For this article I thought I would do something a little bit different; I figured I would combine two of my loves – video games and penetration testing.
I had a lot of fun writing this so I hope you have just as much fun reading it!
If you enjoyed it do let me know and I’ll try and write similar content in the future!
If you want to follow more of my ramblings on recruitment, pop culture and cybersecurity, then feel free to connect with me on Linkedin or follow me on Twitter - @JayR_ARMCyber
A Brief History of Persona
The Persona series dates back to the PsOne era – but I didn’t get into the series myself until Persona 3 on the PS2 wayyy back in 2008.
It so happened I was reading a video games magazine (back when that was your bible for what’s hot) and came across a glowing review for this obscure-sounding Japanese RPG (Role Playing Game).
You spent part of your time attending high school, part of your time revising for exams (yes, I’m serious), part of your time romancing girls & making friends with your eccentric neighbours and the rest of your time working your way through a dungeon filled with monsters from every mythology you can think of….
…so basically real life turned up to 11 and chucked through the looking glass.
Obviously I needed this game in my life - but it was hard to track down and eBay and Amazon didn’t have it either.
It took a chance visit to Hereford (of all places) & wandering into a used games store that I finally tracked down a copy.
Once I started playing I was hooked pretty quickly – so much so that 2 years later I picked up Persona 4 on the PS2 for £20 in a second hand games store the first chance I spotted it...where it proceeded to sit on my shelf collecting dust for a good 5 years.
But one day – having found myself with some spare time on my hands, and no decent PS3 games on the horizon – I decided to boot it up.
Again, I was instantly hooked on the murder mystery storyline (still one of the greatest video game plots I’ve ever had the pleasure of playing through) - once that was done I eagerly awaited the inevitable 5th instalment, which finally arrived last year.
Persona 5’s plot casts you as a high school kid that moonlights as a ‘Phantom Thief’ – meaning he and his gang of outlaws have the mystical power to ‘steal the hearts’ of various unsavoury people around Tokyo - in order to cause them to repent and change their ways.
They do this through entering a physical representation of that person’s twisted mind, in the form of a Mind Palace – a place filled with puzzles, traps and monsters to fight as you seek out the evil that is at the heart of your target.
So What Has All This Got To Do With Penetration Testing?
When I was playing through Persona 5 last year, a realisation dawned on me – a lot of what I was doing in the gameplay felt very familiar to something in my real life…. Penetration Testing!
It was at this point I decided to document the similarities, so here we go:
Phase 1 | Scoping
The initial phases of any test usually involve engaging with the client and agreeing the ‘rules of engagement’ for the work.
The client is agreeing to let you onto their private network so you need to ensure that your work won’t compromise their business operations or lead to sensitive data actually leaking out.
In Persona 5, scoping is represented through identifying your target. The Tokyo of Persona 5 is filled with all sorts of colourful characters and at first it’s not immediately obvious who your target for each ‘chapter’ of the story is.
Often these guys hide in plain sight and seem pretty unassuming – a gym teacher, a seemingly harmless art teacher, a police officer, the owner of a fast food conglomerate – so you spend a good portion of your time debating with your team as to whether this person is deserving of your special attention.
Often it takes you engaging with a victim of one of these antagonists in order to uncover their secret - and spur you into action.
Phase 2 | Reconnaissance
Now you’ve selected your target, you’ll want to tap into any OSINT (Open Source Intelligence - publicly accessible information on your target) you can find - as well as simple things like Googling the company/individual & combing other public resources to help you plan your ‘attack’.
Heck, you might want to go one step further and directly engage with the target company/person to gain the information you need.
In Persona 5, your reconnaissance involves following and investigating your target to prove to both yourself and your gang that they are indeed a dangerous individual and ensuring they are guilty of whatever crimes they are hiding.
Phase 3| Scanning & Vulnerability Assessment
After your recon, you’ll want to collect some further intelligence and probe deeper.
This is where your trusty vulnerability scanner will come into play.
Back in the world of Persona 5, once you have a target in mind you need to 'poke the bear' so to say.
This often involves some kind of side quest such as the one above, where you have to engage with some unsavoury underworld characters in order to prove , say, that a restaurant owner is involved in a money laundering scheme.
Phase 4 | Penetration Test
AKA The fun part!
This is where you’re exploiting the vulnerabilities found in the previous phases while collecting data.
In Persona 5, once you’re ready to face your target you need to send a Calling Card.
This is a literal card you post to the target which alerts them to the fact that someone knows about their crimes.
This puts the target on alert and makes them vulnerable – and at this point you can use your Phantom Thief powers to enter the ‘Mind Palace’ (a typical RPG dungeon essentially) of the target and start your mission.
Phase 5 | Maintaining Access & Lateral Movement
Now you’re in the system, you’ll want to take steps to ensure you stay there!
You’ll inject agents to maintain your access for as long as you need to collect the data required. You’ll want to stay in ‘stealth mode’ in order to avoid the host detecting you.
In Persona 5, once you’re inside the ‘Mind Palace’ of the target you need to avoid detection from the ‘host’ at all costs, in order to gather the data you need to expose their crimes.
There’s a meter which creeps up every time you’re spotted and forced to engage in a battle.
Once that meter reaches 100%, you’re kicked out of the Palace - and you can’t get back in!
Phase 6 | Artifact Collection & Covering Your Tracks
Once you’ve got what you need from the penetration test, you’ll want to get out without a trace.
You’ll remove all backdoors & rootkits, and ensure everything returns to a state like before you conducted your test.
It’ll be like you were never there!
In Persona 5, once you reach the centre of the palace, you’re confronted with the the target’s ‘true self’.
Which (naturally) is a traditional boss fight you have to beat the stuffing out of.
Upon victory, the target is left to finally face the truth of their crimes.
At this point the Mind Palace begins to collapse and you have to get the heck out of dodge while you can!
So you now have to escape the Mind Palace - and leave no trace you were there….
Which is usually done by climbing inside of….a talking anime cat that has changed into a bus that whisks you away to safety.
This game is definitely Japanese.
Definite Studio Ghibli Reference!
See?
Phase 7 | Reporting & Debriefing
This is the final phase of the penetration test – the report!
Love it or hate it, this is what the client is looking for from you.
This is your chance to wax lyrical about the vulnerabilities you found, the risk that will be incurred if these aren’t fixed, and the technical detail that backs all this up.
A client should use this as a call to action to fix any security issues.
Finally, once you’re back in the real world of Persona 5’s Tokyo, your actions activate a ‘Change of Heart’ in the target’s personality - causing them to fundamentally change as a person without realising what’s triggered this to happen.
This usually comes in the form of your target having a very public breakdown and confessing to their crimes in sometimes hilarious ways – although as the game progresses these scenes become increasingly tragic.
In this sense, you could correlate this with the client of your penetration test taking ownership of the flaws in their system and ensuring they fix them in a timely manner.
In Summary
Persona 5 is probably one of the best RPGS of this generation – and arguably one of the best games on the PS4 – and that’s mostly due to its repetitive yet rewarding game structure and system.
Back in the real world, it gets you thinking about how you can apply security-thinking to all kinds of situations.
While this article was mostly a bit of fun, it definitely made me think more about how security bleeds into all sorts of unexpected parts of our lives.
Gamifying learning is a great way to learn things in an accessible way – and it works both ways too, as if someone reads this article and fancies checking out Persona 5 they are in for an absolute treat!
Comments