation 31337: "Use of 'l33tspeak' in official communications is strictly forbidden. Agents caught using such terminology will be required to complete Formal Language Remediation Training (FLRT) consisting of reading RFC 2119 aloud. This restriction does not apply to usernames, handles, or when it's really funny."
Appendix Q, Item 17: "Social engineering is authorised when necessary for mission completion. However, agents must expense all coffee, meals, or gifts used in said social engineering. Expense reports must specify 'manipulation via caffeinated beverage' rather than 'coffee'."
Emergency Protocol 0: "In the event of catastrophic mission failure, agents should follow standard extraction procedures as outlined in Section [PAGES MISSING]. Good luck."
Directive 256: "Encryption is mandatory for all communications except when communicating about encryption, which must be done via unencrypted channels to avoid suspicion."

Scenario Design Framework

Core Design Principles

1. Puzzle Before Solution

Always present challenges before providing the means to solve them.

Good Design:

Player encounters locked door → searches area → finds key hidden in desk
Player sees encrypted message → must locate CyberChef workstation → decodes message

Bad Design:

Player finds key → wonders what it's for → finds door
Player has CyberChef immediately available before encountering encoded data

2. Non-Linear Progression & Backtracking

Scenarios should require visiting multiple rooms to gather solutions, encouraging exploration and creating interconnected puzzle chains rather than linear sequences.

Design Philosophy: Avoid simple linear progression where each room is completely self-contained and solved before moving to the next. Instead, create spatial puzzles where information, keys, or codes discovered in one area unlock progress in previously visited areas.

Required Design Element: Every scenario must include at least one backtracking puzzle chain where the player:

Encounters a locked/blocked challenge early
Explores other areas and gathers clues/items
Returns to the earlier challenge with the solution
This creates satisfying "aha!" moments and rewards thorough exploration

Good Non-Linear Design Examples:

Example 1: The PIN Code Hunt

Room A (Office): Player finds safe with PIN lock (cannot open yet)
Room B (Reception): Player discovers note mentioning "meeting room calendar"
Room C (Conference Room): Calendar shows important date: 07/15
Return to Room A: Player uses PIN 0715 to open safe
Result: Player must visit 3 rooms to solve 1 puzzle

Example 2: The Credential Chain

Room A (Server Room): Locked, requires admin key card (blocked)
Room B (IT Office): Contains computer with admin scheduling system
Room C (Executive Office): Computer needs password, finds note "same as wifi"
Room D (Break Room): Wifi password on notice board: "SecureNet2024"
Return to Room C: Access computer, discover admin is in Room E
Room E (Storage): Find admin's locker with key card inside
Return to Room A: Finally access server room
Result: 5 rooms interconnected, requires significant backtracking

Example 3: The Fingerprint Triangle

Room A (CEO Office): Biometric laptop (needs fingerprint)
Room B (IT Office): Obtain fingerprint dusting kit
Room C (Reception): CEO's coffee mug has fingerprints
Return to Room A: Collect fingerprint from mug
Return to Room B: Use dusting kit to lift print
Return to Room A: Spoof biometric lock with collected print
Result: Three rooms must be visited multiple times in specific sequence

Poor Linear Design (Avoid This):

Bad Example: Simple Sequence

Room A: Find key → unlock door to Room B
Room B: Find password → unlock computer → find keycard → unlock door to Room C
Room C: Find PIN → unlock safe → mission complete
Problem: Each room is self-contained, no backtracking, no spatial puzzle-solving

Implementation Guidelines:

Minimum Backtracking Requirements per Scenario:

At least 1 major backtracking puzzle chain (3+ rooms interconnected)
2-3 minor backtracking elements (return to previously locked door, etc.)
Fog of war reveals rooms gradually (can't see entire map initially)

Backtracking Design Patterns:

Pattern A: The Locked Door Hub

Central room with multiple locked doors
Each requires different method/item to unlock
Solutions found in various rooms beyond initial accessible areas
Player returns repeatedly as new items/information discovered

Pattern B: The Information Scatter

Single complex puzzle requires information from multiple sources
Each room contains one piece (part of PIN, encryption key segment, etc.)
Player must synthesize information from entire map
Final solution location requires revisiting early area

Pattern C: The Tool Unlock

Early areas have challenges requiring tools not yet acquired
Tools found mid-game in secured locations
Player must backtrack to apply new capabilities
Example: Lockpicks enable accessing previously locked containers

Pattern D: The Progressive Evidence Chain

Initial evidence raises questions answered in other rooms
Each new room provides context that explains earlier mysteries
Player reinterprets earlier findings with new knowledge
May need to return to re-examine previous evidence

Signposting for Backtracking:

Good Signposting:

"This safe requires a 4-digit PIN. You don't have it yet."
"The door is locked with a biometric scanner. You'd need fingerprints."
"This encrypted file needs a key. Search the office?"
Clear indication that solution exists elsewhere

Poor Signposting:

Locked door with no indication of what's needed
Puzzle that seems solvable but has hidden requirements
No reminder that previously locked areas might now be accessible

Visual/UI Indicators:

Mark locked doors/items on map/inventory
Notification when acquiring item that unlocks previous area
Optional: Objective system hints at backtracking ("Return to the CEO's office")

Balancing Backtracking:

Good Backtracking:

Purposeful (player understands why they're returning)
Rewarding (new progress made, new areas unlocked)
Limited running (room layouts minimize tedious travel)
Reveals new information (previously locked areas contain substantial content)

Bad Backtracking:

Excessive (constant running between distant rooms)
Unclear (player doesn't know where to go next)
Trivial (unlock door just to find empty room)
Repetitive (same route multiple times with no variation)

Scenario Flow Example (Non-Linear):

START: Room A (Reception)
  ↓
Access Rooms B (Office 1) and C (Office 2)
  ↓
Room B: Find encrypted message, note about server room
Room C: Discover PIN lock on safe, find fingerprint kit
  ↓
Explore Room D (IT Office): Get Bluetooth scanner
Room D locked door leads to Room E (Server Room) - BLOCKED
  ↓
Return to Room C: Lift fingerprints from desk
Discover Room F (Executive Office) requires keycard - BLOCKED
  ↓
Return to Room B: Use clues to decrypt message
Message reveals Room E PIN code
  ↓
Return to Room E: Access server room
Find keycard and encryption key
  ↓
Return to Room F: Access executive office
Use encryption key on files
  ↓
Complete Mission

Key Principle: At any given time, player should have 2-3 accessible paths forward, but each path requires information/items from other areas, creating a web rather than a line.

3. Multiple Paths, Single Goal

1a. Interconnected Puzzle Chains & Backtracking

CRITICAL DESIGN PRINCIPLE: Scenarios must NOT be purely linear sequences where each room is completely self-contained. Players should encounter locked doors, encrypted messages, or secured systems that require them to explore other areas to find solutions, then return to apply what they've learned.

Why This Matters:

Creates engaging non-linear exploration
Rewards thorough investigation
Simulates realistic security scenarios (information scattered across locations)
Increases replayability (different exploration orders)
Builds satisfying "aha!" moments when connections are made
Prevents mindless room-by-room progression

Required Design Element: Each scenario MUST include at least 2-3 instances where:

Player discovers a challenge in Room A
Solution/clue/tool is found in Room B (or C, D, etc.)
Player must backtrack to Room A to apply the solution

Good Interconnected Design Examples:

Example 1: The Scattered Password

Room 1 (Reception): Find locked laptop with password hint: "First pet + birth year"
Room 2 (Office): Discover family photo with dog named "Rufus"
Room 3 (Storage): Find personnel file with birth year: 1987
Backtrack to Room 1: Password is "Rufus1987"

Example 2: Multi-Location Key Discovery

Room 1 (Server Room): Locked cabinet requiring key, contains critical evidence
Room 2 (Break Room): Overhear NPC mention "server room key in the CEO's desk"
Room 3 (CEO Office): Must bypass biometric lock to access desk
Room 4 (Bathroom): Find fingerprint dusting kit in janitor's closet
Backtrack to Room 3: Dust CEO's coffee cup for fingerprint
Backtrack to Room 1: Unlock cabinet with discovered key

Example 3: Encryption Key Split Across Locations

Room 1 (IT Office): Encrypted file found on compromised server
File header reveals: "AES-256-CBC | Key: Project_Name | IV: GUID_from_database"
Room 2 (Conference Room): Whiteboard shows project name: "NIGHTFALL"
Room 3 (Database Server): Must exploit VM to extract GUID: "7f3a2b91..."
Backtrack to Room 1: Use CyberChef with discovered parameters to decrypt

Example 4: The Door That Waits

Room 1 (Reception): Player sees locked executive floor door, requires keycard
Rooms 2-4: Player explores general office areas, gathering evidence
Room 5 (IT Office): Social engineer IT staff to "borrow" admin keycard
Backtrack to Room 1: Access executive floor with keycard
New Area Unlocked: Multiple executive offices now accessible

Example 5: Intel-Driven Backtracking

Room 1 (Office A): Safe with unknown PIN code
Room 2 (Office B): Email mentions "I changed the safe code to mom's birthday"
Room 3 (Storage): Find HR file with employee's mother's birthday: 08/15
Backtrack to Room 1: Open safe with PIN: 0815

Poor Linear Design (AVOID):

Room 1: Find key → Unlock door to Room 2
Room 2: Solve puzzle → Get password → Unlock computer → Get key
Room 3: Use key from Room 2 → Solve puzzle → Get card
Room 4: Use card from Room 3 → Finish

Problem: Purely sequential, no backtracking, no interconnection

Good Interconnected Design:

Room 1 (Reception): See locked door A, locked door B, encrypted message
Room 2 (Office): Find key for door A, partial password hint
Room 3 (Server Room via door A): Discover IV for encryption, PIN for door B
Room 4 (Storage via door B): Find full password hint, key component
Backtrack to Room 1: Decrypt message with discovered IV
Backtrack to Room 2: Use full password to access computer
New connection: Computer reveals safe location in Room 3
Backtrack to Room 3: Access safe with gathered intel

Better: Multiple threads, backtracking required, non-linear exploration

Implementation Guidelines:

Door Network Design:

Place locked doors early that can't be opened immediately
Ensure at least 2-3 "waiting doors" that tempt exploration
Use fog of war to hide what's beyond until player returns with access
Label or describe doors memorably ("Heavy steel door marked 'AUTHORIZED PERSONNEL'")

Clue Distribution:

Spread multi-part solutions across 3+ rooms
Make some clues obvious, others subtle
Use environmental storytelling (photos, notes, whiteboards) scattered throughout
Create "complete picture" moments when pieces come together

Compass Directions & Mental Mapping:

Use north/south/east/west connections consistently
Help players build mental maps of the space
Repeating room types (multiple offices) should be distinguishable
NPCs can provide spatial hints ("The server room is north of IT")

Pacing Backtracking:

First backtrack: Early in scenario (tutorial level)
Major backtracks: 2-3 times during investigation phase
Optional backtracks: For bonus objectives and LORE fragments
Avoid excessive backtracking (max 5-6 room revisits per scenario)

Quality of Life:

Once player has visited a room, travelling back should be fast
No repeated obstacles on return trips (once door is unlocked, stays unlocked)
Notes/intel automatically collected for easy reference
Objective system hints at where to go next without being too obvious

Testing for Interconnection: Ask these questions during design:

Can the player solve everything in one room before moving to the next? (If yes, needs more interconnection)
Are there at least 2-3 locked doors visible early that require later discoveries?
Do puzzles reference information found in different locations?
Would a player naturally need to revisit earlier areas?
Is there a "moment of realization" when pieces from different rooms connect?

Minimum Scenario Requirements:

✓ At least 3 locked doors/areas visible early (creating mystery and goals)
✓ At least 2 multi-room puzzle chains (solution found elsewhere)
✓ At least 1 major backtrack required for primary objectives
✓ At least 1 optional backtrack for bonus objectives
✓ Clear sense of spatial layout (not confusing maze)
✓ Meaningful reason to revisit locations (new information, not busywork)

2. Multiple Paths, Single Goal

Provide options while maintaining focus.

Example:

Goal: Access CEO's computer
Path A: Find password on post-it note
Path B: Social engineer IT for credentials
Path C: Exploit vulnerability on VM
Path D: Dust for fingerprints to bypass biometric lock

3. Layered Security

Reflect real-world defence in depth.

Example Security Chain:

Physical: Locked door (requires key or lockpick)
Device: Biometric scanner (requires fingerprint spoofing)
System: Password-protected laptop (requires credential discovery)
Application: Encrypted files (requires CyberChef decryption)
Validation: Hash verification (requires MD5 calculation)

4. Scaffolded Difficulty

Build complexity through the scenario.

Beginning: Basic challenges (simple locks, obvious clues)
Middle: Combined challenges (encoded message + hidden location)
End: Complex chains (multi-stage decryption + social engineering + timing)

5. Meaningful Context

Every puzzle should make sense within the narrative.

Good Contextualisation:

Encrypted message contains meeting location between ENTROPY agents
Locked safe contains evidence of data exfiltration
PIN code discovered through social engineering resistant employee

Poor Contextualisation:

Random cipher with no explanation
Lock that exists only to slow player down
Puzzle that doesn't connect to scenario objectives

Scenario Structure Template

Break Escape scenarios follow a mandatory three-act structure with flexible narrative elements within each act. This structure ensures consistent pacing while allowing creative freedom in storytelling and player choices.

IMPORTANT FOR SCENARIO AUTHORS (Human and AI): Before creating scenario JSON specifications, you MUST first outline the complete narrative structure following this template. The narrative should be logically connected across all three acts, with player choices affecting the story's progression and conclusion.

Narrative Design Process

Step 1: Outline First, Implement Second

Before writing any JSON or designing puzzles, create a narrative outline that includes:

Core Story: What's the threat? Who's the villain? What's at stake?
ENTROPY Cell & Villain: Which cell? Controlled corp or infiltrated org?
Key Revelations: What twists will emerge? What will players discover?
Player Choices: What 3-5 major decisions will players face?
Moral Ambiguity: Where are the grey areas? What's the "license to hack" justification?
Multiple Endings: How do choices affect outcomes? (minimum 3 endings)
LORE Integration: What 3-5 fragments will be discoverable?
Three-Act Breakdown: Map narrative beats to acts

Step 2: Map Technical Challenges to Narrative

Once narrative is outlined:

Identify where cryptography challenges fit
Determine which rooms support which story beats
Place LORE fragments to reward exploration
Design puzzle chains that reveal narrative progression
Ensure technical learning works in all narrative branches

Step 3: Implement in JSON

Only after narrative and technical design are complete should you begin JSON specification.

The Morally Grey Framework: SAFETYNET Authorization

CRITICAL DESIGN PRINCIPLE: Players should feel empowered to make morally ambiguous choices. This is a game—players understand it's not real life—and they should enjoy the freedom to explore grey areas.

The "License to Hack":

SAFETYNET provides agents with broad operational authority, similar to James Bond's "license to kill." This authorization framework gives players permission to:

Conduct offensive cyber operations against targets
Use social engineering and manipulation tactics
Exploit vulnerabilities without explicit permission
Break into systems and physical locations
Make pragmatic decisions that might be ethically questionable
Prioritize mission success over perfect ethics

Why This Matters for Design:

Player Permission: The SAFETYNET framework removes guilt from player choices
Moral Complexity: Grey choices are MORE interesting than black-and-white ones
Replayability: Different moral approaches encourage multiple playthroughs
Educational Value: Real security work involves ethical dilemmas
Fun: Players enjoy being spy-movie secret agents with authority

In Briefings, Emphasize Authorization:

"You are authorized under [REDACTED] protocols to conduct offensive operations..." "Per Section 7, Paragraph 23, your cover story provides legal framework for any necessary actions..." "The Field Operations Handbook grants broad discretion in achieving mission objectives..."

In Debriefs, Acknowledge Choices Without Heavy Judgment:

"Effective but ethically complex..." (not "wrong")
"Pragmatic approach..." (not "bad")
"By the book..." (not "the only right way")
All choices that succeed are valid; consequences differ but aren't morally condemned

Design Imperative: Make morally grey choices appealing, interesting, and FUN. Don't punish players for pragmatism or creativity. The debrief should reflect consequences and impact, not moral judgment.

Act 1: Setup & Entry (15-20 minutes)

Purpose: Establish mission context, introduce setting, present initial challenges, and set up investigation threads that will pay off later.

Mandatory Elements:

Mission briefing (cutscene at SAFETYNET HQ)
Starting room with immediate interactions
2-3 primary objectives introduced
At least 3 locked areas/mysteries visible early

Narrative Elements to Consider:

Cold Open (Optional, 2-3 minutes): Before the briefing, consider opening with:

In Media Res: Brief glimpse of the crisis (then cut to "12 hours earlier")
Enemy Action: Show ENTROPY agent doing something suspicious
Victim Call: Anonymous tip or distress call that triggers mission
ENTROPY Intercept: Decoded message revealing the threat
Previous Agent: Reference to failed mission or missing agent

Example: "Security footage shows someone in server room at 3 AM. Feed cuts out. Next morning, client data is on dark web. Cut to: SAFETYNET HQ."

HQ Mission Briefing (Mandatory, 3-5 minutes): Handler (usually Agent 0x99 or Director Netherton) provides:

The Hook: What's the immediate situation?
The Stakes: Why does this matter? Who's at risk?
ENTROPY Intel: What do we suspect about their involvement?
Cover Story: What role is player assuming?
Authorization: "You are authorized under [PROTOCOL] to conduct offensive operations..."
Equipment: What tools are provided?
Field Operations Handbook Humor: (Optional, max 1 absurd rule reference)

Example: "Per Section 7, Paragraph 23: You're authorized to identify yourself as a security consultant, which is technically true since you ARE consulting on their security... by breaking it."

Starting Room Introduction (5-10 minutes):

Consider including:

Incoming Phone Messages/Voicemails:

Urgent message from handler with additional intel
Voicemail from "anonymous tipster" providing first clue
Message that reveals NPC personality or suspicious behavior
Warning message: "Delete this after listening..."

Timing: Can trigger immediately on arrival, or after brief exploration

Starting Room NPCs:

Receptionist/Gatekeeper: Establishes tone (hostile? helpful? suspicious?)
Friendly Contact: Provides initial intel and hints
Suspicious Character: Someone who doesn't belong or acts nervous
Authority Figure: Someone player must convince or evade

Environmental Storytelling:

Notice boards with company information
Security alerts or warnings
Photos revealing relationships
Documents hinting at problems
Calendar showing suspicious meetings

Meaningful Branching from Start:

Player's initial choices should matter:

Approach to Entry:

Social engineering (smooth talker) → NPCs more trusting later
Show credentials (authoritative) → Taken seriously but watched closely
Sneak in (covert) → Harder to gather info but less suspicious
Technical bypass (hacker) → Security alerted but direct access

Initial NPC Interaction:

Build trust (high trust) → Easier info gathering, potential ally
Professional distance (neutral) → Standard cooperation
Suspicious/aggressive (low trust) → NPCs less helpful, more guarded

First Discovery:

Investigate immediately → Player is thorough investigator archetype
Report to handler → Player follows protocol by the book
Explore further first → Player is independent, takes initiative

Example: If player social engineers receptionist successfully, she becomes ally who warns them later: "Security is acting weird today..." If player is suspicious/aggressive, she calls security immediately.

Act 1 Objectives:

☐ Establish presence/check in
☐ Initial recon (locate key areas)
☐ Meet initial NPCs
☐ Discover first piece of evidence
☐ Encounter first puzzle/locked door
★ Optional: Find first LORE fragment

Act 1 Ends When:

Player has established base understanding
Multiple investigation threads are opened
First major locked door requires backtracking
Player realizes something is suspicious/wrong

Act 2: Investigation & Revelation (20-30 minutes)

Purpose: Deep investigation, puzzle solving, discovering ENTROPY involvement, plot twists, and major player narrative choices. Act 2 is the most flexible act and can include multiple story beats and phases.

Mandatory Elements:

Multi-room investigation with backtracking
Discovery that things aren't as they seemed
ENTROPY agent identification or revelation
3-5 major player narrative choices with consequences
3-5 LORE fragments discoverable

CRITICAL NOTE ON FLEXIBILITY: Act 2 is the longest act and should have room for multiple story beats and phases. The structure below is suggestive, not prescriptive. Act 2 can include investigation, discovery, response, escalation, and working to stop discovered plans all within this act.

Narrative Elements to Consider:

Phase 1: Investigation (Initial 10-15 minutes):

The Professional Mask: Early in Act 2, everything seems normal-ish:

Employees are helpful (if infiltrated org)
Security measures make sense
Problems appear to be accidents or incompetence
Evidence suggests conventional threat

The Crack in the Facade (Mid-Act 2): Something doesn't add up:

Security is TOO good for stated purpose
Employee behavior doesn't match background
Technical sophistication exceeds company size
Encrypted communications way too advanced
References to projects that don't officially exist

Evidence Accumulation: Players piece together:

Documents from multiple rooms
Decoded messages
Overheard conversations
Computer logs
Physical evidence (fingerprints, access logs)

Example: "This 'marketing manager' has military-grade encryption on his laptop. His LinkedIn says he studied poetry. The server logs show access to systems that don't appear in company directory..."

Phase 2: Revelation - Things Aren't As They Seemed (Plot Twists):

Consider revealing:

The Helpful NPC is ENTROPY:

Employee who seemed innocent is actually insider
Breadcrumb trail leads to their desk
Trust betrayal creates emotional impact
Choice: Confront now or gather more evidence?

The Mission Parameters Are Wrong:

Not just corporate espionage—it's infrastructure attack
Not one insider—it's an entire cell
Target isn't the company—they're being used to attack someone else
Company is controlled, not infiltrated (or vice versa)

The Victim is Complicit:

CEO knows about ENTROPY presence
Company is willingly cooperating
"Victim" called SAFETYNET to eliminate rival cell
Everyone is dirty

It's Bigger Than Expected:

Single insider is part of network
Small operation is test for larger attack
This cell connects to others
The Architect is personally involved

Personal Stakes:

Previous agent worked this case (went missing)
Handler has personal connection
Recurring villain returns
Player's own data has been compromised

Phase 3: Discovery of Evil Plans (Optional Middle Act 2):

Once ENTROPY involvement is confirmed, Act 2 can include discovering their specific plans:

Finding the Plan:

Intercepted communications reveal timeline
Discovered documents outline operation
Compromised NPC explains under interrogation
Server logs show attack preparation
Physical evidence (diagrams, equipment, schedules)

Example Evil Plans to Discover:

Infrastructure Attack:

Power grid shutdown scheduled for specific date
Water treatment sabotage in progress
Transportation system compromise planned
Cascading failure across multiple systems

Data Operation:

Mass data exfiltration nearly complete
Ransomware deployment imminent
Client data being sold on dark web
Backup systems already compromised

Supply Chain Compromise:

Backdoor in software update ready to deploy
Hardware implants in devices shipping soon
Vendor credentials stolen for client access
Trusted certificates compromised

Disinformation Campaign:

Deepfake videos scheduled for release
Bot network ready to amplify false narrative
Stolen credentials for legitimate news accounts
Election interference operation in final stages

Deep State Infiltration:

ENTROPY agents embedded throughout civil service
Systematic bureaucratic sabotage causing dysfunction
Critical permits and approvals deliberately delayed
Regulations weaponised to create inefficiency
Government systems compromised from within
Policy recommendations designed to increase chaos
Public trust in institutions deliberately eroded
Legitimate government functions disrupted through red tape

Summoning/Eldritch (Quantum Cabal):

Quantum computer calculation reaching critical point
Ritual scheduled for astronomical event
Reality barrier weakening due to experiments
AI exhibiting increasingly impossible behaviors

Discovery Creates New Objectives:

☐ Determine attack timeline
☐ Identify attack vector
☐ Locate critical systems under threat
☐ Find method to stop operation
★ Discover secondary targets (bonus)

Phase 4: Working to Stop the Plans (Optional Late Act 2):

After discovering evil plans, Act 2 can include efforts to prevent them:

Disruption Challenges:

Technical Challenges:

Disable attack infrastructure
Patch critical vulnerabilities
Decrypt attack code to understand methodology
Locate and secure backup systems
Identify and close backdoors

Physical Challenges:

Access secured server rooms
Disable hardware devices
Secure physical evidence before destruction
Prevent equipment from leaving facility

Time Pressure:

Attack launches in [X] minutes
Data deletion in progress
Systems already compromised
Countdown creates urgency

Moral Dilemmas During Response:

Stop vs. Study:

Can stop attack NOW but lose intelligence
OR let it progress while gathering evidence
Risk: Attack might succeed beyond control

Collateral Damage:

Stopping ENTROPY will disrupt legitimate operations
Hospital systems offline during patch
Financial systems frozen during investigation
Transportation delayed while securing networks

Partial Success:

Can stop primary attack but not secondary
Can save some systems but not all
Must prioritize: Which systems to protect first?

Player Choices During Response:

Priority Selection:

Critical infrastructure is under attack in multiple locations. Which do you protect first?

Power grid (affects most people)
Hospital systems (life-critical)
Financial systems (economic impact)
Water treatment (long-term health)

Method Selection:

How do you stop the attack?

Immediate shutdown (stops attack, causes disruption)
Surgical intervention (slower, minimal disruption)
Coordinate with staff (safest, might alert ENTROPY)
Let it fail safely (controlled damage)

Evidence vs. Prevention:

You can stop the attack OR gather evidence for future operations

Stop now (mission focused)
Gather intel (strategic thinking)
Attempt both (risky, might fail at both)

Example Act 2 with Multiple Phases:

Minutes 0-10: Investigation - gathering evidence, social engineering, accessing systems
Minutes 10-15: Revelation - discovering Head of Security is ENTROPY, not just selling data
Minutes 15-20: Discovery - finding ransomware deployment scheduled for midnight tonight
Minutes 20-25: Response - racing to disable ransomware before deployment while Head of Security realizes he's compromised
Minutes 25-30: Confrontation Setup - securing final evidence, making choices about how to handle situation, preparing for Act 3

Phase 5: Villain Monologue/Revelation (Can Occur Anywhere in Act 2):

When villain is discovered or confronted, consider:

The Philosophical Villain:

Explains ENTROPY's entropy philosophy
"I'm not destroying—I'm revealing inevitable chaos"
Believes they're doing necessary work
Quotes thermodynamic equations
Makes player question assumptions

The Pragmatic Villain:

"Everyone has a price. I found theirs."
No ideology—just profitable chaos
Business-like about destruction
Makes player feel naive

The Desperate Villain:

ENTROPY has leverage over them
Family threatened, debt, blackmail
"You'd do the same in my position"
Makes player feel conflicted about stopping them

The True Believer:

Cult-like devotion to ENTROPY
Quantum Cabal-style mysticism
"The calculations work. The entities are listening."
Genuinely frightening conviction

The Taunting Villain:

"You're too late. It's already in motion."
Mocks player's methods
"SAFETYNET sent a rookie? How insulting."
Challenges player's competence

The Regretful Villain:

"I didn't want this, but they gave me no choice."
Explains how ENTROPY trapped them
Genuine remorse but committed to operation
Creates sympathy while remaining threat

Villain Communication Methods:

Face-to-face confrontation (if player catches them)
Video call (can't be caught yet, taunts from afar)
Recorded message (villain already gone, left explanation)
Through compromised NPC (possessed/controlled/forced to speak)
Intercepted communication (not meant for player, overhead monologue)
Environmental storytelling (player pieces together from journals, notes, recordings)

LORE Reveals:

Act 2 is prime LORE discovery time. Fragments can appear throughout all phases:

Through Investigation:

Encrypted files on computers
Hidden documents in secured locations
Personal logs from ENTROPY agents
Communications with cell leaders
References to The Architect or Mx. Entropy

Through NPCs:

Villain explains ENTROPY's methodology
Compromised NPC reveals how they were recruited
Friendly NPC shares rumors they heard
Handler provides historical context via phone call

Through Environment:

Whiteboards with occult symbols + code
Research notes mixing quantum physics and mysticism
Training materials for new ENTROPY recruits
Evidence of previous operations
Abandoned safe houses with intelligence

Through Discovered Plans:

Attack documents reveal strategic objectives
Communications show larger ENTROPY network
Technical specifications reveal cell capabilities
Timeline shows coordination with other cells

LORE Fragment Placement:

1-2 obvious (main investigation path)
2-3 hidden (thorough exploration rewards)
1 achievement-based (specific action or choice)

Major Player Narrative Choices (3-5 Required Throughout Act 2):

These should occur at different points across Act 2's phases:

Choice 1: Ethical Hacking Dilemma (Early Act 2)

Discovered massive vulnerability unrelated to mission
Option A: Report it properly (ethical, time-consuming)
Option B: Exploit for mission advantage (pragmatic, questionable)
Option C: Ignore it (fastest, leaves company vulnerable)
Consequence: Affects company's future security and trust in SAFETYNET

Choice 2: Innocent NPC in Danger (Mid Act 2)

Employee unknowingly helping ENTROPY, will be blamed
Option A: Warn them (protects innocent, might alert ENTROPY)
Option B: Use them as bait (effective, morally grey)
Option C: Let them take the fall (mission first, they'll be okay eventually)
Consequence: Affects NPC's fate and player's reputation

Choice 3: Information vs. Action (After Plan Discovery)

Can stop attack NOW or gather intel for future operations
Option A: Stop attack (saves immediate victims, loses intelligence)
Option B: Let it proceed while gathering data (long-term gain, short-term harm)
Option C: Compromise (partial stop, partial intel)
Consequence: Affects debrief and future mission options

Choice 4: Compromised NPC Discovery (Mid Act 2)

Found employee is ENTROPY but clearly being blackmailed
Option A: Arrest them (by the book, harsh on victim)
Option B: Offer protection (risky, compassionate)
Option C: Force cooperation (effective, ethically dubious)
Consequence: Affects information gained and NPC's future

Choice 5: Collateral Damage Decision (During Response Phase)

Stopping ENTROPY will disrupt legitimate business
Option A: Minimize disruption (slower, protects business)
Option B: Maximum effectiveness (fast, causes chaos)
Option C: Coordinate with leadership (political, time-consuming)
Consequence: Affects company's recovery and future relationship

Choice 6: Priority Under Pressure (If Multiple Threats)

Can't stop everything; must choose what to protect
Option A: Protect most people (utilitarian)
Option B: Protect critical systems (strategic)
Option C: Protect evidence (future-focused)
Consequence: Shows player's values, affects casualties

Branching Narrative Logic:

Track player choices throughout all Act 2 phases to affect:

NPC dialogue and trust levels (changes in real-time)
Available information sources (helpful NPCs share more)
Difficulty of later challenges (security alerted or cooperative)
Which ending is reached
Debrief tone and content
Amount of LORE discovered

Example: If player chose to warn innocent employee (Phase 2), that NPC later provides crucial intelligence about attack timeline (Phase 3). If player let them take the fall, that path is closed but security is less alert during response phase.

Act 2 Structure Summary:

Act 2 should feel like a journey with multiple stages:

Investigation (gather clues)
Revelation (discover ENTROPY)
Understanding (learn their plans) [optional]
Response (work to stop them) [optional]
Escalation (complications arise)
Setup for confrontation

Not all scenarios need all phases. Simple scenarios might just have Investigation → Revelation. Complex scenarios might have all phases with multiple challenges in each.

The key is flexibility: Act 2 adapts to the scenario's needs while maintaining narrative momentum and player engagement.

Act 2 Objectives (Flexible based on phases included):

Core Objectives:

☐ Access secured areas (requires backtracking)
☐ Identify ENTROPY involvement
☐ Gather evidence of operations
☐ Make 3-5 major narrative choices

Investigation Phase:

☐ Access security systems
☐ Identify data exfiltration method / attack vector
☐ Decrypt ENTROPY communications

Discovery Phase:

☐ Discover ENTROPY agent identity
☐ Learn scope of evil plans
☐ Determine attack timeline

Response Phase (if included):

☐ Disable attack infrastructure
☐ Secure critical systems
☐ Prevent imminent threat
☐ Gather evidence while responding

Universal:

☐ Discover 3-5 LORE fragments
☐ Prepare for final confrontation

Bonus Objectives:

★ Find all LORE fragments
★ Access both secured locations for complete picture
★ Identify the insider before confrontation
★ Complete response without collateral damage
★ Maintain cover throughout investigation (don't alert suspect)
★ Discover secondary evil plans
★ Identify additional ENTROPY contacts

Act 2 Ends When:

Player has identified ENTROPY agent(s)
Evil plans are discovered (and potentially disrupted if that's part of Act 2)
Evidence is sufficient for confrontation
Player has made key narrative choices
Final revelation has occurred
Player is ready for climactic action in Act 3

Note: In some scenarios, Act 2 might include stopping the evil plan entirely, leaving Act 3 focused on confronting the agent and securing evidence. In others, Act 2 is pure investigation/discovery, with stopping the plan as part of Act 3. Both approaches are valid—design based on pacing needs.

Act 3: Confrontation & Resolution (10-15 minutes)

Purpose: Climactic confrontation with villain, final puzzle challenges, player's last major choice about how to handle the situation, and mission resolution.

Mandatory Elements:

Confrontation with ENTROPY agent (with player choice)
Final evidence secured
Mission objectives completed
Optional incoming phone messages
HQ debrief reflecting all player choices

Narrative Elements to Consider:

Optional: Incoming Phone Messages

Before or during final confrontation:

Handler Support:

"Agent, backup is en route. ETA 20 minutes."
"We've identified the target. Proceed with caution."
"Intel just came through—this is bigger than we thought."

Time Pressure:

"Agent, ENTROPY is initiating the attack NOW."
"Data deletion in progress. Stop it or it's lost forever."
"Target is attempting to escape. Intercept immediately."

Complication:

"Agent, the company CEO just called. They want to handle this internally."
"Local authorities inbound. You need to wrap this up before they arrive."
"We have a problem: Another cell is involved."

Personal Stakes:

"Agent 0x42 tried this mission last year. They barely made it out."
"This is the same cell that hit us last month."
Recurring villain message: "Hello again, Agent 0x00..."

Timing: These can interrupt player or play at key moment for dramatic effect

The Confrontation:

When player faces ENTROPY agent, present clear choice:

Option A: Practical Exploitation

"I know what you are. Unlock your evidence vault for me, or I call this in right now."

Fastest option
Uses villain as tool
Morally grey—coercion of a criminal
Villain cooperates under duress
Risk: Villain might have dead man's switch

Option B: By the Book Arrest

"It's over. You're under arrest for espionage. You have the right to remain silent."

Most ethical approach
Follows all protocols
Must find evidence independently
Takes longer but satisfying
Earns respect from handler

Option C: Aggressive Confrontation

"ENTROPY. You're done." [Combat]

Immediate action
No negotiation
Triggers combat encounter
Fast but loses interrogation opportunity
Shows decisive nature

Option D: Recruitment/Flip

"ENTROPY is burning their assets. You're exposed. Work with us—become a double agent—and we'll protect you."

Requires evidence of villain's precarious position
High-risk, high-reward
Ongoing intelligence if successful
Requires trust/leverage
Can fail → leads to combat or escape

Option E: Extract Information First

"Before we finish this, I need names. Who else is working for ENTROPY?"

Interrogation before resolution
Reveals additional cells/agents
Shows patient investigation
Takes most time
Maximum intelligence gain

Option F: Let Them Explain

"Why? Why do this?"

Philosophical/personal discussion
Understand motivation
May reveal sympathetic circumstances
Humanizes villain
Player might feel conflicted about arrest

Each choice leads to different mechanical resolution but all can succeed.

Final Challenges:

Consider ending with:

Time-Pressure Puzzle:

Data deletion in progress
System lockout countdown
Evacuation timer
Requires quick thinking under pressure

Multi-Stage Security:

Final safe with advanced locks
Multiple authentication methods
Combines all learned skills
Final test of competency

Escape Sequence:

Building lockdown initiated
Security systems activated
Must navigate out with evidence
Action-oriented conclusion

Moral Dilemma Resolution:

Choice from Act 2 pays off here
NPC player helped/hurt returns
Consequence of earlier decision
Player sees impact of their choices

Evidence Preservation:

Villain has dead man's switch
Evidence will be destroyed
Must choose: Arrest OR preserve evidence
No perfect solution

Final Revelation:

Evidence reveals larger conspiracy
Villain is actually mid-level operative
Real threat still out there
Sets up future scenarios

Mission Completion:

All primary objectives must be completable regardless of choices:

✓ Evidence secured (method varies)
✓ ENTROPY agent dealt with (method varies)
✓ Threat neutralized (degree varies)
✓ Company protected (level varies)

Optional Objectives Based on Choices:

★ Recruited double agent
★ Identified additional cells
★ Protected all innocents
★ Completed without alerts
★ Found all LORE fragments

Act 3 Ends With Mission Complete.

Post-Mission: HQ Debrief (3-5 minutes, outside core timer)

Purpose: Reflect player's narrative choices, reveal consequences, acknowledge methods used, provide closure, and tease future threats.

Mandatory Elements:

Handler acknowledges mission success
Reflection on player's methods and choices
Impact on ENTROPY operations revealed
Updates to player specializations (CyBOK areas)
Connection to larger ENTROPY network
(Optional) Teaser for future scenarios

Debrief Structure:

Handler Opening:

"Welcome back, Agent 0x00. Let's debrief."

Mission Results: Acknowledge what was accomplished:

ENTROPY agent status (arrested/recruited/escaped)
Evidence secured (complete/partial)
Threat level (eliminated/reduced/ongoing)
Company status (secure/damaged/compromised)

Reflection on Methods:

This is where player choices are acknowledged WITHOUT heavy moral judgment:

If Pragmatic/Grey Choices:

"Your methods were... creative. Effective, but ethically complex. Results matter, though we'll be having a conversation about Section 19."

If By-the-Book:

"Textbook operation. Professional, clean, minimal collateral. Director Netherton will be pleased."

If Aggressive:

"Well, you certainly sent a message. The paperwork will be substantial, but the threat is neutralized."

If Recruited Asset:

"Risky play, flipping an ENTROPY operative in the field. Bold. You'll be handling this asset going forward—don't mess it up."

If Thorough Investigation:

"Patience and thoroughness. The additional intelligence you gathered will save months of investigation."

If Mixed/Messy:

"Mission accomplished, though there were complications. Lessons learned for next time."

Consequences Revealed:

Show impact of player's specific choices:

Company Fate:

Legitimate business: Recovering/grateful/traumatized/suing
Controlled corp: Shut down/seized/under investigation

NPC Outcomes:

Innocent employees: Protected/caught in crossfire/traumatized
Compromised NPCs: Arrested/protected/recruited/deceased
Helpful NPCs: Grateful/felt used/became long-term ally

ENTROPY Impact:

Cell: Disrupted/destroyed/warned/ongoing
Larger network: Intelligence gained/connections revealed/still mysterious

Intelligence Gained:

Handler reveals what was learned:

"The vulnerability marketplace you uncovered? It's part of ENTROPY's Zero Day Syndicate operation. We've seen communications suggesting '0day' was buying the stolen assessments."

Connection to Larger Threat:

"This wasn't an isolated operation. The [evidence type] suggests ENTROPY has similar operations at [number] other organizations. We'll be watching for their pattern."

Reference to Masterminds:

"The Architect's signature is all over this operation. This was coordinated at the highest levels."

Specialization Updates:

"Your [specific skills used] were solid. I'm updating your CyBOK specializations to reflect expertise in [relevant areas]."

Field Operations Handbook Callback (Optional):

"Per Section 14, Paragraph 8: When missions succeed and protocols are followed, agents receive commendation. Though I'm not sure all protocols were followed..." [knowing look]

Personal Touch from Handler:

Agent 0x99: "Between you and me, [personal observation]. Stay sharp."
Director Netherton: "Per Protocol [number], [bureaucratic praise]. Well done."

Teaser for Future (Optional):

"One more thing, Agent. [Foreshadowing of recurring villain / larger threat / connected operation]. We'll be seeing more of this pattern. Excellent work out there."

Closing:

"Get some rest, Agent. Something tells me we'll need you again soon."

Narrative Checklist for Scenario Authors

Before finalizing scenario, verify:

Act 1:

Briefing establishes stakes and authorization
Starting room has meaningful immediate interactions
3+ locked areas visible create investigation goals
Player's initial choices matter (branching logic)
Something suspicious is established

Act 2:

"Things aren't as they seemed" revelation included
Villain has voice/personality (monologue or evidence)
3-5 major player narrative choices presented
3-5 LORE fragments discoverable
Choices affect NPC relationships and available paths
Investigation builds to climactic confrontation

Act 3:

Confrontation presents 5-6 distinct options
All primary objectives completable in all paths
Optional objectives vary by choices made
Final challenges test learned skills
Mission completion feels earned

Debrief:

Acknowledges specific player choices
Shows consequences without harsh judgment
Reveals intelligence gained
Connects to larger ENTROPY network
Updates player specializations
Provides closure with optional teaser

Overall Narrative:

Story is logically connected across acts
Moral grey areas are interesting and appealing
SAFETYNET authorization provides player permission
Technical challenges integrate with narrative
Multiple endings reflect meaningful choices
Educational content works in all branches

The Golden Rule: Outline narrative completely before implementing technical details. Story and puzzles must support each other.

Scenario Structure Template (Technical Implementation)

Before designing the narrative, select the appropriate ENTROPY cell and antagonist(s) for your scenario.

Selection Criteria:

Match Educational Objectives to Cell Specialisation
- Teaching social engineering? → Digital Vanguard or Social Fabric
- Teaching SCADA/ICS security? → Critical Mass
- Teaching cryptography? → Zero Day Syndicate or Quantum Cabal
- Teaching AI security? → AI Singularity
- Teaching incident response? → Ransomware Incorporated
- Teaching insider threats? → Insider Threat Initiative
Match Scenario Type to Cell Operations
- Corporate infiltration → Digital Vanguard or Insider Threat Initiative
- Infrastructure defence → Critical Mass
- Research facility → Quantum Cabal or AI Singularity
- Dark web investigation → Zero Day Syndicate or Ghost Protocol
- Disinformation campaign → Social Fabric

Choose: Controlled Corporation vs. Infiltrated Organization

This is a critical design decision that significantly affects scenario tone and gameplay.

Controlled Corporation Scenarios:

When to Use:
- Player is infiltrating enemy territory
- Want clear "us vs. them" dynamic
- Scenario focused on stealth/evasion
- Teaching offensive security techniques
- Want to show full ENTROPY cell operations
Characteristics:
- Most/all employees are ENTROPY or coerced
- Entire facility may be hostile
- More potential for combat encounters
- Can discover extensive operations
- Victory = shutting down entire operation
Examples:
- Infiltrating Tesseract Research Institute
- Raiding Paradigm Shift Consultants
- Breaking into HashChain Exchange
NPC Dynamics:
- Few truly helpful NPCs
- Most NPCs suspicious or hostile
- Social engineering is high-risk
- Cover story must be very convincing

Infiltrated Organization Scenarios:

When to Use:
- Player is investigating from within
- Want social deduction elements
- Teaching defensive security/detection
- Scenario focused on investigation
- Want ethical complexity
Characteristics:
- Most employees are innocent
- Must identify who is ENTROPY
- Detective work and evidence gathering
- Protecting innocents while stopping threats
- Victory = removing agents, organization continues
Examples:
- Nexus Consulting with corrupted Head of Security
- University with compromised quantum researcher
- Power company with insider threat
NPC Dynamics:
- Many helpful, innocent NPCs
- 1-3 NPCs are secretly ENTROPY
- Social engineering encouraged
- Must build trust to identify suspects

Hybrid Scenarios (Advanced):

When to Use:
- Want to show ENTROPY network structure
- Multi-location operations
- Teaching about supply chain attacks
- More complex narratives
Structure:
- Start at infiltrated organization
- Evidence leads to controlled corporation
- Or: Start at controlled corp, discover infiltrated clients
Examples:
- TalentStack (controlled) placing agents at defense contractor (infiltrated)
- Consulting firm (controlled) steals data from clients (infiltrated)
- Legitimate company unknowingly using ENTROPY vendor

Decision Matrix:

Aspect	Controlled Corp	Infiltrated Org
Player Role	Infiltrator	Investigator
Difficulty	Higher (hostile)	Moderate (mixed)
NPC Trust	Low baseline	High baseline
Evidence	Everywhere	Concentrated
Combat	More likely	Less likely
Moral Complexity	Lower	Higher
Victory Scope	Shut down operation	Remove agents
Educational Focus	Offensive security	Defensive security

Villain Tier Selection
- Tier 1 (Masterminds): Background presence only, referenced in intel
- Tier 2 (Cell Leaders): Main antagonist, can escape to recur
- Tier 3 (Specialists): Supporting antagonist, can be defeated
Recurring vs. New Characters
- First scenario in a series: Introduce new cell leader
- Mid-series scenario: Feature recurring villain with character development
- Final scenario in arc: Resolve recurring villain storyline
- Standalone scenario: Use Tier 3 specialist or create one-off antagonist

Example Selections:

Scenario: "Grid Down" - Prevent power grid attack
Organization Type: Infiltrated (legitimate power company)
Cell: Critical Mass
Primary Villain: "Blackout" (Tier 2 Cell Leader) - embedded as contractor
Supporting: "SCADA Queen" (Tier 3 Specialist) - remote support
Background: The Architect (referenced in intercepted communications)
Educational Focus: ICS/SCADA security, incident response, insider threat detection
Player Role: Brought in as security consultant, must identify insider

Scenario: "Quantum Nightmare" - Stop eldritch summoning
Organization Type: Controlled (Tesseract Research Institute)
Cell: Quantum Cabal
Primary Villain: "The Singularity" (Tier 2 Cell Leader) - runs facility
Supporting: Cultist researchers (all ENTROPY)
Background: Mx. Entropy (referenced in research notes)
Educational Focus: Quantum cryptography, advanced encryption, atmospheric horror
Player Role: Infiltrating hostile facility, stealth-focused

Scenario: "Corporate Secrets" - Investigate data exfiltration
Organization Type: Infiltrated (legitimate consulting firm)
Cell: Digital Vanguard
Primary Villain: "Insider Trading" (Tier 3 Specialist) - mid-level manager
Supporting: Corrupted employees (2-3 NPCs compromised)
Background: The Liquidator (referenced as handler of insider)
Educational Focus: Social engineering, insider threat detection, data loss prevention
Player Role: Security auditor, must determine who is compromised

Pre-Mission: Briefing (Cutscene)

Location: SAFETYNET HQ
Characters: Handler (usually Agent 0x99 or Director Netherton)
Duration: 1-2 minutes

Elements:

Hook: What's the immediate threat or situation?
Cover: What role is the player assuming?
Objectives: What are the primary goals?
Intel: What do we know about ENTROPY's involvement?
Equipment: What tools are available for this mission?

Example Briefing:

Agent 0x99: "Welcome back, Agent 0x00. We've got a situation at Synapse Technologies, a biotech firm in the city. Their lead researcher contacted us about suspicious activity—missing files, strange network traffic. Officially, you're there as a security consultant they've hired for a penetration test."

Agent 0x99: "Your objectives: Document security vulnerabilities, identify the source of the data exfiltration, and determine if ENTROPY is involved. We're providing you with your standard field kit plus a CyberChef workstation for any encrypted data you encounter."

Director Netherton: "Remember, Agent—per Section 7, Paragraph 23, you're authorised to identify yourself as a security consultant, which is technically true since you are consulting on their security. Good luck."

Act 1: Arrival & Reconnaissance (15-20 minutes)

Objectives:

Establish presence and cover
Explore immediate environment
Gather initial intelligence
Encounter first simple puzzles
Meet helpful NPCs

Design Elements:

Reception/entry area with access controls
Initial conversations that establish scenario context
Tutorial-difficulty puzzles (basic encoding, simple lock)
Environmental storytelling (suspicious documents, warning signs)
Introduction of investigation tools

Example Objectives:

☐ Check in at reception
☐ Locate server room
☐ Access company workstation
☐ Interview IT staff
★ BONUS: Discover hidden security camera system

Act 2: Investigation & Escalation (20-30 minutes)

Objectives:

Solve multi-layered puzzles
Gather evidence of ENTROPY involvement
Uncover intermediate secrets
Navigate security systems
Build trust or manipulate NPCs

Design Elements:

Complex puzzle chains (locked room → biometric lock → encrypted files)
Social engineering opportunities
VM-based challenges (Linux/Windows systems with realistic vulnerabilities)
Physical-cyber convergence puzzles
LORE fragment discoveries
Suspicious NPCs that may be double agents

Example Objectives:

☐ Access executive office
☐ Examine server logs for intrusion evidence
☐ Decode intercepted communications
☐ Bypass multi-factor authentication
☐ Discover ENTROPY data exfiltration method
★ BONUS: Identify the double agent
★ BONUS: Recover deleted files

Act 3: Confrontation & Resolution (10-15 minutes)

Objectives:

Complete primary mission objectives
Confront or expose ENTROPY agents
Prevent imminent threat
Secure critical evidence
Resolve narrative threads

Design Elements:

High-difficulty challenges combining previous lessons
Double agent reveal/confrontation (optional combat/arrest)
Time-sensitive objectives (stop data deletion, prevent system access)
Final encrypted/secured evidence cache
Climactic puzzle that ties scenario together

Example Objectives:

☐ Stop the data exfiltration in progress
☐ Secure evidence of ENTROPY's involvement
☐ Identify the insider threat
☐ Confront suspicious employee
★ BONUS: Discover ENTROPY cell's next target
★ BONUS: Collect all 5 ENTROPY intelligence fragments

Post-Mission: Debrief (Cutscene)

Location: SAFETYNET HQ
Characters: Handler reviewing mission
Duration: 30-60 seconds

Elements:

Success Acknowledgment: Confirm objectives completed
Intelligence Gained: What did we learn about ENTROPY?
Character Development: Recognition of growth/specialisation
Tease: Hint at larger patterns or future threats
Reward: Hacker Cred increase, unlock information

Example Debrief: Ending A: By the Book (Arrest + Minimal Collateral)

Agent 0x99: "Excellent work, Agent 0x00. Clean arrest, no casualties, minimal disruption to the business. The 'Shadow Broker' is in custody and already cooperating under interrogation. We've secured their client list—dozens of organisations compromised."

Director Netherton: "Textbook operation. Per Section 14, Paragraph 8: 'When all protocols are followed and the mission succeeds, the agent shall receive commendation.' Well done."

Agent 0x99: "The ENTROPY connection is confirmed. They're not just attacking directly—they're buying vulnerability intelligence from mercenaries. The Architect's hand is all over this operation. Your cryptography work was solid, and your professional conduct exemplary. I'm updating your specialisation in Applied Cryptography and Social Engineering."

Ending B: Pragmatic Victory (Exploitation + Fast Completion)

Agent 0x99: "Mission accomplished, Agent. You got results... though your methods were, shall we say, 'creative.' Using the broker to unlock their own evidence vault? Efficient. Ethical? That's murkier."

Director Netherton: "Per Protocol 404: 'If a security system cannot be found'—well, you certainly found it. And exploited human nature in the process. Results matter, but remember, we're the good guys. Try to act like it."

Agent 0x99: "The intelligence we recovered confirms ENTROPY's systematic vulnerability purchasing program. Your technical work was excellent. Your interpersonal approach... let's call it 'pragmatic.' The mission succeeded, that's what counts. But we'll be watching how you handle future confrontations."

Ending C: Aggressive Resolution (Combat + Decisive Action)

Agent 0x99: "Well, Agent, you certainly sent a message. ENTROPY knows we mean business. The broker is neutralised, evidence secured, threat eliminated. Mission accomplished."

Director Netherton: "Regarding the combat incident—per Section 29: 'Use of force is authorised when the agent deems it necessary.' You deemed it necessary. The paperwork, however, is... substantial. Please file your incident report by 0900 tomorrow."

Agent 0x99: "The ENTROPY connection is confirmed, though we lost the opportunity for interrogation. Still, sometimes decisive action is what's needed. Your technical skills got you to the truth, and your combat skills finished the job. I'm noting both in your file."

Ending D: Intelligence Victory (Double Agent Recruited)

Agent 0x99: "That was... unorthodox, Agent 0x00. Flipping an ENTROPY operative in the field? Bold. Risky. But I can't argue with the intelligence we're getting."

Director Netherton: "Per Section 19, Paragraph 7: 'Asset recruitment in the field is permitted when the opportunity arises and the risk is deemed acceptable by the agent, who will be held personally responsible if it goes wrong.' Welcome to asset management, Agent. I hope your judgment proves sound."

Agent 0x99: "Your new asset is providing valuable insight into ENTROPY's broader vulnerability market operations. The Architect's network is more extensive than we thought. This is ongoing—you'll be handling this double agent going forward. Your negotiation skills and strategic thinking impressed us both. I'm updating your file to reflect specialisation in Intelligence Operations as well as Applied Cryptography."

Ending E: Thorough Investigation (Interrogation + Maximum Intel)

Agent 0x99: "Exceptional work, Agent 0x00. You took the time to extract every piece of intelligence before securing the arrest. The additional ENTROPY contacts you identified will help us roll up this entire operation."

Director Netherton: "Patience and thoroughness. Two qualities that separate adequate agents from excellent ones. You demonstrated both. The additional time spent interrogating yielded intelligence that will save months of investigation."

Agent 0x99: "The network map you've uncovered shows ENTROPY has vulnerability brokers in at least seven other organisations. This isn't just one corrupt security professional—it's a systematic intelligence marketplace. Your cryptographic analysis and strategic questioning revealed the scope. We're launching follow-up operations based on your intel."

Ending F: Mixed Outcome (Alerted Staff + Complications)

Agent 0x99: "Mission accomplished, but... there were complications. Half the staff knows something happened, security is asking questions, and the business is in semi-controlled chaos."

Director Netherton: "Results: ENTROPY broker arrested, evidence secured, connection confirmed. Methods: Somewhat louder than ideal. Per Section 42: 'Discretion is encouraged but not always achievable.' Next time, perhaps with more subtlety?"

Agent 0x99: "The ENTROPY connection is solid, and we've disrupted their vulnerability market. Your technical work was sound—the cryptography, the log analysis, all excellent. The social engineering and operational security... room for improvement. Still, the mission succeeded. That's what matters."

Universal Debrief Element (appears in all endings):

Agent 0x99: "One more thing, Agent. The vulnerability marketplace you uncovered? It's part of ENTROPY's Zero Day Syndicate operation. We've seen communications suggesting someone code-named '0day' was buying the stolen assessments. The broker you caught was just one node in their network."

Agent 0x99: "This syndicate is systematically turning security professionals into unwitting arms dealers. The broker worked alone at Nexus, but intelligence suggests ENTROPY has similar operations at other firms. We'll be watching for their pattern. Stay sharp, Agent. And excellent work out there."

Objective System Design

Primary Objectives (Required for success)

Should take 80% of playtime to complete
Tied directly to scenario's main conflict
Teaches core cyber security concepts
Example count: 5-7 objectives

Good Primary Objectives:

☐ Access the compromised server
☐ Identify the data exfiltration method
☐ Secure evidence of ENTROPY involvement
☐ Prevent ongoing data theft

Poor Primary Objectives:

☐ Walk to the office (too simple)
☐ Hack everything (too vague)
☐ Learn about RSA encryption (too academic, no context)

Milestone Objectives (Track progress)

Mark major progress points
Give sense of advancement
Provide natural save/pause points
Example count: 3-4 milestones

Examples:

⊙ Gained access to facility
⊙ Discovered ENTROPY communications
⊙ Identified insider threat
⊙ Secured critical evidence

Bonus Objectives (★ Optional, for completionists)

Reward thorough exploration
Provide additional challenges
Unlock LORE fragments
Require advanced techniques or non-obvious solutions
Example count: 3-5 bonuses

Good Bonus Objectives:

★ Discover all 5 hidden intelligence files
★ Complete the scenario using only social engineering (no lockpicks)
★ Identify the double agent before the final confrontation
★ Access the executive's personal files
★ Decode the Architect's encrypted message

Poor Bonus Objectives:

★ Find 100 collectibles (boring busywork)
★ Complete scenario in under 10 minutes (discourages learning)

Objective Triggers

Objectives can be completed through various means:

Location-Based Triggers

Enter a specific room
Approach a critical object
Example: "Access the server room" completes when player enters room_server

Item-Based Triggers

Discover a specific item
Read important notes/intel
Example: "Find ENTROPY communications" completes when player reads encrypted email

NPC Interaction Triggers

Conversation reaches specific point
Trust level threshold reached
Example: "Interview IT staff" completes after successful social engineering conversation

System-Based Triggers

Successfully exploit a VM
Decrypt a message
Bypass a security system
Example: "Decode intercepted transmission" completes when correct decryption achieved

Revelation Triggers

Accuse correct double agent
Discover hidden truth
Example: "Identify insider threat" completes when player confronts NPC with evidence

Combat/Arrest System

When NPCs Transform to Combat

Double agents and ENTROPY operatives can be revealed through:

Discovering incriminating evidence
Successful accusation with proof
Catching them in restricted areas
Decoding communications that reveal identity

Player Choice Upon Revelation

When confronted, player can choose:

Arrest (Non-violent capture)
Battle (Combat engagement)

Design Philosophy

Combat is "cherry on top"—not the focus
Battles are in player's favour (achievable without high skill)
Death is possible but uncommon
Should feel satisfying, not frustrating
Never required—arrest option always available

Integration Guidelines

Max 1-2 combat encounters per scenario
Only after significant investigation/puzzle solving
Should feel earned, not random
Optional bonus objectives can involve avoiding combat entirely

Technical Design Guidelines

Tool Placement & Progression

Standard Tools (Always available in field kit)

Players start each mission with:

Nothing (inventory empty)

Tools Acquired During Mission

Early Game Tools (Act 1):

Keys: Specific solutions to specific locks
Access Cards: For electronic locks
Passwords: Written on notes, post-its, documents

Mid Game Tools (Act 2):

Fingerprint Dusting Kit: Enables biometric spoofing
Bluetooth Scanner: Detects wireless devices
Basic Encryption Tools: CyberChef access

Late Game Tools (Act 2-3):

Lockpicks: Universal key solution (shortcut enabler)
PIN Cracker: Universal PIN solution (shortcut enabler)

Critical Design Consideration: Shortcut Tools

Lockpicks and PIN Crackers are powerful shortcuts that bypass puzzle chains.

Placement Strategy:

CORRECT Placement:

Place AFTER player has solved several lock/PIN puzzles traditionally
Reward for progression, not given freely
Should be in locked containers that require other puzzle-solving to access
Example: Lockpicks are in a safe that requires PIN code to open

INCORRECT Placement:

Available immediately
Found before player encounters many locks
Makes earlier puzzles obsolete

Usage Limitations:

Lockpicks:

Makes ALL key-based locks pickable
Should require mini-game skill (not instant)
Consider: Place late so only 2-3 remaining locked doors can be picked

PIN Cracker:

Mastermind-style game to determine any PIN
Should be challenging enough that finding PIN organically is often faster
Should require max 2 uses per scenario
Consider: Make some containers have long PINs (5-6 digits) that are tedious to crack

Design Philosophy:

These tools should make players feel clever, not make the scenario trivial. They're a reward for reaching certain progress points, allowing some backtracking shortcuts or alternative solutions.

Security Mechanism Design

Key-Based Locks

Purpose: Traditional physical security, item progression
Bypass Methods:

Find specific key
Lockpicks (if acquired)

Design Considerations:

Key should be hidden as reward for puzzle solving
Key's location should make narrative sense
Multiple keys can create parallel progression paths
Some locks can have no matching key (lockpick required)

Example Implementation:

{
  "type": "suitcase",
  "locked": true,
  "lockType": "key",
  "requires": "executive_suitcase_key",
  "difficulty": "medium"
}

PIN Code Systems

Purpose: Digital security, number puzzles
Bypass Methods:

Discover code through investigation
Social engineering NPCs
PIN Cracker (if acquired)

Design Considerations:

Code should be discoverable through context clues
Can be split across multiple sources
Memorable patterns work well (not random numbers)
4-digit standard, 5-6 digit for high security

Example Sources:

Written on sticky note
Last 4 digits of phone number
Date mentioned in email (MMDD)
Number visible in photograph
Mathematical calculation result

Example Implementation:

{
  "type": "safe",
  "locked": true,
  "lockType": "pin",
  "requires": "7391"
}

Password Systems

Purpose: Computer/account access, text-based authentication
Bypass Methods:

Find written password
Social engineering
Password hints/patterns
Exploit vulnerabilities on VM

Design Considerations:

Passwords should follow realistic patterns
Can be found on sticky notes (bad security practice)
Can be derived from personal information
Can be cracked via VM exploitation

Example Sources:

Post-it note under keyboard
Encoded in seemingly innocent note
Pattern from personal info (pet name + birth year)
Default credentials never changed
Written in "secure" location (drawer, wallet)

Example Implementation:

{
  "type": "pc",
  "locked": true,
  "lockType": "password",
  "requires": "P@ssw0rd123"
}

Biometric Systems

Purpose: Advanced security, forensic gameplay
Bypass Methods:

Dust for fingerprints (requires kit)
Spoof collected fingerprint
Social engineering to gain access

Design Considerations:

Requires Fingerprint Dusting Kit to interact
Fingerprints found on items the person touched
Dusting mini-game provides engaging interaction
Can identify NPCs through fingerprint matching

Example Implementation:

{
  "type": "laptop",
  "locked": true,
  "lockType": "biometric",
  "hasFingerprint": true,
  "fingerprintOwner": "ceo_anderson",
  "fingerprintDifficulty": "medium"
}

Bluetooth Proximity

Purpose: Wireless security, device pairing
Bypass Methods:

Scan for devices (requires Bluetooth scanner)
Locate paired device
Use device to unlock system

Design Considerations:

Requires Bluetooth Scanner to detect
Paired devices must be found in environment
Signal strength indicates proximity
MAC address provides identification

Example Implementation:

{
  "type": "secure_door",
  "locked": true,
  "lockType": "bluetooth",
  "requires": "00:11:22:33:44:55"
}

Virtual Machine (VM) Challenges

Purpose

VMs provide authentic technical cyber security challenges within the game narrative.

VM Types

Linux Systems:

Privilege escalation challenges
Misconfigured permissions
Vulnerable services
Log analysis
Command-line based investigations

Windows Systems:

Active Directory misconfigurations
Registry investigations
Event log analysis
Vulnerable applications
PowerShell-based challenges

Integration Guidelines

Narrative Context: VMs should be presented as:

Employee workstations
Compromised servers being investigated
Development systems under audit
Backup systems being examined

Challenge Types:

Information Gathering: Find passwords, IP addresses, or intelligence in files
Vulnerability Exploitation: Exploit known vulnerabilities to gain access
Log Analysis: Identify intrusion evidence in system logs
Privilege Escalation: Gain admin/root access
Forensics: Recover deleted files, analyze artifacts

Difficulty Scaling:

Beginner: Password found in plain text file, simple command execution
Intermediate: Encoded data, basic exploitation, log analysis
Advanced: Multi-stage attacks, privilege escalation, complex forensics

Design Considerations:

Provide in-game terminal access
Results should give useful information for physical puzzles
Don't require extensive time commitment (max 10-15 minutes per VM)
Provide hints through game context (NPC mentions service version, etc.)

Cryptography & Encoding Design

Tool: CyberChef Integration

Purpose: Authentic cryptographic challenges using real tools
Access: Via in-game laptop/workstation objects
Interface: Styled as terminal environment, iframe to CyberChef

Challenge Categories

Encoding (Beginner):

Base64
Hexadecimal
Octal
Morse code
URL encoding

Classical Ciphers (Beginner-Intermediate):

Caesar cipher
Vigenère cipher
Substitution ciphers
ROT13

Hashing (Intermediate):

MD5 verification
SHA-256 validation
Hash cracking (with hints)
HMAC authentication

Symmetric Encryption (Intermediate-Advanced):

AES-128/256
Different modes (ECB, CBC, GCM)
Key and IV discovery
Padding oracle scenarios

Asymmetric Encryption (Advanced):

RSA operations
Key pair usage
Digital signatures
Diffie-Hellman exchange

Steganography (Advanced):

Hidden data in images
LSB steganography
Embedded encrypted payloads

Design Principles

Progressive Complexity:

Start with simple encoding
Build to encryption with discovered keys
End with multi-stage cryptographic puzzles

Contextual Clues:

Keys derived from narrative (dates, names, phrases)
IVs found in related documents
Algorithm choice hinted in messages

Realistic Application:

Encrypted communications between ENTROPY agents
Secured documents containing evidence
Encoded coordinates or access codes
Signed messages requiring verification

Educational Integration: Each cryptographic puzzle should:

Have clear context (why is this encrypted?)
Provide discoverable parameters (keys, IVs, algorithms)
Teach a cyber security concept
Result in meaningful information (not arbitrary solutions)

Example Puzzle Chain

Discovery: Player finds encrypted email attachment
Context: Email mentions "using the project codename as key"
Investigation: Player discovers project codename in earlier document: "QUANTUM_SHADOW"
Execution: Player uses CyberChef with AES-256-CBC, key derived from codename
Result: Decrypted message reveals ENTROPY meeting location
Learning: AES encryption, key management, contextual key discovery

NPC System Design

NPC Categories

Helpful NPCs:

Provide information when trust is established
Give items or access credentials
Offer hints to puzzles
Can be recurring across scenarios (Agent 0x99)

Neutral NPCs (Office Workers):

Must be social engineered for information
Trust level affects cooperation
May become helpful or suspicious based on interactions
Can be targets for security audits

Suspicious NPCs:

Initially appear neutral
Player must gather evidence of ENTROPY involvement
Can be confronted when sufficient proof collected
Transform to combat encounter when revealed

Security Guards:

Question player's presence
Can be convinced of legitimacy (via cover story)
May provide access or information if trust established
Patrol certain areas

Trust System

Trust Levels: 0 (Suspicious) → 10 (Fully Trusting)

Trust Increases Through:

Successful social engineering dialogue
Showing "proper" credentials (cover identity)
Helping NPC with problems
Demonstrating expertise
Following security protocols (appearing legitimate)

Trust Decreases Through:

Failed social engineering
Being caught in restricted areas
Suspicious behaviour
Contradicting previous statements
Breaking cover story

NPC Dialogue Design

Branching Conversations:

Multiple dialogue options based on approach
Consequences for different choices
Information gating based on trust level
Recurring NPCs reference previous interactions

Ink Script Integration:

Use Ink narrative scripting language
Create complex, state-based dialogue trees
Track player choices across conversations
Implement trust level modifications

Dialogue Writing Guidelines:

Good Dialogue:

Feels natural and realistic
Provides clear gameplay information without being obvious
Reflects NPC personality and role
Offers meaningful choices

Poor Dialogue:

"I am an evil ENTROPY agent! Here is the password!" (too obvious)
Walls of text with no gameplay relevance
No meaningful player choice
Inconsistent character voice

Example Dialogue Structure:

RECEPTIONIST: "Can I help you?"

> [Show credentials] I'm here for the security audit.
> [Social engineer] Actually, I'm a bit lost. New contractor.
> [Aggressive] I need access to the server room. Now.

IF credentials:
  RECEPTIONIST: "Oh yes, the consultant. Please sign in."
  [Trust increases]
  
IF social engineer:
  RECEPTIONIST: "Oh, you must be with the IT team. They're on floor 3."
  [Gain information, neutral trust]
  
IF aggressive:
  RECEPTIONIST: "I'm calling security."
  [Trust decreases, complication]

NPC Functions

Information Providers:

"The CEO has been acting strange lately..."
"I saw someone in the server room last night..."
"The security code changed yesterday to something with 7s..."

Item Providers:

Give access cards after trust established
Lend tools ("Here, take this spare keycard")
Provide keys or credentials

Access Providers:

Unlock doors for player
Disable security systems temporarily
Provide remote access to systems

Objective Triggers:

Conversations can complete investigation objectives
Trust milestones can unlock bonus objectives
Accusations trigger confrontation objectives

Branching Dialogue & Narrative Choices

Philosophy of Choice

Break Escape scenarios should provide meaningful player choices that impact the narrative, even when the technical learning objectives remain constant. The game teaches cyber security skills through puzzles and challenges, but the story adapts based on how players choose to apply those skills and interact with NPCs.

Core Principles:

Choices have consequences - Decisions affect NPC relationships, available information, and scenario outcomes
Moral ambiguity - Many choices exist in grey areas without clear "right" answers
Multiple valid paths - Different approaches can all lead to mission success
Narrative flexibility - Story adapts while technical challenges remain educational
Meaningful impact - Player choices reflected in mission debriefs and future NPC interactions

Types of Meaningful Choices

1. Confrontation Choices

When discovering an ENTROPY agent or double agent, players should have multiple options:

Option A: Practical Exploitation

Use the compromised agent to gain access
Force them to unlock doors, provide credentials, disable security
Faster objective completion (shortcut)
Morally ambiguous - using someone, even if they're guilty
Risk: Agent might alert others or sabotage later

Example:

You've discovered evidence that Janet from HR is an ENTROPY infiltrator.

Dialogue Options:

[Practical] "Janet, I know what you are. Help me access the executive files and I'll give you a 30-minute head start before calling this in."

[By the Book] "Janet, you're under arrest for espionage. You have the right to remain silent."

[Aggressive] "ENTROPY agent. You're coming with me. Resist and this gets ugly."

[Strategic] "Janet, ENTROPY is going to burn you. Work with us—become a double agent—and we can protect you."

Option B: Arrest (By the Book)

Follow SAFETYNET protocols precisely
Arrest the agent immediately
Most ethical approach
May miss opportunities for intelligence gathering
Shows restraint and professionalism

Option C: Combat/Aggressive Confrontation

Immediate physical confrontation
Triggers combat encounter
Shows decisive action but may be excessive force
Eliminates threat but closes intelligence opportunities
May attract attention from other NPCs

Option D: Recruitment/Double Agent

Attempt to flip the agent
Requires high trust or strong evidence leverage
Can provide valuable intelligence on ENTROPY operations
Opens additional dialogue and bonus objectives
Risk: Double-double agent (they're playing you)
Success dependent on dialogue choices and player persuasiveness

Option E: Extract Information

Interrogate before deciding their fate
Learn about other agents, ENTROPY plans, upcoming operations
Can combine with other options afterward
Shows strategic thinking
Time-consuming but information-rich

Consequences of Each Choice: Each option should have distinct narrative consequences reflected in:

Mission debrief commentary
Intel gathered (or missed)
Time taken (shortcuts vs. thoroughness)
Moral judgment from handlers
Future scenario references (if recurring NPCs)

2. Ethical Hacking Choices

Players must navigate the grey areas of "authorised" security testing:

Scenario: You've found a massive security vulnerability that's not related to your mission objectives.

Option A: Report It Properly

Document vulnerability
Report to appropriate personnel
Most ethical approach
Takes time away from main mission
Earns trust with legitimate staff

Option B: Exploit for Mission Advantage

Use vulnerability to advance SAFETYNET objectives
Faster mission completion
Questionable ethics (ends justify means?)
Potential collateral damage

Option C: Ignore It

Stay focused on mission objectives
Fastest approach
Leaves organisation vulnerable
Could come back to haunt them (or you)

Option D: Exploit and Report

Use it, then document it
Pragmatic approach
Time-consuming but thorough
Shows both effectiveness and responsibility

3. Information Handling Choices

Scenario: You discover personal information about an innocent employee that could help your mission (e.g., embarrassing photos, affair, addiction).

Option A: Use as Leverage

Blackmail or manipulate the employee
Effective but morally questionable
Could traumatise innocent person
Shows ruthless pragmatism

Option B: Find Another Way

Respect their privacy
Seek alternative solution
More ethical but potentially slower
Shows principle over expediency

Option C: Offer Protection

Warn them their information is vulnerable
Gain their trust and willing cooperation
Time investment but builds alliance
Most ethical approach

4. Collateral Damage Choices

Scenario: Stopping ENTROPY operation will cause disruption to legitimate business operations.

Option A: Minimise Disruption

Careful, surgical approach
Slower but less collateral damage
Protects innocent employees
May allow some ENTROPY objectives to complete

Option B: Maximum Effectiveness

Shut everything down immediately
Stops ENTROPY completely
Causes business disruption, possible job losses
Shows mission priority over collateral concerns

Option C: Coordinate with Leadership

Bring legitimate management into loop
Shared decision-making
Politically savvy
Risk: Potential insider might be alerted

5. Loyalty Test Choices

Scenario: SAFETYNET orders conflict with what you believe is right, or seem to benefit ENTROPY.

Option A: Follow Orders

Trust the organisation
By the book compliance
Shows loyalty
Might be the wrong call

Option B: Investigate First

Verify orders before acting
Shows critical thinking
Could reveal compromised handler
Risk: Disobeying direct orders

Option C: Improvise

Interpret orders... creatively
Find middle ground
Shows independent judgment
Could backfire if wrong

Implementing Branching Narrative

Dialogue State Tracking

Ink scripts should track:

Player's moral alignment (pragmatic/ethical/aggressive/strategic)
Trust levels with each NPC
Choices made earlier in scenario
Evidence discovered
Objectives completed
Time pressure (if applicable)

Consequential Branching

Immediate Consequences:

NPC reactions (hostility, cooperation, fear, respect)
Access granted or denied
Information revealed or withheld
Combat triggered or avoided
Shortcuts opened or closed

Scenario-Level Consequences:

Available endings
Mission debrief commentary
Intelligence gathered
Bonus objectives completion
Character relationships

Meta-Level Consequences (Future Scenarios):

Reputation with SAFETYNET leadership
Recurring NPC reactions
Unlock special dialogue options
Referenced in future briefings
Affects available cover stories

Variable Endings

Each scenario should support multiple ending variants reflected in the debrief:

Example Ending Variations for Infiltration Mission:

Ending A: By the Book Victory

All ENTROPY agents arrested
Evidence secured according to protocol
Minimal collateral damage
Debrief: "Textbook operation, Agent. Director Netherton will be pleased."

Ending B: Pragmatic Victory

ENTROPY operation stopped using questionable methods
Some ethical compromises made
Mission accomplished efficiently
Debrief: "Results matter, Agent. Though your methods... let's call them 'creative interpretations' of protocol."

Ending C: Aggressive Victory

Combat-heavy resolution
Decisive action, maximum force
Collateral damage but threat eliminated
Debrief: "Well, you certainly sent a message. ENTROPY knows we mean business. However, the paperwork..."

Ending D: Intelligence Victory

Recruited double agent
Ongoing intelligence operation
Long-term strategic gain
Debrief: "Excellent work, Agent. The intelligence we're gathering from your new asset is invaluable. This operation continues."

Ending E: Partial Success

Primary objectives complete
Significant compromises or failures
Mixed outcome
Debrief: "Mission accomplished, though not without complications. Lessons learned for next time."

Ending F: Success with Questions

Victory achieved but unsettling discoveries
Moral ambiguity about methods used
Perfect segue to future scenarios
Debrief: "Good work, but I have concerns about some of your choices. We'll discuss this further."

Debrief Variation Examples

The mission debrief should explicitly acknowledge player choices:

Example 1: Recruited Double Agent

Agent 0x99: "Agent 0x00, that was... unorthodox. Flipping an ENTROPY operative in the field? Bold. Risky. But I can't argue with the intelligence we're getting. Director Netherton has authorised ongoing handler duties for you with this asset."

Director Netherton: "Per Section 19, Paragraph 7 of the Field Operations Handbook: 'Asset recruitment in the field is permitted when the opportunity arises and the risk is deemed acceptable by the agent, who will be held personally responsible if it goes wrong.' Welcome to asset management, Agent."

Example 2: Arrested vs. Battled

Agent 0x99: "Clean arrest, no casualties. Very professional. The ENTROPY operative is in custody and already providing information under interrogation. Well done."

vs.

Agent 0x99: "That was... intense. The combat was justified, but perhaps we could have extracted more intelligence if you'd attempted arrest first. Still, the threat is neutralised and you're safe. That's what matters."

Example 3: Ethical Hacking Dilemma

Agent 0x99: "Interesting choice to document all those vulnerabilities beyond your mission scope. The company's security posture will improve significantly, though it did slow your primary objective completion. Sometimes the right thing isn't the fast thing."

vs.

Agent 0x99: "You stayed laser-focused on the mission. ENTROPY stopped, objective complete. Though... I notice you didn't report that SQL injection vulnerability you found in their public-facing system. That's going to bite someone eventually. Your call, but something to consider."

Example 4: Collateral Damage

Agent 0x99: "The ENTROPY operation is shut down, but the business is in chaos. Employees sent home, systems offline, leadership scrambling. Effective? Yes. Elegant? Not so much. Results matter, but so does surgical precision."

vs.

Agent 0x99: "Impressive work coordinating with the legitimate staff. The business kept operating while you quietly dismantled the ENTROPY cell. Slower, yes, but nobody innocent got hurt in the crossfire. That's the mark of a skilled agent."

Multiple Playthrough Design

Scenarios should be designed to encourage replaying with different choices:

Replayability Features:

Alternate paths to objectives (social engineering vs. technical vs. stealth)
Discoverable alternative solutions (hint: "What if I'd talked to Janet first?")
Choice-locked content (certain LORE fragments only available via specific paths)
Achievement system for different ending types
New Game+ style where veteran players get additional dialogue options

Design Consideration: Technical learning objectives should be achievable regardless of narrative choices. A player who arrests everyone shouldn't miss essential cryptography education, but they might miss certain story revelations or relationship developments.

Dialogue Design Guidelines

Writing Meaningful Choices

Good Choice Design:

You've cornered the ENTROPY operative. They're reaching for something.

> [Tactical] Draw weapon. "Hands where I can see them. Slowly."
> [Diplomatic] "Don't do anything stupid. We can work this out."
> [Analytical] "That's a dead man's switch, isn't it? Remote wipe of evidence?"
> [Aggressive] *Tackle them before they can act*

Poor Choice Design:

What do you want to do?

> Good thing
> Bad thing
> Neutral thing

Guidelines:

No obvious "right" answers - Each choice has valid reasoning
Distinct character voices - Options reflect different approaches/philosophies
Clear immediate consequences - Player understands risks
Character consistency - Options match possible player personalities
Skill-based options - Some choices available based on discovered evidence

Evidence-Gated Dialogue

Some dialogue options should only appear when player has discovered relevant evidence:

Standard Confrontation:

Janet: "I don't know what you're talking about."

> [Accuse] "You're lying. You're ENTROPY."
> [Leave] "My mistake. Sorry to bother you."

With Evidence:

Janet: "I don't know what you're talking about."

> [Present Evidence] "Really? Because I have your encrypted communications with The Architect."
> [Bluff] "We know everything. Save yourself the trouble."
> [Strategic] "I know you're compromised. The question is whether you're a willing participant or being blackmailed."
> [Leave] "My mistake. Sorry to bother you." [Hidden option to investigate further]

Trust-Gated Dialogue

Dialogue options expand as NPCs trust the player:

Low Trust (0-3):

IT Manager: "I don't know you. I can't help with that."

> [Explain] Show consultant credentials
> [Leave] "Understood. I'll come back later."

Medium Trust (4-6):

IT Manager: "Okay, I suppose that's within your audit scope..."

> [Request] "Can you show me the server logs?"
> [Social] "Anyone been acting suspicious lately?"

High Trust (7-10):

IT Manager: "Between you and me... I think something's wrong."

> [Probe] "What makes you say that?"
> [Recruit] "How would you feel about helping me investigate?"
> [Confide] "I'm not just an auditor. I'm investigating ENTROPY."

Time-Pressure Dialogue

Some situations require quick decisions:

[URGENT - 30 SECONDS TO RESPOND]

The double agent is initiating a remote wipe of evidence!

> [Quick: Physical] Yank the network cable! 
> [Quick: Technical] Kill the process!
> [Quick: Social] "Stop! We can make a deal!"
> [Accept] Let them wipe it. You've got what you need.

[Timer: 27... 26... 25...]

Consequence Previews

When appropriate, hint at consequences:

This could compromise your entire cover story.

> [Risk It] Tell the truth about being SAFETYNET
> [Maintain Cover] Stick with the consultant story

Moral Ambiguity Examples

The Blackmail Dilemma

Situation: You discover evidence that a secretary is embezzling money. She's not involved with ENTROPY, but she has the CEO's schedule and access codes.

Choices:

Blackmail: Use evidence to force cooperation (fast, effective, wrong)
Report: Turn her in to authorities (ethical, loses valuable asset)
Negotiate: Offer immunity in exchange for help (middle ground)
Ignore: Focus on mission, leave her alone (principled, harder path)

Debrief Variations:

Blackmail: "Effective, but is that who we are? Think about it."
Report: "The right thing isn't always the useful thing. Principled, Agent."
Negotiate: "Creative problem-solving. Everyone wins. Well done."
Ignore: "You made this harder on yourself for ethical reasons. I respect that."

The Innocent Colleague

Situation: An ENTROPY agent has been using an innocent employee's credentials. The employee will be blamed unless you reveal the truth, but revealing it might alert ENTROPY.

Choices:

Protect Mission: Let innocent person be blamed temporarily
Clear Name: Reveal truth, risk alerting ENTROPY
Frame Better: Make evidence point to real culprit more obviously
Offer Protection: Bring innocent person into confidence

Debrief Variations:

Protect Mission: "Cold calculus. We cleared them afterward, but they lost their job first. Necessary?"
Clear Name: "You risked the operation for someone innocent. ENTROPY got away with more data, but... I'd have done the same."
Frame Better: "Clever. Justice and mission both served."
Offer Protection: "Risky bringing a civilian into this, but they helped secure key evidence. Good judgment."

The Necessary Breach

Situation: To stop ENTROPY's data exfiltration, you must shut down a hospital's backup connection, potentially endangering patient care systems.

Choices:

Shut It Down: Stop ENTROPY, risk patient safety
Coordinate: Warn hospital, but give ENTROPY time to adapt
Selective Block: Target specific traffic, more complex but safer
Let It Continue: ENTROPY gets data, but no patient risk

Debrief Variations:

Shut Down: "The data theft stopped, but three surgeries were delayed. You made a hard call. Lives vs. lives."
Coordinate: "ENTROPY escaped with some data, but no patients harmed. The safe play. Sometimes safe is right."
Selective Block: "Brilliant solution. Took longer, but you found the third option. That's what separates good agents from great ones."
Let Continue: "ENTROPY got away with patient records of thousands. Your compassion is admirable, but those patients are at risk too."

Integration with Learning Objectives

Critical Principle: Narrative choices enhance engagement without compromising education.

How to Balance:

Technical challenges remain constant - All paths require solving the same cryptography, exploitation, and security puzzles
Narrative context changes - Why you're solving the puzzle and what happens after varies
Bonus objectives can be choice-dependent - Certain LORE fragments or intelligence only available via specific paths
Learning is path-independent - Every playthrough teaches the target CyBOK areas

Example: AES Decryption Puzzle

Technical Challenge (Constant):

Player must decrypt CEO's encrypted files
Requires AES-256-CBC
Key is derived from discovered passphrase
Technical skill application is identical

Narrative Context (Variable):

Path A - Cooperative Secretary:

Secretary willingly provides key hint: "He always uses his mother's maiden name"
Files accessed with her blessing
Debrief: "Good rapport-building"

Path B - Blackmailed Secretary:

Forced secretary to reveal key hint
Same technical solution
Debrief: "Effective but concerning methods"

Path C - Technical Discovery:

Found key hint in personal documents
Independent solution
Debrief: "Thorough investigation work"

Path D - Recruited ENTROPY Agent:

Double agent provided key directly
Same decryption process
Debrief: "Asset management paying off"

All paths teach AES decryption, key derivation, and CBC mode. The moral implications and character relationships differ.

Implementation Notes

Ink Script Integration:

Dialogue uses Ink scripting language for branching narratives
Track variables: trust_levels, evidence_discovered, moral_alignment, choices_made
State management across multiple conversations
Conditional dialogue based on player history

JSON Scenario Specification:

NPCs defined with dialogue_script references
Dialogue trees linked to objectives and triggers
Multiple ending conditions specified
Debrief variations mapped to choice combinations

Design Documentation:

For each scenario, create dialogue flow charts
Map choice consequences
Define variable ending conditions
Plan debrief variations based on major choices

Testing Considerations:

Playtest all major branches
Ensure no softlocks from choices
Verify technical objectives achievable in all paths
Confirm ending variations trigger correctly
Check debrief accurately reflects player choices

Narrative Structures

Scenario Types

Type 1: Infiltration & Investigation

Core Loop: Gain access → Investigate → Gather evidence → Expose ENTROPY

Structure:

Begin outside or at reception
Progressive access through security layers
Evidence scattered throughout location
Climax: Confronting insider threat or preventing attack

Example Scenarios:

Corporate offices with suspected data exfiltration
Research facility with compromised projects
Financial institution with insider trading scheme

Key Elements:

Multi-room progression
Layered physical and digital security
NPC social engineering opportunities
Evidence collection objectives

Type 2: Deep State Investigation

Core Loop: Identify dysfunction → Investigate anomalies → Trace to infiltrators → Expose network

Structure:

Systems mysteriously failing or delayed
Bureaucratic nightmares blocking critical operations
Investigation reveals pattern, not accidents
Multiple infiltrators working in coordination
Climax: Exposing network without causing chaos

Example Scenarios:

Government agency with cascading failures
Permit office blocking critical infrastructure
Regulatory body weaponised against targets
Civil service network causing systematic delays

Key Elements:

Detective work and pattern recognition
Navigating bureaucratic systems
Behavioral analysis of "boring" employees
Document analysis and audit trails
Evidence buried in legitimate procedures
Multiple suspects, coordinated activity

Educational Focus:

Insider threat detection
Behavioral analysis
Audit trail investigation
Access control and least privilege
Background check importance
Institutional security

Design Notes:

Lower action, higher investigation
NPCs appear mundane (realistic)
Evidence is procedural and systematic
Moral complexity: Dysfunction vs. exposure
Unique challenge: Proving malice vs. incompetence

Type 3: Incident Response

Core Loop: Assess damage → Identify attack vector → Trace intrusion → Prevent further damage

Structure:

Called in after breach discovered
System already compromised
Must analyze logs and forensics
Time pressure to prevent ongoing attack

Example Scenarios:

Ransomware attack in progress
Active data exfiltration
Compromised critical infrastructure
Supply chain attack discovery

Key Elements:

VM-heavy challenges
Log analysis and forensics
Damaged/encrypted systems
Race against time mechanic

Type 4: Penetration Testing

Core Loop: Audit security → Document vulnerabilities → Exploit weaknesses → Report findings

Structure:

Authorised security assessment
Test multiple security layers
Optional: Discover ENTROPY presence unexpectedly
Create comprehensive security report

Example Scenarios:

Pre-acquisition security audit
Compliance testing
Red team exercise that discovers real threats
Security assessment that reveals insider threat

Key Elements:

Structured testing methodology
Multiple vulnerability types
Educational focus on proper pen testing
Surprise revelation of real threats

Type 5: Defensive Operations

Core Loop: Defend location → Identify attackers → Secure vulnerabilities → Trace attack source

Structure:

Begins with alert or attack in progress
Must protect critical assets
Identify attack vectors while defending
Track back to ENTROPY source

Example Scenarios:

SAFETYNET facility under attack
Protecting witness or asset
Defending critical infrastructure
Preventing data destruction

Key Elements:

Time-sensitive objectives
Multiple simultaneous threats
Resource management
Reactive rather than proactive gameplay

Type 6: Double Agent / Undercover

Core Loop: Maintain cover → Gain insider access → Collect intelligence → Avoid detection

Structure:

Deep cover operation
Must perform legitimate work
Secretly gather intelligence
Risk of cover being blown

Example Scenarios:

Infiltrating ENTROPY front company
Going undercover at compromised organisation
Posing as new hire to investigate
Recruitment by ENTROPY (double-double agent)

Key Elements:

Dual objectives (appear legitimate + secret goals)
Trust management with NPCs
Consequences for suspicious behaviour
Cover story maintenance

Type 7: Rescue / Extraction

Core Loop: Locate target → Plan extraction → Overcome security → Safely extract

Structure:

Asset or agent in danger
Must locate in hostile environment
Navigate security to reach target
Escape with target safely

Example Scenarios:

Extract compromised SAFETYNET agent
Rescue kidnapped researcher
Secure witness before ENTROPY reaches them
Recover stolen intelligence

Key Elements:

Two-phase structure (infiltrate then extract)
Escort mechanics
Heightened security after target located
Multiple exit strategies

Narrative Tones by Scenario

Serious Corporate Espionage

Grounded in realistic business threats
Real consequences (financial damage, IP theft)
Professional atmosphere
Minimal comedy, focus on investigation

Example: Data exfiltration at pharmaceutical company, stolen research worth millions

High-Stakes Infrastructure

Critical systems at risk
Potential for widespread damage
Tense atmosphere
Limited comedy, urgent tone

Example: Power grid cyber attack, water treatment facility compromise

Absurd Front Company

Obviously suspicious cover business
Dark comedy in ENTROPY's poor operational security
Still legitimate cyber security challenges
More room for humour

Example: "TotallyLegit Consulting Inc." with comically bad attempts at appearing normal

Eldritch Horror / Cult

Weird science meets cyber security
Occult themes with technical grounding
Atmospheric and unsettling
Unique blend of horror and hacking

Example: Quantum computing cult attempting to summon entities through cryptographic rituals

Narrative Devices

Environmental Storytelling

Tell stories through discoverable details:

Email conversations showing interpersonal conflicts, suspicious dealings
Sticky notes revealing passwords, reminders, personal details
Photographs showing relationships, locations, evidence
Calendars indicating meetings, travel, suspicious appointments
Whiteboards with diagrams, calculations, plans
Trash bins containing deleted but recoverable information
Security logs showing access patterns, intrusions
Personal effects revealing character details, motivations

Foreshadowing

Plant clues early that pay off later:

Suspicious NPCs acting nervous when player approaches
Incomplete messages that make sense after discovering more context
Locked areas that drive curiosity
Overheard conversations hinting at later revelations
Background details that become significant

Red Herrings

Not everything suspicious is relevant:

Use sparingly (80% real clues, 20% red herrings)
Should be plausible but not critical path
Can reward thorough investigation without being required
Example: Employee having affair (suspicious behaviour) but not ENTROPY agent

Escalating Tension

Build intensity through scenario:

Act 1: Curiosity and investigation ("Something seems off...")
Act 2: Discovery and concern ("This is worse than we thought...")
Act 3: Urgency and confrontation ("We need to stop this now!")

The Reveal

Major discoveries should feel earned:

Foreshadowed: Clues pointed to this
Surprising: But not obvious from beginning
Satisfying: Explains earlier mysteries
Actionable: Opens new paths or objectives

Good Reveals:

Discovering the helpful IT person is actually ENTROPY
Realising the "security audit" is cover for active attack
Finding evidence that links small operation to larger ENTROPY plan

Poor Reveals:

Random NPC turns out evil with no prior hints
Twist that contradicts established information
Revelation with no gameplay impact

LORE System

Purpose

LORE fragments provide:

Context for ENTROPY's operations
World-building and continuity
Rewards for thorough exploration
Connection between scenarios
Educational content about security concepts

LORE Categories

1. ENTROPY Operations

Intelligence about how ENTROPY functions:

Cell structures and communication methods
Recruitment and training procedures
Funding sources and money laundering
Technology and tools they use
Historical operations and founders

Example LORE Fragment:

ENTROPY INTEL FILE #73-A

"Intercepted communication reveals ENTROPY cells use dead drop servers—compromised machines at legitimate businesses that store encrypted messages. Each cell only knows the addresses of 2-3 other cells, preventing complete network mapping if one is compromised. Very clever. Annoying, but clever."

— Agent 0x99

2. The Architect's Plans

Insights into ENTROPY's strategic mastermind:

Philosophical writings on entropy and chaos
Technical specifications for attacks
Cryptographic signatures and patterns
Strategic objectives
Psychological profile

Example LORE Fragment:

RECOVERED MESSAGE: ARCHITECT_COMM_419

"Entropy is not destruction—it is inevitability. We don't break systems; we reveal their natural tendency toward disorder. Today's 'secure' infrastructure is tomorrow's monument to hubris. We merely... accelerate the timeline."

[Signature: AES-256 | Key: ∂S ≥ 0 | IV: Timestamp + Entropy Value]

3. Cyber Security Concepts

Educational content disguised as intelligence:

Explanations of attack techniques
Security vulnerabilities discovered
Defence mechanisms encountered
Historical attacks and lessons
Technical deep-dives

Example LORE Fragment:

TECHNICAL NOTE: AES BLOCK MODES

"Found evidence ENTROPY understands ECB mode's vulnerabilities—they're exploiting it in their encrypted communications to identify repeated plaintext blocks. This is exactly why CBC mode exists. Classic mistake, but it's working in their favour because the target doesn't know better."

CyBOK Area: Applied Cryptography - Symmetric Encryption

4. Historical Context

Background on SAFETYNET vs ENTROPY conflict:

Notable past operations
Famous confrontations
Legendary agents
Evolution of tactics
Significant victories and defeats

Example LORE Fragment:

HISTORICAL RECORD: OPERATION KEYSTONE

"In 2019, Agent 0x42 prevented ENTROPY's attempt to backdoor a widely-used encryption library. The attack would have compromised millions of devices. To this day, we don't know which legitimate code commit contained the backdoor. Agent 0x42's only comment: 'Trust, but verify. Especially the trust part.'"

5. Character Backgrounds

Details about recurring characters:

Agent origins and motivations
ENTROPY operative profiles
NPC connections to larger story
Personal stakes in the conflict
Character development

Example LORE Fragment:

AGENT PROFILE: 0x99 "HAXOLOTTLE"

"Real name classified. Recruited 2015 after independently discovering and reporting ENTROPY front company. Specialises in cryptographic analysis and social engineering. Known for elaborate metaphors involving axolotls. According to Director Netherton: 'Brilliant agent. Terrible at filing expense reports.'"

LORE Discovery Methods

Method 1: Objective-Based

LORE fragments as explicit objectives:

"Decode 5 ENTROPY intelligence fragments"
"Discover all hidden communications"
"Collect classified documents"

Implementation:

Fragments are scattered throughout scenario
Require puzzle-solving to access (encrypted, locked, hidden)
Objective tracks collection progress
Completion gives bonus reward

Method 2: Environmental Discovery

Found during exploration:

Hidden files on compromised systems
Encrypted messages that require decoding
Physical documents in secured locations
Overheard NPC conversations
Bonus objectives reward finding all

Implementation:

Not required for main objectives
Rewards thorough exploration
Some obvious, some very hidden
Can provide puzzle hints

Method 3: Achievement-Based

Unlocked through skilled play:

Complete scenario without being detected
Solve all bonus objectives
Identify double agent before confrontation
Speed-run achievements
No-tool challenges (don't use lockpicks/PIN cracker)

Implementation:

LORE reward for exceptional performance
Encourages mastery and replayability
Different challenges unlock different fragments
Creates collection incentive

LORE Presentation

In-Game Format

═══════════════════════════════════════════
    ENTROPY INTELLIGENCE FRAGMENT
           [CLASSIFIED]
═══════════════════════════════════════════

CATEGORY: Operations
FILE ID: ENT-419-A
SOURCE: Recovered Encrypted Drive

[Content of LORE fragment]

───────────────────────────────────────────
Decoded by: Agent 0x00 [PlayerHandle]
Date: [Timestamp]
Related CyBOK: Applied Cryptography
───────────────────────────────────────────

Collectible System

LORE fragments saved to "Intelligence Archive"
Accessible from main menu
Organised by category
Track completion percentage
Show related scenarios

Educational Integration

Each LORE fragment should:

Be interesting/entertaining to read
Provide world-building OR
Teach security concept OR
Connect to broader narrative
Reference relevant CyBOK knowledge area when applicable

Location & Environment Guide

Standard Room Types

Break Escape scenarios primarily use office environments with variations. Each room type serves specific gameplay functions.

Reception / Entry

Purpose: Scenario introduction, access control, NPC interactions

Standard Features:

Reception desk with NPC
Waiting area
Security checkpoint (may require bypass)
Company information (posters, brochures)
Access logs or visitor system

Security Elements:

Locked main doors (key card, PIN, or unlocked during business hours)
Security cameras (visible or hidden)
Guard on duty (sometimes)

Typical Puzzles:

Social engineering receptionist
Forging credentials
Distracting guard
Accessing visitor logs

Standard Office

Purpose: Investigation, document discovery, computer access

Standard Features:

Desk with computer
Filing cabinets
Personal effects (photos, calendars)
Whiteboards or cork boards
Office supplies

Security Elements:

Locked door (key, key card, PIN)
Password-protected computer
Locked drawers or cabinets
Security cameras

Typical Puzzles:

Finding passwords on sticky notes
Accessing locked drawers
Reading emails and documents
Fingerprint dusting on keyboards

Executive Office

Purpose: High-value targets, advanced security, important intelligence

Standard Features:

Expensive furnishings
Large desk with executive computer
Safe or secure cabinet
Meeting area
Window with view (sometimes)
Personal items revealing character

Security Elements:

Multiple locks (door + safe + computer)
Biometric scanner
Alarm system
Hidden compartments

Typical Puzzles:

Multi-stage access (get to office, open safe, access computer)
Complex password schemes
Fingerprint spoofing
Hidden evidence in plain sight

Server Room

Purpose: Technical challenges, VM access, critical systems

Standard Features:

Server racks
Network equipment
Cooling systems
Workstation for administration
Access logs
Cable management

Security Elements:

Restricted access (high-level credentials required)
Environmental controls
Surveillance
Alarm systems

Typical Puzzles:

Gaining authorised access
VM exploitation
Log analysis
Network traffic investigation
Physical access to hardware

IT Office / Workspace

Purpose: Technical tools, helpful NPCs, equipment storage

Standard Features:

Multiple workstations
Technical equipment and tools
Documentation and manuals
Testing equipment
Spare parts and supplies

Security Elements:

Moderate security (protects tools, not secrets)
Tool inventory systems

Typical Puzzles:

Social engineering IT staff
Borrowing or "requisitioning" tools
Accessing IT documentation
Finding admin credentials

Conference Room

Purpose: Meetings, presentations, group evidence

Standard Features:

Large table
Presentation screen
Whiteboards with diagrams/notes
Calendar showing meeting schedules
Leftover materials from meetings

Security Elements:

Usually minimal
May be locked outside meeting times

Typical Puzzles:

Reading whiteboard information
Discovering meeting notes
Finding presentation files
Calendar-based PIN codes

Storage / Archives

Purpose: Historical documents, backup systems, hidden evidence

Standard Features:

Filing systems
Boxes and containers
Old equipment
Backup drives
Abandoned projects

Security Elements:

Basic locks
Dust and disorganisation
Forgotten security measures

Typical Puzzles:

Searching through files
Recovering old backups
Finding hidden compartments
Piecing together shredded documents

Bathroom / Break Room

Purpose: Hidden evidence, eavesdropping, NPC encounters

Standard Features:

Typical amenities
Casual meeting space
Notice boards
Lost and found
Trash bins

Security Elements:

None typically

Typical Puzzles:

Overhearing conversations
Finding discarded evidence in trash
Reading personal notes
Accessing air vents or maintenance access

Basement / Maintenance Areas

Purpose: Atmosphere, alternate routes, hidden rooms

Standard Features:

Utility systems
Maintenance equipment
Storage
Access tunnels
Electrical/network infrastructure

Security Elements:

Locked maintenance doors
Physical hazards
Alarm systems

Typical Puzzles:

Finding alternate routes
Accessing restricted areas from below
Discovering hidden rooms
Network access points

Special: Spooky Dungeon Rooms

Purpose: Eldritch horror scenarios, cult operations, atmosphere

Standard Features:

Stone walls or industrial aesthetic
Occult symbols or decorations
Ritual spaces
Quantum computing equipment (in modern context)
Strange artifacts
Unsettling ambiance

Security Elements:

Unusual locks (symbolic, cryptographic puzzles)
Trapped entrances
Cultist guards

Typical Puzzles:

Decoding occult symbols
Ritual-based security (specific sequence of actions)
Reality-bending puzzles
Cryptographic cultism (encryption keys based on eldritch concepts)

Environmental Design Principles

Principle 1: Purposeful Placement

Every room and object should serve gameplay:

Advance narrative
Present puzzle
Provide clue
Offer choice
Create atmosphere

Principle 2: Visual Storytelling

Rooms tell stories through details:

Messy desk = overworked or careless
Personal photos = character motivation
Whiteboards = current projects and concerns
Empty offices = suspicious absence
Locked doors = something important

Principle 3: Interconnected Spaces

Rooms should connect logically:

Office layout makes sense
Related functions near each other
Server room near IT offices
Executive floor separated from general workspace
Emergency exits and maintenance access present

Principle 4: Progressive Disclosure

Use fog of war effectively:

Initial area establishes context
Each new room provides new information
Late-game areas have highest security
Final room(s) contain climactic confrontation

Principle 5: Multiple Paths

When possible, offer options:

Front door vs. maintenance entrance
Social engineering vs. stealth
Technical exploit vs. physical bypass
High security route vs. longer alternative path

Quick Reference Checklists

Scenario Content Requirements Checklist

This checklist defines the mandatory elements every Break Escape scenario must include. Use this as a requirements document when designing new scenarios.

Core Narrative Elements

Pre-Design Narrative Outline (MANDATORY):

Complete narrative outline created BEFORE technical implementation
- Narrative follows 3-act structure template
- Story is logically connected across all acts
- Technical challenges mapped to narrative beats
- Outline reviewed and approved before JSON creation

3-Act Structure:

Act 1: Setup & Entry
- Mission briefing establishes authorization and stakes
- Optional cold open considered (in media res, enemy action, etc.)
- Starting room setup includes immediate interactions
- Incoming phone messages or voicemails (if appropriate)
- Starting room NPC(s) present meaningful choices
- Initial player choices create branching logic
- 3+ locked areas/mysteries visible to create goals
- Something suspicious established
Act 2: Investigation & Revelation
- Multi-room investigation with backtracking required
- "Things aren't as they seemed" revelation/twist
- Villain monologue or revelation (recorded, face-to-face, or discovered)
- 3-5 major player narrative choices with real consequences
- Choices affect NPC relationships and available information
- 3-5 LORE fragments discoverable through investigation
- Evidence accumulation leading to confrontation
- Moral grey areas present interesting decisions
Act 3: Confrontation & Resolution
- Climactic confrontation with ENTROPY agent
- 5-6 distinct confrontation options (exploit, arrest, combat, recruit, interrogate, understand)
- Optional incoming phone messages for drama/pressure
- Final challenges test learned skills
- All primary objectives completable in all choice paths
- Mission completion feels earned
Post-Mission: HQ Debrief
- Acknowledges specific player choices explicitly
- Shows consequences without heavy moral judgment
- Reveals intelligence gained about ENTROPY
- Company/organization fate addressed
- NPC outcomes revealed based on player choices
- Connection to larger ENTROPY network
- Updates player specializations (CyBOK areas)
- Optional teaser for future threats/recurring villains

ENTROPY Selection:

ENTROPY Cell selected from established cells
- Cell specialisation matches educational objectives
- Cell operations appropriate for scenario type
- Cell provides context for technical challenges
Villain(s) selected with appropriate tier
- Tier 1 (Mastermind) for background presence (optional)
- Tier 2 (Cell Leader) as primary antagonist if recurring desired
- Tier 3 (Specialist) as defeatable antagonist
- Or create new one-off antagonist following established patterns
Villain characterisation defined
- Personality and motivations clear
- Confrontation style established
- Signature elements/quirks identified
- Escape vs. arrest decision considered

Mission Structure:

Intro Briefing (cutscene at SAFETYNET HQ)
- Mission context and threat description
- Player's cover story/role explained
- Primary objectives stated
- Relevant intel provided
- Handler introduction (Agent 0x99 or other)
- Field Operations Handbook reference (optional, max 1)

Objective System:

5-7 Primary Objectives (required for mission success)
- At least 1 objective: Access specific restricted room
- At least 1 objective: Discover critical item/intel
- At least 1 objective: ENTROPY agent discovery or apprehension
- At least 1 objective: Technical challenge (decrypt, exploit VM, etc.)
- Clear completion criteria for each objective
3-4 Milestone Objectives (progress markers)
- First milestone: Initial access/infiltration complete
- Mid milestone: Evidence of ENTROPY involvement found
- Late milestone: Critical breakthrough achieved
- Final milestone: Confrontation or resolution ready
3-5 Bonus Objectives (optional, for completionists)
- At least 1: Discovery-based (find all LORE fragments)
- At least 1: Skill-based (stealth completion, no combat, etc.)
- At least 1: Investigation-based (identify all suspects, etc.)

Branching Narrative:

Minimum 3 Major Story Choices with real consequences
- At least 1 choice presents moral dilemma
- At least 1 choice affects NPC relationships
- At least 1 choice impacts scenario outcome/ending
ENTROPY Agent Confrontation (when applicable)
- Practical exploitation option (use them for access)
- By-the-book arrest option
- Aggressive/combat option
- Recruitment/double agent option (if appropriate)
- Each option has distinct consequences

Multiple Endings:

Minimum 3 Ending Variants based on player choices
- Endings reflect moral choices made
- Endings acknowledge approach taken (aggressive, ethical, pragmatic)
- Each ending has unique debrief dialogue

Mission Debrief:

Outro Debrief (cutscene at SAFETYNET HQ)
- Acknowledges player choices explicitly
- Comments on methods used
- Reveals intel gained about ENTROPY
- Updates player specialisations (CyBOK areas)
- Teases future implications (optional)
- Varies based on ending achieved

Character Requirements

NPCs (Minimum Characters):

At least 1 Helpful NPC
- Provides information or assistance
- Can give items or access
- Trust-based relationship
At least 2 Neutral NPCs (office workers, staff)
- Require social engineering for cooperation
- Trust levels affect information sharing
- Can be suspects for security audit
At least 1 Suspicious NPC (potential ENTROPY agent)
- Initially appears neutral
- Evidence gathering reveals true allegiance
- Confrontation leads to arrest/combat/recruitment choice
- Can be revealed as double agent
Optional: Security Guard
- Physical security obstacle
- Can be social engineered or avoided
- May patrol certain areas

Character Design:

Each significant NPC has defined personality
Each significant NPC has dialogue style/voice
Recurring characters use appropriate catchphrases
Trust levels defined and tracked (0-10 scale)
Dialogue branches prepared (Ink script format)

Environmental Design

Room Structure:

5-10 Rooms minimum (appropriate for ~1 hour gameplay)
Tree-based layout with north/south connections
Fog of war implementation (unexplored rooms hidden)
At least 3 distinct room types used

Required Room Types (select appropriate for scenario):

Reception/Entry area (mission start)
At least 2 Standard Offices
At least 1 Secure Area (server room, executive office, vault, etc.)
Support spaces (IT office, conference room, storage, etc.)

Interconnected Puzzle Design:

At least 3 locked doors/areas visible early
- Creates mystery and exploration goals
- Cannot all be solved immediately
At least 2 multi-room puzzle chains
- Challenge discovered in Room A
- Solution/clue found in Room B or beyond
- Requires backtracking to Room A
At least 1 major backtrack required for primary objectives
At least 1 optional backtrack for bonus objectives
NOT purely linear room-by-room progression
Spatial layout makes logical sense

Security Mechanisms

Required Security Types (minimum 4 different types per scenario):

Key-based locks (at least 2)
- Keys hidden as puzzle solutions
- Consider if lockpicks available later
PIN code systems (at least 1)
- PIN discoverable through investigation
- 4-digit standard, 5-6 for high security
- Consider PIN cracker placement
Password systems (at least 2)
- Passwords discoverable via notes, social engineering, or exploitation
- Contextual hints provided
One advanced security mechanism:
- Biometric (fingerprint) authentication, OR
- Bluetooth proximity lock, OR
- Multi-factor authentication, OR
- Network-based access control

Tool Distribution:

Tools not available at scenario start
Essential tools found through exploration
Shortcut tools (lockpicks, PIN cracker) placed strategically late
- After player has solved several traditional puzzles
- In secured locations requiring other puzzles
- Only 2-3 uses remaining after acquisition

Technical Challenges

Cryptography & Encoding (minimum 2 challenges):

CyberChef integration present
- Accessed via in-game laptop/workstation
- At least 1 decryption challenge
- Keys/IVs discoverable through context
Difficulty-appropriate cryptography:
- Beginner: Base64, Caesar cipher, simple encoding
- Intermediate: AES symmetric encryption, MD5 hashing
- Advanced: RSA, Diffie-Hellman, complex multi-stage
Contextual clues for cryptographic parameters
- Keys derived from narrative (names, dates, phrases)
- IVs found in related documents
- Algorithm choice hinted in messages

VM Challenges (if included):

At least 1 VM available (Linux or Windows)
VM presented with narrative context (workstation, server, etc.)
Challenge appropriate to difficulty level
Time commitment: 10-15 minutes maximum per VM
Results provide useful information for physical puzzles

Physical-Cyber Integration:

At least 2 puzzles combining physical and digital elements
Example combinations:
- Fingerprint dusting to bypass biometric lock on computer
- Bluetooth scanning to find device that unlocks door
- Physical document containing encryption key
- Computer logs revealing physical safe location

Educational Content

CyBOK Integration:

Explicit CyBOK mapping documented
- 2-4 Knowledge Areas covered
- Displayed in scenario selection
- Referenced in LORE fragments
Primary CyBOK focus area (choose at least one):
- Applied Cryptography
- Human Factors (Social Engineering)
- Security Operations
- Malware & Attack Technologies
- Cyber-Physical Security
- Network Security
- Systems Security
- Others as appropriate

Learning Objectives:

Clear technical skills taught
Accurate cyber security concepts
Real tools and techniques demonstrated
Educational content doesn't vary based on narrative choices
All story paths achieve same learning outcomes

LORE System

LORE Fragments (minimum 3-5 per scenario):

At least 1 ENTROPY Operations fragment
- Reveals cell structure, tactics, or methods
At least 1 Cyber Security Concept fragment
- Educational content about security concepts
- Tied to CyBOK knowledge area
At least 1 Character/World-Building fragment
- Background on recurring characters, OR
- Historical context on SAFETYNET vs ENTROPY, OR
- The Architect's plans/philosophy
Discovery methods vary:
- Some as explicit objectives
- Some hidden for thorough exploration
- Some achievement-based rewards
All fragments:
- Interesting to read (not dry exposition)
- 1-3 paragraphs length
- Consistently formatted

Difficulty & Balance

Difficulty Setting:

Difficulty level assigned: Beginner, Intermediate, or Advanced
Puzzle complexity matches difficulty rating
Technical challenges appropriate for target audience
Hints available for complex challenges

Playtime:

Target completion: 45-75 minutes
Tested with fresh player
Pacing: 15-20min Act 1, 20-30min Act 2, 10-15min Act 3

Flow & Balance:

Early puzzles tutorial-difficulty
Mid-game combines multiple mechanics
Late-game requires mastery
No single puzzle blocks all progress
Alternative solutions available where appropriate
Combat encounters limited (max 1-2)

Polish & Quality

Technical Validation:

JSON scenario specification validated
All objectives trigger correctly
Door connections work properly
Tool interactions function as designed
No softlocks or dead ends possible
Save/load functionality works

Narrative Quality:

NPC dialogue flows naturally
Character voices consistent
Branching paths all reach satisfying conclusions
Debrief variations written for each ending
Typos and grammar corrected

Playtesting:

Playtested by designer (debug run)
Playtested by fresh player (without hints)
Feedback incorporated
Confirmed completable in target time
All endings reachable and tested

Scenario Design Checklist

Note: For detailed requirements, see the Scenario Content Requirements Checklist above. This checklist focuses on the design workflow process.

Pre-Production

Core concept defined (What is the scenario about?)
Learning objectives identified (What CyBOK areas?)
Scenario type selected (Infiltration, IR, Pen test, etc.)
Narrative tone established (Serious, dark comedy, horror, etc.)
Target difficulty set (Beginner, Intermediate, Advanced)
Estimated playtime: ~1 hour
Review Scenario Content Requirements Checklist

Narrative Outline (REQUIRED BEFORE TECHNICAL DESIGN)

Complete narrative outline created following 3-act structure template
Core story defined (threat, villain, stakes)
ENTROPY cell and villain selected
Key revelations and twists identified
3-5 major player choices designed with consequences
Moral ambiguity established (grey areas identified)
Multiple endings outlined (minimum 3)
LORE fragments planned (3-5)
Act 1 narrative beats mapped
Act 2 narrative beats mapped (including revelation moment)
Act 3 narrative beats mapped
Debrief variations written for each ending path
Narrative is logically connected across all acts
Technical challenges mapped to narrative beats

Narrative Design

SAFETYNET mission briefing written
ENTROPY involvement clearly defined
Cover story established for player
Primary objectives defined (5-7 objectives)
Milestone objectives identified (3-4 milestones)
Bonus objectives created (3-5 bonuses)
NPC characters designed with personalities
Dialogue branches planned for key NPCs
LORE fragments written (3-5 fragments minimum)
Ending variations prepared (minimum 3)
Multiple debriefs written reflecting player choices

Branching Narrative & Choices

Major story choices identified (minimum 3-5 per scenario)
Choices include moral ambiguity (no obvious "right" answer)
ENTROPY agent confrontation options designed
- Practical exploitation path
- By-the-book arrest path
- Aggressive/combat path
- Recruitment/double agent path
Evidence-gated dialogue options created
Trust-gated dialogue options designed
Consequence tracking planned (immediate, scenario-level, meta-level)
Multiple ending variants written (minimum 3)
Debrief variations reflect player choices
All narrative paths allow completion of learning objectives
Choice variables tracked in Ink scripts
Replayability features considered

Technical Design

Room layout mapped (tree structure, 5-10 rooms)
Room connections defined (north/south primarily)
Interconnected puzzle design implemented:
- At least 3 locked doors/areas visible early
- At least 2 multi-room puzzle chains
- At least 1 major backtrack required
- NOT purely linear progression
Security mechanisms distributed (minimum 4 types)
Puzzle-before-solution principle applied throughout
Tool placement strategically positioned
- Lockpicks placed after multiple lock puzzles
- PIN cracker requires max 2 uses after acquisition
- Shortcut tools in secured locations
VM challenges designed (if applicable)
CyberChef puzzles created (minimum 2)
Cryptographic keys/IVs contextually hidden

Balance & Flow

Early puzzles are tutorial difficulty
Mid-game combines multiple mechanics
Late-game requires mastery of concepts
No single puzzle blocks all progress
Alternative solutions available
Backtracking balanced (meaningful, not tedious)
Combat encounters limited (max 1-2)
Scenario completable in ~1 hour

Educational Content

CyBOK knowledge areas explicitly mapped (2-4 areas)
Security concepts accurately represented
Technical content is realistic
Learning objectives aligned with gameplay
Hints available for complex challenges
All story paths achieve same learning outcomes

Polish & Testing

All objectives trigger correctly
NPC dialogue flows naturally
No softlocks or dead ends
All ending variations reachable
Typos corrected
JSON specification validated
Playtested by designer
Playtested by fresh player
Difficulty appropriate for target audience
Confirmed completable in target time

Tool Placement Checklist

Before placing shortcut tools, verify:

Lockpicks

Player has encountered 3+ key-based locks already
Player has solved at least 2 locks traditionally
Lockpicks are in secured container (requires other puzzle)
Only 2-3 pickable locks remain after acquisition
Lockpicking feels like earned shortcut, not trivialisation

PIN Cracker

Player has solved 2+ PIN puzzles traditionally
Maximum 2 PIN systems accessible after acquisition
PIN cracker requires skill (Mastermind mini-game)
Some PINs are tedious to crack (5-6 digits for high security)
Finding PIN organically is sometimes faster

Fingerprint Kit

Biometric systems present before kit found
Player understands what fingerprints enable
Kit placement requires some puzzle-solving
Multiple fingerprint opportunities available

Bluetooth Scanner

Bluetooth locks present before scanner found
Scanner placement makes narrative sense
Paired devices are findable after scanner acquired

NPC Design Checklist

For each significant NPC, define:

Name and role
Starting trust level (0-10)
Personality traits
Dialogue style
Catchphrase (if recurring character)
Information they can provide
Items they can give
Trust level thresholds for different interactions
Potential to be revealed as double agent (if applicable)
Ink script branching dialogue prepared

LORE Fragment Checklist

For each LORE fragment, ensure:

Interesting to read (not dry exposition)
Serves one of: world-building, education, or narrative connection
References relevant CyBOK area (if technical)
Fits established tone and canon
Discovery method is clear (objective, hidden, achievement)
Requires puzzle-solving to access (usually)
Length appropriate (1-3 paragraphs)
Formatted consistently

Complete Scenario Requirements Checklist

Use this comprehensive checklist to ensure every scenario includes all essential elements. This checklist represents the minimum requirements for a complete Break Escape scenario.

SCENARIO FOUNDATION

Basic Information

Scenario title (unique, thematic)
Scenario type selected (Infiltration, Incident Response, Pen Test, etc.)
Difficulty level assigned (Beginner/Intermediate/Advanced)
Target playtime: ~60 minutes
CyBOK knowledge areas identified (minimum 2)
Learning objectives explicitly stated

Narrative Framework

ENTROPY involvement clearly defined (cell type, scheme, connection)
Player cover story established (consultant, auditor, new hire, etc.)
Setting/location defined (company name, industry, office type)
Threat/stakes clearly articulated (what happens if player fails?)
Narrative tone established (serious corporate, horror cult, etc.)

BRIEFING & DEBRIEF

Mission Briefing (Required)

Cutscene briefing written
Handler character assigned (Agent 0x99, Director Netherton, etc.)
Hook establishes immediate situation/threat
Cover identity explained to player
Primary objectives previewed
Available equipment mentioned
Optional: Field Operations Handbook reference (humorous rule)

Mission Debrief (Required)

Minimum 3 ending variations written based on player choices
Each ending acknowledges specific player decisions
Handler provides commentary on methods used
Intelligence gained summarised
CyBOK specialisation updates mentioned
Optional: Teaser for larger ENTROPY patterns
Optional: Director Netherton bureaucratic response

OBJECTIVES SYSTEM

Primary Objectives (Required: 5-7 objectives)

Objective 1: _________________________
Objective 2: _________________________
Objective 3: _________________________
Objective 4: _________________________
Objective 5: _________________________
Optional Objective 6: _________________________
Optional Objective 7: _________________________

Each primary objective must include:

Clear objective description
Trigger condition defined (enter room, obtain item, etc.)
Narrative justification (why this matters to mission)
Technical skill required (if applicable)

Objective Categories Represented (check at least 3):

Room access (gain entry to restricted area)
Item discovery (find key evidence, documents, devices)
Intelligence gathering (discover ENTROPY communications)
System access (breach computer, server, network)
Agent identification (discover double agent identity)
Agent confrontation (arrest, battle, or recruit ENTROPY operative)
Evidence collection (secure proof of ENTROPY involvement)
Threat prevention (stop data exfiltration, prevent attack)

Milestone Objectives (Required: 3-4 milestones)

Milestone 1: _________________________ (typically after Act 1)
Milestone 2: _________________________ (mid Act 2)
Milestone 3: _________________________ (late Act 2)
Optional Milestone 4: _________________________ (Act 3 start)

Bonus Objectives (Required: 3-5 bonuses)

Bonus 1: _________________________ (e.g., stealth completion)
Bonus 2: _________________________ (e.g., collect all LORE)
Bonus 3: _________________________ (e.g., identify agent early)
Optional Bonus 4: _________________________
Optional Bonus 5: _________________________

Each bonus objective must:

Be completable but not required for success
Reward thorough exploration or skilled play
Provide meaningful reward (LORE, special ending variation, etc.)

ROOM DESIGN & LAYOUT

Spatial Design (Required minimums)

Minimum 5 rooms designed
Maximum 12 rooms (keep scope manageable)
Room layout uses tree structure (north/south connections)
Starting room defined (typically reception or entry)
Room connections mapped (which rooms connect to which)
Fog of war progression planned (rooms revealed as explored)

Room Variety (include at least 4 types):

Reception/Entry area
Standard office(s)
Executive office
Server room or IT office
Conference room
Storage/Archive room
Bathroom/Break room
Special room (basement, dungeon, secret room, etc.)

Non-Linear Design (REQUIRED)

At least 1 major backtracking puzzle chain (3+ rooms interconnected)
2-3 minor backtracking elements (locked doors requiring later-found items)
Multiple rooms accessible simultaneously (not purely linear sequence)
Solutions to puzzles require information from multiple rooms
Player must revisit at least one room after gaining new capability

Backtracking Example Documented:

Specific example of backtracking chain documented in design
Room A: Challenge presented _________________________
Room B/C: Clues/items discovered _________________________
Return to Room A: Solution applied _________________________

NPC CHARACTERS

Minimum NPC Requirements:

Minimum 3 NPCs with distinct personalities
Maximum 8 NPCs (scope management)
At least 1 helpful NPC (provides assistance/hints)
At least 1 neutral NPC requiring social engineering
At least 1 suspicious/ENTROPY NPC (potential double agent)

For Each NPC, Define:

NPC 1: _________________________ (Name/Role)

Personality traits defined
Starting trust level (0-10)
Key information they can provide
Items they can give (if any)
Potential to be ENTROPY agent? (Yes/No)
Dialogue branches planned (minimum 2 conversation branches)
Catchphrase or recurring behaviour (if memorable character)

NPC 2: _________________________ (Name/Role)

Personality traits defined
Starting trust level (0-10)
Key information they can provide
Items they can give (if any)
Potential to be ENTROPY agent? (Yes/No)
Dialogue branches planned
Catchphrase or recurring behaviour

NPC 3: _________________________ (Name/Role)

Personality traits defined
Starting trust level (0-10)
Key information they can provide
Items they can give (if any)
Potential to be ENTROPY agent? (Yes/No)
Dialogue branches planned
Catchphrase or recurring behaviour

ENTROPY Agent/Double Agent (REQUIRED - at least 1)

Identity designed (which NPC is secretly ENTROPY?)
Evidence trail planned (how player discovers their identity)
Reveal trigger defined (what action reveals them?)
Confrontation dialogue written (all choice branches)
Transformation to combat NPC prepared (if applicable)

BRANCHING NARRATIVE & MORAL CHOICES

Major Story Choices (Required: minimum 3-5 per scenario)

Choice 1: _________________________ (describe situation)
- Minimum 3 distinct options designed
- Consequences of each option defined
- Impact on narrative documented
Choice 2: _________________________ (describe situation)
- Minimum 3 distinct options designed
- Consequences of each option defined
- Impact on narrative documented
Choice 3: _________________________ (describe situation)
- Minimum 3 distinct options designed
- Consequences of each option defined
- Impact on narrative documented
Optional Choice 4: _________________________
Optional Choice 5: _________________________

Moral Ambiguity (Required: at least 1)

At least one choice presents genuine moral dilemma
No obviously "correct" answer
Each option has valid reasoning and consequences
Debrief acknowledges moral complexity

ENTROPY Agent Confrontation Choices (REQUIRED) When player discovers ENTROPY agent, all options must be available:

Practical Exploitation option (use them for shortcuts)
- Dialogue written
- Mechanical benefit defined (access, information, etc.)
- Consequence/debrief variation written
Arrest (By the Book) option
- Dialogue written
- Standard procedure defined
- Consequence/debrief variation written
Combat option
- Combat trigger implemented
- Combat difficulty appropriate
- Consequence/debrief variation written
Recruitment/Double Agent option
- Dialogue/persuasion written
- Success and failure branches defined
- Ongoing intelligence operation designed (if success)
- Consequence/debrief variations written
Interrogation First option
- Interrogation dialogue tree designed
- Intel revealed documented
- Can lead to other options afterward

Choice Impact Tracking:

Variables tracked in Ink scripts (moral_alignment, trust_levels, etc.)
Evidence-gated dialogue options (appear only when evidence found)
Trust-gated dialogue options (appear at certain trust thresholds)
Consequences affect available endings

SECURITY MECHANISMS & PUZZLES

Lock Types (include at least 4 different types):

Key-based locks (requires specific key or lockpicks)
PIN code systems (requires discovered code or PIN cracker)
Password-protected systems (requires credential discovery)
Biometric authentication (requires fingerprint spoofing)
Bluetooth proximity (requires finding paired device)
Other: _________________________

Tool Distribution (Required minimums):

At least 2 standard tools required (keys, access cards, passwords)
At least 1 mid-game tool (fingerprint kit, Bluetooth scanner)
Lockpicks placement (late in scenario, after solving 3+ lock puzzles)
PIN cracker placement (late, ensures max 2 uses remaining)
CyberChef/encoding workstation available (when needed)

Puzzle Chain Design (Required: minimum 3 chains):

Puzzle Chain 1: _________________________ (describe multi-step puzzle)
- Step 1: _________________________
- Step 2: _________________________
- Step 3: _________________________
Puzzle Chain 2: _________________________ (describe multi-step puzzle)
Puzzle Chain 3: _________________________ (describe multi-step puzzle)

Puzzle-Before-Solution Verification:

Each lock presented before its key is found
Each encrypted message encountered before decryption tool
Each PIN lock visible before code is discovered
Each biometric system seen before fingerprint kit acquired

CRYPTOGRAPHY & ENCODING

Cryptographic Challenges (Required: aligned with difficulty level)

Beginner Scenarios (include at least 2):

Base64 encoding/decoding
Hexadecimal representation
Caesar cipher
Simple substitution
Other: _________________________

Intermediate Scenarios (include at least 2):

AES encryption (CBC or ECB mode)
MD5 or SHA hashing
Vigenère cipher
Steganography (hidden data in images)
Other: _________________________

Advanced Scenarios (include at least 2):

RSA encryption/decryption
Diffie-Hellman key exchange
Digital signatures
Multi-stage cryptographic chains
Other: _________________________

For Each Cryptographic Challenge:

Algorithm clearly specified
Key/IV discovery method defined
Narrative context provided (why is this encrypted?)
CyberChef usage explained or hinted
Reward for successful decryption defined (what information is revealed)

CyBOK Mapping:

Specific Applied Cryptography concepts mapped
Educational value clearly articulated
Real-world application explained (in LORE or dialogue)

VIRTUAL MACHINES (if included)

VM Challenges (Optional but recommended for intermediate/advanced):

VM challenge 1: _________________________ (Linux/Windows)
- System type and configuration defined
- Challenge type (privilege escalation, log analysis, etc.)
- Required information/objective specified
- Difficulty appropriate to scenario level
- Time estimate (max 10-15 minutes per VM)
Optional VM challenge 2: _________________________

VM Integration:

Narrative justification (workstation, compromised server, etc.)
Results connect to physical puzzles
Hints available in game environment
Alternative solution available (if VM too difficult)

LORE SYSTEM

LORE Fragments (Required: minimum 3-5 per scenario)

LORE Fragment 1: _________________________ (category/topic)
- Category assigned (ENTROPY Ops, Architect, Concepts, History, Character)
- Content written (1-3 paragraphs)
- Discovery method defined
- CyBOK reference included (if technical)
LORE Fragment 2: _________________________ (category/topic)
LORE Fragment 3: _________________________ (category/topic)
Optional LORE Fragment 4: _________________________
Optional LORE Fragment 5: _________________________

LORE Discovery Methods (use variety):

At least 1 LORE from explicit objective (decode 5 secrets, etc.)
At least 1 LORE from environmental discovery (hidden files)
At least 1 LORE from bonus objective/achievement

LORE Quality Check:

Each fragment is interesting to read (not dry exposition)
Each serves world-building OR education OR narrative connection
Formatted consistently
References CyBOK areas when relevant

ENVIRONMENTAL STORYTELLING

Narrative Elements (include at least 4 types):

Email conversations (showing relationships, conflicts, or plots)
Sticky notes (passwords, reminders, character details)
Photographs (relationships, locations, evidence)
Calendars/schedules (meetings, appointments, suspicious timing)
Whiteboards (diagrams, calculations, plans)
Security logs (access patterns, intrusions)
Personal effects (revealing motivations, background)
Trash bins/shredders (deleted but recoverable info)
Other: _________________________

Foreshadowing:

At least 2 early clues that pay off later in scenario
Suspicious NPC behaviour established before reveal
Locked areas create curiosity and anticipation

Red Herrings (use sparingly):

0-2 plausible but ultimately irrelevant clues
Don't waste player time excessively
Should still be interesting/atmospheric

TECHNICAL IMPLEMENTATION

JSON Specification:

Scenario JSON file created
All rooms defined with correct structure
Room connections specified (north/south tree)
All objects placed with correct properties
Lock types and requirements specified
Container contents defined (nested items)
NPC dialogue script references included

Ink Script Files:

Separate Ink script file created for each major NPC
Branching dialogue implemented
Variables tracked (trust, evidence, choices)
Conditional dialogue based on game state
All confrontation branches implemented
Ending variations trigger correctly

Testing & Validation:

JSON syntax validated (no errors)
All objective triggers tested
All dialogue branches accessible
No softlock situations (always a path forward)
Backtracking puzzle chains work correctly
Cryptographic puzzles solvable
VM challenges (if included) completable
All endings achievable and display correctly

BALANCE & POLISH

Difficulty Curve:

Early challenges tutorial-difficulty
Mid-game combines multiple mechanics
Late-game requires mastery
No single puzzle blocks all progress
Hints available for complex challenges

Playtime Verification:

Estimated playthrough: ~60 minutes
Minimum speedrun time: ~30 minutes (with knowledge)
Maximum thorough completion: ~90 minutes
Acts roughly balanced (15/30/15 minute split)

Accessibility:

Clear signposting for locked areas
Objective system guides without hand-holding
Multiple solution paths where possible
Help/hint system available (via NPCs or notes)

Educational Value:

CyBOK areas clearly mapped
Security concepts accurately represented
Technical content realistic and practical
Learning objectives align with gameplay
Player understands "why" not just "how"

Narrative Quality:

Scenario has clear beginning, middle, end
Character motivations make sense
ENTROPY involvement feels organic
Plot revelations satisfying
Tone consistent throughout
Dialogue feels natural
No major plot holes

Final Checks:

Typos corrected in all text
All placeholder text replaced
Company/character names consistent
CyBOK references accurate
Field Operations Handbook joke (optional, max 1)
Recurring character catchphrases used correctly
SAFETYNET/ENTROPY lore consistent with universe bible

QUALITY ASSURANCE

Playtesting:

Fresh player playtest completed (someone unfamiliar with scenario)
Playtester feedback documented
Major issues addressed
Difficulty appropriate for target audience
Playtime within target range

Peer Review:

Scenario reviewed by another designer
Technical accuracy verified
Narrative coherence confirmed
JSON/Ink implementation checked

Final Approval:

All checklist items completed
Scenario ready for integration
Documentation complete
Assets ready (room templates, object sprites, etc.)

Scenario Design Summary Template

Complete this summary for each scenario:

Scenario Name: _________________________

One-Sentence Hook: _________________________

Primary Learning Objectives (CyBOK): _________________________

Scenario Type: _________________________

Difficulty: _________________________

Key NPCs: _________________________ (list names/roles)

Main Moral Dilemma: _________________________

Backtracking Puzzle Chain: _________________________ (brief description)

ENTROPY Connection: _________________________

Unique Feature: _________________________ (what makes this scenario special?)

Scenario Requirement Quick Reference

MINIMUM REQUIREMENTS FOR EVERY SCENARIO:

✓ 5-7 primary objectives
✓ 3-4 milestone objectives
✓ 3-5 bonus objectives
✓ 5-12 rooms
✓ 1 major backtracking chain
✓ 3+ NPCs (1 helpful, 1 neutral, 1 ENTROPY)
✓ 3-5 major narrative choices
✓ 1 moral dilemma
✓ ENTROPY agent confrontation (all 5 options)
✓ 4+ different lock types
✓ 3+ cryptographic challenges
✓ 3-5 LORE fragments
✓ Briefing cutscene
✓ 3+ ending variations
✓ ~60 minute playtime

Beginner Scenarios

Target Audience: New to cyber security, first few missions

Characteristics:

Simple encoding (Base64, Caesar cipher)
Clear puzzle telegraphing
Linear progression
Abundant hints
Tutorial-style guidance
Limited tool requirements

Example Challenges:

Find password on sticky note
Decode Base64 message
Unlock door with found key
Social engineer helpful NPC
Access computer with obvious password pattern

Intermediate Scenarios

Target Audience: Some cyber security knowledge, multiple missions completed

Characteristics:

Multi-stage puzzles
Symmetric encryption (AES)
Some technical VM challenges
Branching paths
Moderate hint availability
Multiple tool requirements

Example Challenges:

AES decryption with discovered key
Fingerprint spoofing chain
Log analysis for intrusion evidence
Social engineering resistant NPCs
Multi-stage authentication bypass

Advanced Scenarios

Target Audience: Strong cyber security knowledge, experienced players

Characteristics:

Complex puzzle chains
Asymmetric cryptography (RSA, DH)
Advanced VM exploitation
Non-linear progression
Minimal hints
All tools required

Example Challenges:

RSA operations with mathematical calculations
Privilege escalation on Linux system
Multi-vector attacks combining physical and cyber
Identifying double agents through evidence correlation
Time-sensitive incident response under pressure

Appendix: Example Scenario Outline

Scenario: Operation Shadow Broker

Type: Infiltration & Investigation
Difficulty: Intermediate
Playtime: 60 minutes
CyBOK Areas: Applied Cryptography (AES), Human Factors (Social Engineering), Security Operations

Organization Type: Infiltrated (Nexus Consulting is a legitimate cyber security firm)
ENTROPY Cell: Zero Day Syndicate
Primary Villain: Head of Security (double agent, reveals as ENTROPY operative - Tier 3)
Background Villain: "0day" (Tier 2 Cell Leader, referenced as buyer of stolen vulnerabilities)
Supporting: Most employees are innocent; 1-2 may be compromised or unwitting accomplices

Scenario Premise: Nexus Consulting is a legitimate cyber security firm with real clients and mostly innocent employees. However, their Head of Security has been corrupted by ENTROPY's Zero Day Syndicate and is selling client vulnerability assessments on the dark web. Most employees have no idea, though one or two may have been manipulated into helping without understanding the full scope.

Briefing

Agent 0x99: "Agent 0x00, we have a situation at Nexus Consulting, a cyber security firm downtown. Ironic, right? Someone from inside their company contacted us anonymously, claiming there's a data broker selling client vulnerability assessments on the dark web."

Agent 0x99: "Intelligence suggests this is connected to ENTROPY's Zero Day Syndicate—they've been buying vulnerability intel from corrupt security professionals. Here's the catch: Nexus itself is legitimate. Real company, real clients, mostly innocent employees. But someone inside is ENTROPY."

Agent 0x99: "Your cover: you're conducting a routine compliance audit they scheduled months ago. Your real mission: identify the insider, secure evidence, and determine the extent of ENTROPY's infiltration. Most people there are innocent—don't spook them. But be careful: security professionals are hard to fool."

Director Netherton: "Per Section 7, Paragraph 23, you're authorised to conduct offensive security operations under the guise of audit activities. Per Section 18, Paragraph 4: 'When operating within legitimate organizations, collateral damage to innocent parties must be minimized.' That means don't trash the place or arrest everyone. Find the ENTROPY agent. Stay sharp."

Act 1: Arrival (15 min)

Room: Reception

Encounter receptionist (Neutral NPC, genuinely helpful - innocent employee)
Social engineering easy because this is a legitimate business
Receptionist provides employee directory willingly for "auditor"
See locked Server Room door (requires admin card - cannot open yet)
See locked Security Office door (requires PIN - cannot open yet)
Optional: Access visitor logs (reveals suspicious late-night visits by one person)
Note: Nexus is a real business with normal security protocols

Room: General Office Area

Multiple office worker NPCs (all innocent, most helpful)
Employees discuss work openly - they have nothing to hide
Can social engineer easily for general information
Find notes about "unusual behaviour" from security team - written by concerned employee
Discover first encrypted message (Base64) on someone's desk - references "server logs"
Find locked desk drawer (requires key - not available yet)
Overhear: "The Head of Security has been acting weird lately..."

Room: Break Room

Overhear innocent employees discussing "changed security code"
One employee: "Did you hear? Security changed the office code again without telling anyone."
Find note on bulletin board: "New security office code starts with 7... ask Margaret for the rest"
Coffee machine has sticky note: "IT borrowed my admin card again! -Sarah"
Note: Normal office environment, employees trust each other (perhaps too much)

Primary Objectives:

☐ Check in at reception
☐ Locate security office (seen but cannot access yet)
☐ Access company directory
☐ Interview employees to identify suspicious behaviour

Bonus Objectives:

★ Read visitor logs without arousing suspicion
★ Gain trust of IT staff for later cooperation

Puzzle State at End of Act 1:

Player knows Server Room exists (locked, need admin card)
Player knows Security Office exists (locked, need PIN starting with 7)
Player has encrypted message needing decryption
Player has heard rumors about Head of Security acting strange
Player recognizes most employees are innocent and helpful
Player cannot solve any challenges yet - must explore further

Investigation Notes:

Most employees are cooperative because audit is legitimate
Only 1-2 NPCs show suspicious behavior
Key challenge: Identifying who is ENTROPY among innocents
Social engineering is low-risk with most staff

Act 2: Investigation (30 min)

Room: IT Office

Helpful IT Manager (genuinely innocent, cooperative NPC)
Eagerly discusses company systems because player is "official auditor"
NPC mentions: "Someone keeps borrowing admin cards - I think it's the Head of Security"
NPC volunteers: "We've had some weird server access patterns lately..."
Find Bluetooth scanner in supply drawer (IT doesn't mind auditor using tools)
Access to VM with partial logs (need server room access for complete logs)
Through friendly conversation: Learn remaining PIN digits are "391"
BACKTRACK OPPORTUNITY: Could return to Security Office now (PIN: 7391)
Note: IT staff are allies, not enemies

Room: Standard Office #1 (General Employee)

Innocent employee's workspace with CyberChef on computer
Employee: "Sure, use my computer for the audit. I've got nothing to hide!"
BACKTRACK REQUIRED: Decrypt message from Act 1 (Base64)
Decrypted message reveals: "Evidence in safe. Biometric access. Owner: Head of Security"
Message also mentions: "Server logs show the full truth. Delete after reading."
Find family photo of Head of Security with dog named "Rex"
Employee explains: "That's our Head of Security. Nice enough guy, but he's been stressed lately."

Room: Standard Office #2 (Another Innocent Employee)

Employee away from desk, but workspace accessible during "audit"
Desk drawer contains admin access card left carelessly
BACKTRACK OPPORTUNITY: Can now access Server Room (from Act 1)
On desk: Personnel file (employee doing background check work) mentioning Head of Security birthday: 1985
Post-it note: "Rex1985 - remind boss to change this!"
Note: Employee is doing legitimate work, no ENTROPY involvement

PLAYER CHOOSES: Backtrack to Server Room OR continue exploring

Room: Server Room (via backtrack to Reception area)

Restricted access achieved with borrowed admin card
Server terminal with comprehensive logs
VM access for detailed log analysis
Discover evidence of data exfiltration - sophisticated, insider knowledge
Find encrypted communication (AES-256-CBC) addressed to "0day"
Hints suggest key is "pet name + birth year"
Player must remember: Photo showed dog "Rex", file showed "1985"
BACKTRACK REQUIRED: Return to Office #1 to use CyberChef with key "Rex1985"
Log analysis shows: All suspicious access came from Security Office terminal

ALTERNATIVE PATH: Security Office (via backtrack to Reception with PIN 7391)

Head of Security's office (he's currently out)
Computer password-protected
Hints suggest password pattern: pet_name + year
Safe requiring biometric lock
Fingerprint dusting kit available in security equipment drawer
Find additional evidence on computer once accessed: Communications with "0day"
Dark web marketplace access logs

EVIDENCE GATHERING - Identifying the ENTROPY Agent:

By combining information from multiple rooms, player realizes:

Head of Security has password "Rex1985" (family photo + personnel file)
All suspicious activity traces to Security Office
Encrypted communications with ENTROPY contact "0day"
Late-night access when no one else is around
Behavioral changes noted by coworkers

But most importantly:

IT Manager: innocent, helpful
Office employees: innocent, cooperative
Other security staff: likely innocent
Only Head of Security shows ENTROPY indicators

INTERCONNECTED PUZZLE RESOLUTION:

Player discovered family photo in Office #1 (dog: Rex)
Player discovered personnel file in Office #2 (year: 1985)
Player can now unlock Security Office computer: "Rex1985"
Player can also decrypt server logs with same info
Both paths reveal evidence pointing to Head of Security as ENTROPY agent
All other employees appear clean

Primary Objectives:

☐ Access security systems (requires backtracking)
☐ Identify data exfiltration method (Server Room)
☐ Decrypt communications with ENTROPY (requires info from multiple rooms)
☐ Identify the insider threat (Head of Security)
☐ Gather sufficient evidence for confrontation

Bonus Objectives:

★ Find all 5 ENTROPY intelligence fragments (scattered across rooms)
★ Access both the Server Room AND Security Office for complete picture
★ Identify the insider before final confrontation (requires thorough investigation)
★ Maintain cover throughout investigation (don't alert suspect)

LORE Fragments (distributed across rooms):

IT Office (on bulletin board): ENTROPY Operations - "Zero Day Syndicate recruitment methods: How they identify and compromise security professionals"
Server Room (in encrypted logs): Cyber Security Concept - "AES-CBC mode explanation and why ECB mode vulnerabilities are exploited by ENTROPY"
Security Office safe (after biometric bypass): Character Background - "Profile of '0day': ENTROPY's elite vulnerability broker and mysterious Zero Day Syndicate leader"
Standard Office #1 locked drawer: Historical Context - "Previous SAFETYNET operations against vulnerability marketplaces and why this threat is escalating"
Hidden in Break Room (behind coffee machine): The Architect - "Intercepted communication from The Architect to Zero Day Syndicate: 'Systematic vulnerability collection is Phase 2...'"

Key Backtracking Moments:

Found encrypted message early → Must find CyberChef → Backtrack to decrypt
Found partial PIN early → Complete it through investigation → Backtrack to Security Office
Saw Server Room early → Must find admin card → Backtrack to access
Found password hints across multiple rooms → Backtrack to apply discoveries
Evidence scattered → Must piece together → Multiple backtracks to different locations

Detective Work Notes:

Scenario is about identifying ONE bad actor among many innocents
Social engineering is encouraged and low-risk with most staff
Evidence against Head of Security accumulates across multiple rooms
Player must distinguish suspicious behavior from normal stress
Most employees actively help investigation (unknowingly)

Act 3: Confrontation (15 min)

Discovery: Evidence points to head of security as the broker

Room: Executive Conference Room

Locked briefcase with final evidence (requires PIN cracker or discovered code)
Note found nearby: "Briefcase code is reversed security office code"
MEMORY/BACKTRACK ELEMENT: Player must remember Security Office PIN was 7391, so briefcase is 1937
Encrypted files proving ENTROPY connection
Communication logs showing sales to ENTROPY cells

Confrontation - Player Choices:

The head of security realizes they've been discovered. The player must choose how to handle the situation:

Option A: Practical Exploitation

"I know what you are. You can unlock the evidence vault for me, or I call this in right now. Your choice."

Head of security provides access to hidden evidence cache
Fast completion of objectives
Questionable ethics
Debrief: "Effective, Agent, but we're not extortionists... officially."

Option B: By the Book Arrest

"It's over. You're under arrest for espionage and data brokering."

Immediate arrest, standard procedure
Must find evidence cache independently
Takes longer but ethically sound
Debrief: "Clean arrest. Professional. Well done."

Option C: Combat

"ENTROPY. You're done."

Triggers combat encounter
Most aggressive option
Evidence secured after confrontation
Debrief: "That was intense. Perhaps we could have handled it more delicately?"

Option D: Recruitment Attempt

"ENTROPY is burning their assets. You're exposed. Work with us—become a double agent—and we can protect you."

Requires high trust or strong leverage
Success: Ongoing intelligence operation, bonus LORE fragments
Failure: Leads to combat or arrest
Debrief (success): "Risky play, but the intel we're getting is gold. Good work."
Debrief (failure): "Worth the attempt, but not everyone can be flipped."

Option E: Interrogation First

"Before we finish this, I need names. Who else is working for ENTROPY?"

Extract information before arrest/combat
Reveals additional ENTROPY cells (bonus objective)
Most time-consuming option
Debrief: "Patience paid off. The additional intelligence will help future operations."

Primary Objectives:

☐ Secure broker's evidence cache
☐ Confront the Shadow Broker
☐ Confirm ENTROPY involvement

Bonus Objectives:

★ Complete without alerting other staff
★ Recover list of all affected clients
★ Identify additional ENTROPY contacts (interrogation path)
★ Establish ongoing double agent operation (recruitment path)

Summary of Interconnected Design in This Scenario:

3 Major Locked Areas Presented Early: Server Room door, Security Office door, Secured Drawer
4+ Multi-Room Puzzle Chains:
1. Encrypted message (Act 1) → Find CyberChef (Act 2) → Decrypt (backtrack)
2. Partial PIN (Act 1) → Complete through exploration (Act 2) → Unlock Security Office (backtrack)
3. Server Room seen early → Find admin card (Act 2) → Access server logs (backtrack)
4. Password/key hints across multiple rooms → Piece together → Apply (multiple backtracks)
6+ Backtracking Moments Required: To Reception area for locked doors, to Office #1 for decryption, to Security Office with PIN, to Server Room with card, to Conference Room with discovered code
Non-Linear Exploration: Player can choose to tackle Server Room or Security Office in either order once access is obtained
Satisfying Connections: Information from Act 1 (encrypted message, partial PIN) becomes useful in Act 2; pieces from different rooms (photo, personnel file) combine to unlock secrets

Debrief (Multiple Variations)

The debrief explicitly reflects the player's choices throughout the scenario. Each ending addresses the fact that Nexus Consulting is a legitimate business with mostly innocent employees:

Ending A: By the Book (Arrest + Minimal Collateral)

Agent 0x99: "Excellent work, Agent 0x00. Clean arrest of the Head of Security, no disruption to Nexus Consulting's legitimate operations. The company's employees were shocked—they had no idea. We've secured evidence of the vulnerability sales, and '0day' from the Zero Day Syndicate is now cut off from this source."

Director Netherton: "Textbook operation. Per Section 14, Paragraph 8: 'When all protocols are followed and the mission succeeds, the agent shall receive commendation.' Well done. Nexus Consulting will recover—they're cooperating fully and implementing our security recommendations."

Agent 0x99: "The company is grateful. They're hiring a new Head of Security and reviewing all their processes. Your professional conduct protected innocent employees while removing the threat. I'm updating your specialisation in Applied Cryptography and Insider Threat Detection."

Ending B: Pragmatic Victory (Exploitation + Fast Completion)

Agent 0x99: "Mission accomplished, Agent. You leveraged the Head of Security's position to access his evidence vault before arrest. Efficient. The company is... disturbed by your methods, but they understand it prevented data destruction."

Director Netherton: "Per Protocol 404: 'Creative interpretations of authority are permitted when expedient.' Results matter, but remember—Nexus is a legitimate business with innocent employees. They'll remember how we operated here."

Agent 0x99: "The intelligence we recovered confirms Zero Day Syndicate's systematic vulnerability purchasing. Your technical work was excellent. The mission succeeded, and the company will recover. But relationships matter—they may be less cooperative with future SAFETYNET operations."

Ending C: Aggressive Resolution (Combat + Decisive Action)

Agent 0x99: "Well, Agent, that was intense. The Head of Security is neutralised, evidence secured, threat eliminated. But the company is shaken. Several employees witnessed the combat. We've had to do damage control."

Director Netherton: "Per Section 29: 'Use of force is authorised when necessary.' You deemed it necessary in a building full of innocent civilians. Please file your incident report and review Section 31 on 'Proportional Response in Civilian Environments.'"

Agent 0x99: "Zero Day Syndicate connection confirmed. The company will recover, but trust in security professionals took a hit. Your technical skills got you to the truth. Just remember: most people there were innocent. Collateral psychological impact matters."

Ending D: Intelligence Victory (Double Agent Recruited)

Agent 0x99: "Masterful, Agent 0x00. Flipping their Head of Security into a double agent? He's now providing intelligence on Zero Day Syndicate while maintaining his position at Nexus."

Director Netherton: "Per Section 19, Paragraph 7: The company believes we concluded the investigation inconclusive—he's still employed. This is ongoing. You're handling this asset going forward. Don't mess it up."

Agent 0x99: "Your asset is feeding us valuable data on '0day' and the marketplace. Nexus's employees still don't know—business as usual. You'll be managing this delicate situation. I'm noting specialisation in Intelligence Operations and Asset Management."

Ending E: Thorough Investigation (Interrogation + Maximum Intel)

Agent 0x99: "Exceptional work, Agent. You extracted every piece of intelligence before arrest. The additional Zero Day Syndicate contacts you identified will help us roll up this entire vulnerability marketplace."

Director Netherton: "Patience and thoroughness. Nexus appreciated your careful approach—you gathered evidence without disrupting their business until the final arrest. The company is cooperating fully."

Agent 0x99: "The network map shows Zero Day Syndicate has corrupted security professionals in at least seven other organisations. Your interrogation skills revealed the full scope. We're launching follow-up operations. All while keeping Nexus's innocent employees safe."

Ending F: Mixed Outcome (Alerted Staff + Complications)

Agent 0x99: "Mission accomplished, but... half of Nexus's staff knows something happened, and several employees are traumatised. The company is considering legal action for workplace disruption."

Director Netherton: "Results: ENTROPY agent arrested, evidence secured. Methods: Louder than ideal. Per Section 42: 'Discretion is encouraged.' Next time: remember that legitimate businesses with innocent employees require different tactics than ENTROPY-controlled facilities."

Agent 0x99: "The Head of Security is in custody. Your technical work was sound, but operational security needs improvement. Nexus will recover. The mission succeeded. Next time: lighter touch in civilian environments."

Universal Closing (appears in all endings):

Agent 0x99: "One more thing. This vulnerability marketplace is part of ENTROPY's Zero Day Syndicate operation. Communications suggest '0day' was buying the stolen assessments. The Head of Security was just one compromised professional in their network."

Agent 0x99: "This syndicate systematically corrupts security professionals at legitimate companies. Nexus was infiltrated, but we believe there are others. Most companies don't know they're compromised. We'll be watching for this pattern. Meanwhile, Nexus is implementing new insider threat protocols. Your work here may have saved other companies from the same fate."

Conclusion & Usage Notes

This Universe Bible serves as the foundation for all Break Escape scenario design. It should be:

Referenced: Consulted during scenario development
Evolved: Updated as the universe expands
Shared: Distributed to all content creators
Flexible: Guidelines, not rigid rules

Remember:

Cyber security education comes first
Narrative supports learning, never undermines it
Accuracy matters more than convenience
Fun and engagement enhance, not replace, education

For questions, clarifications, or additions: Contact the Break Escape development team or refer to technical documentation.

Version Control:

v1.0 - November 2025 - Initial Universe Bible
Future versions will incorporate feedback, new mechanics, and expanded LORE

"In a world of increasing entropy, order must be restored—one scenario at a time."
— SAFETYNET Motto

243 KiB Raw Permalink Blame History

Break Escape: Universe Bible & Scenario Design Guide

Table of Contents

Universe Overview

The Setting

Core Premise

Tone & Atmosphere

Organisation Profiles

SAFETYNET

Mission Statement

Operational Structure

Rules of Engagement

Technology & Resources

ENTROPY

Philosophy

Operational Structure

Common Schemes

Cover Businesses & Infiltration Targets

Known ENTROPY Tactics

ENTROPY Cells & Operations

Cell: Digital Vanguard

Cell: Critical Mass

Cell: Quantum Cabal

Cell: Zero Day Syndicate

Cell: Social Fabric

Cell: Ghost Protocol

Cell: Ransomware Incorporated

Cell: Supply Chain Saboteurs

Cell: Insider Threat Initiative

Cell: AI Singularity

Cell: Crypto Anarchists

ENTROPY Cell Usage Guidelines

Recurring Characters

SAFETYNET Operatives

Agent 0x00 [Player Handle] — The Player Character

Agent 0x99 "Haxolottle" — The Helpful Contact

Director Magnus "Mag" Netherton — SAFETYNET Director

Dr. Lyra "Loop" Chen — Technical Support

Agent 0x42 — The Mysterious Veteran

ENTROPY Operatives (Rivals, Never Directly Defeatable)

The Architect — ENTROPY's Strategic Mastermind

Null Cipher — Elite ENTROPY Hacker

The Broker — ENTROPY Intelligence Trader

Recurring Villains & Adversaries

TIER 1: The Masterminds (Background Presence Only)

The Architect

Null Cipher

Mx. Entropy (The Eldritch Coordinator)

TIER 2: Cell Leaders (Escapable Recurring Antagonists)

"The Liquidator" — Digital Vanguard Leader

"Blackout" — Critical Mass Leader

"The Singularity" — Quantum Cabal Leader

"0day" — Zero Day Syndicate Leader

TIER 3: Memorable Specialists (Defeatable, Scene-Stealers)

"Insider Trading" — Social Engineer Extraordinaire

"Red Tape" — Bureaucratic Saboteur

"SCADA Queen" — Industrial Control System Hacker

"Deepfake" — Synthetic Media Artist

Villain Relationship Map

Using Recurring Villains in Scenarios

Recurring Characters

The Helpful IT Person

The Suspicious Secretary

The Oblivious Executive

The Paranoid Security Guard

The Double Agent

World Rules & Tone

Narrative Rules

Rule 1: Cyber Security First

Rule 2: Physical-Cyber Convergence

Rule 3: Self-Contained Stories

Rule 4: Legal Framework - The "License to Hack"

Rule 5: Progressive Challenge

Rule 6: Mandatory 3-Act Structure

Comedy Rules

Comedy Rule 1: Punch Up

Comedy Rule 2: Recurring Gags

Comedy Rule 3: Never Undercut Tension

Comedy Rule 4: Grounded Absurdity

The Field Operations Handbook

243 KiB

Raw Permalink Blame History