Welcome!

We are a large community of students who took part in HMG's Cyber Discovery programme for the UK which ran from 2017-2021. The community is centered around our discord server, which consists of over 4000 members from an extremely talented, diverse range of backgrounds.

The focus of our server used to be centered around Cyber Discovery; however, over time the scope of our server gradually mutated into something much greater as the programme evolved and was eventually sunset. Now our community hosts a more general student centric chat which leans towards a cyber security crowd but does not exclude other interest areas.

Who Are We?

Naturally, being a student-focused server, a large majority of our members lie within the 16-18 age range and are previous participants of Cyber Discovery or CyberStart residing in the UK or US. We are also home to alumni (ex-participants who have moved on to university and jobs in the industry), club leaders, teachers, parents, and a few official SANS institute instructors/staff members, who have been associated with the program to varying degrees during the time it was active.

Our server primarily accommodates the UK crowd, but if you're from the US, feel free to join as you may still be able to get help in the relevant channels.

Open Source

Discord Bot

This is the community bot for our server. Fetch dates, quotes, level briefings, etc.

Main Site

cyberdiscoverycommunity.uk - Our main site which is built upon Google's web framework.

Android App

Access the full soundboard with the unofficial Cyber Discovery App for Android.

Maths Bot

Gets the current weekly challenge from the Kings College London Maths School.

Elections Bot

Allows us to host staff elections allowing the community to vote on moderators.

Rich Presence

Show what stage and challenge you are attempting and set that as your Discord status.

UK

Event Date Status
Cyber Discovery Year 1-4 Q4 2017 - Q2 2021 Finished

US

Event Date Status
CyberStart America Ongoing Pre-registration 2023 - Register Interest
Cyber FastTrack America Ongoing Register Here

Rules

No discriminatory or adult content

Swearing is allowed, so long as it isn’t malicious. Racism, sexism, and any other form of harassment or offensive comment is not permitted and will be met with punishment.

No Spam

Spam clogs up the channels, and we will take action if you post a large number of messages in a short period of time or post long messages unnecessarily.

Keep spam or shitposting to #overflow

#overflow is still subject to other rules. However, spam, inappropriate discussions, etc to a reasonable extent should be moved here. Mention spam is not acceptable.

Appropriate channels should always be used

For example, memes belong in #memes not #general, and discussion of Cyber Discovery challenges belong in the appropriate CyberStart channels.

No spoilers

This server is for Cyber Discovery, but not for spoiling Cyber Discovery. By giving someone else answers you’re ruining the experience for everyone.

No harassment

Be it sexual or verbal, harassment is not acceptable. This is any targeted action towards someone else with malicious intent.

No unauthorised invite links

A list of authorised invite links can be found on the meta repository.

No enticement of illegal activity

This is not limited to, but includes acts which may break the Computer Misuse Act.

Sanctions

Adult Content/Doxing/Discrimination - Temporary (14 day) / Permanent ban

If the content is entirely unsuitable for the server, you will be banned. Doxing someone else is entirely unacceptable as well, as detailed in the doxing rules. Discriminating someone on the basis of sex, race, etc. will also be met with a ban.

Harassment - Temporary (14 day) / Permanent Ban

Forms of sexual and verbal harassment are entirely unacceptable. Harassing another member on the server and ruining their experience is wrong, and, after being judged on a case-by-case basis, will be punished with a temporary or permanent ban.

Repeated Infractions, Consistent Spam - 3 hour mute

If you receive 3 such mutes, this will escalate to a temporary ban of duration 7 days. If you make another serious infraction soon after this, you will be permanently banned.

Spam, Reposting Deleted Content - Warning, followed by 1h mute if continued

Three of these counts as one 3h mute, and further punishments will be given accordingly. The 1 hour duration can be increased to up to 3 hours depending on whether the offence has been repeated or not.

Information

Be Respectful

Other people are on the other side of a screen, and this server is aimed mostly at young people. Different people often feel differently about various remarks. As moderators, we reserve the right to take action if you're explicitly making someone's experience of the server difficult and miserable. We have a zero-tolerance policy on bullying or harassment, and targeting other members of the server with hurtful or offensive remarks is unacceptable, and will lead to mutes or bans.

Doxing

Do not expose any personal information about other people without express permission. Personal information is any info pertaining to their identity, e.g. locations, names, contact details - anything that is linked to that person. Ask the person in question first. Do not do it if you’re not sure. Do not try and find information that can dox someone else either without their permission either. Releasing your own information means it can be re-quoted. If you say something on the server, unless it is removed then anyone can re-quote it. If you want something deleted, ask a moderator. Do not harass someone else based on their information. Even if it's publicly linked, ask them first before posting it in a public channel.

Reporting a Moderator/Appealing Punishments

If you have a serious complaint to make about a moderator, then DM an @Root in order to get this addressed. Please do not DM unless entirely required. Do not harass a moderator about decisions they make - we reserve the right to make decisions not covered entirely by these rules if the situation requires it. Moderators are @Root and @Sudo and are here to answer any queries you may have in DMs. We can also be DMed in order to appeal punishments. Please note that we are not Cyber Discovery staff - any personal queries regarding the programme should be sent to [email protected], not us. If you have any enquiry to make around the above rules, or wish to discuss a punishment or deletion, we will be happy to discuss the exact reasoning in DMs. Harassing moderators is not acceptable - we are people as well, and any sort of malicious activity towards us, will be met with appropriate punishment.

Suggesting Changes to the Community

If you feel that something on the server could/should be improved, make an issue on the meta repository. This is a platform for constructive discussion around the future of our community - however, this is not the place to appeal punishments or to report moderators so please see below. Response times for meta issues may vary depending on the time of year and ongoing exams.

Practice Challenges

OverTheWire

https://overthewire.org

Wargames offered by the OverTheWire community, which can help you to learn and practice security concepts in the form of fun-filled games.

Hack The Box

https://www.hackthebox.eu

A rapidly growing, massively popular online platform with access to a large number of pen-testing labs and machines. Perfect for practical learning.

TryHackMe

https://tryhackme.com

TryHackMe is a freemium training platform for learning and teaching pre-built courses using virtual machines to practice various techniques.

VulnHub

https://www.vulnhub.com

Community generated vulnerable environments, allowing anyone to gain hands-on experience with digital security, computer applications and network administration tasks.

SmashTheStack

http://smashthestack.org

An ethical hacking environment that supports the simulation of real world software vulnerabilities and allows the use of exploitation techniques.

Exploit Exercises

https://exploit.education/

A variety of challenges to learn about privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering and more.

Learn Concepts

Cybrary

https://www.cybrary.it

Online cyber security training which you can learn anytime, anywhere with open-source, high quality training from top professionals and companies.

Udacity

https://eu.udacity.com

A vast, comprehensive list of free online courses and Nanodegree programmes which range from mastering web design to business tech.

FutureLearn

https://www.futurelearn.com

Online courses from top universities and specialist organisations on cyber security and many other topics at no cost.

Real Python

https://realpython.com

Learn all things Python from the ground up. Everything from the absolute basics of Python, to web development and web scraping, to data visualization, and beyond.

Codecademy

https://www.codecademy.com

An online platform that offers free interactive programming lessons in various different programming languages. Great place to start Python, JS and more.

NSA's COMP3321

https://nsa.sfo2.digitaloceanspaces.com

Dive into the deep end and learn Python the hard way by reading NSA's declassified COMP3321 course which covers Python from start to finish in massive depth and detail.

Techquickie

https://www.youtube.com

Learn the fundamental concepts of computer science explained in a simplified infographic format as quickly as possible in a few minutes.

Learn RE

https://www.begin.re

Learn the basics of x86 and get hands-on experience with reverse engineering from scratch. Conceptually useful for binary reversing CTFs.

CTF Competitions

PicoCTF

https://picoctf.com

High-school CTF created by DEFCON CTF 4-time winning Carnegie Mellon team PPP where participants must reverse, break, hack and decrypt different challenges.

RACTF

https://ractf.co.uk

RACTF is a student-run, extensible, open-source, capture-the-flag event consisting of many different varieties and difficulty levels of challenges.

Reply Challenges

https://challenges.reply.com/

A series of CTF challenges and competitions, where participants compete in teams, with frequent events and prizes.

CTFtime

https://ctftime.org

CTF-related info - current overall Capture The Flag team ratings, per-team statistics, upcoming CTFs, CTF writeups and more.

Useful Tools

Replit

https://repl.it

A free, powerful, and simple online compiler, IDE, interpreter, and REPL. Allows you to Code, compile, and run code in 30+ programming languages.

DVWA

https://github.com

Damn Vulnerable Web Application is a web application that allows you to test common web vulnerabilities in a safe and legal environment.

OWASP Cheatsheets

https://cheatsheetseries.owasp.org

OWASP Cheat Sheet Series provide a concise collection of high value information on specific web/application security topics. Created by experienced professionals.

Mitre Att&ck

https://attack.mitre.org

Accessible knowledge base of adversary tactics and techniques based on real-world observations used for development of threat models and methodologies.

Pythonanywhere

https://www.pythonanywhere.com/

Free access to AWS micro tier instances with a full Python environment and batteries included. Develop & host your website or code directly from your browser.

GitHub Student

https://education.github.com

Learn to ship software like a pro. If you have a school, university or education email, you can get access to over 100+ tools and benefits for free!

YouTube Channels

LiveOverflow

https://www.youtube.com

Take a deep dive into topics such as reverse-engineering, XSS, pen-testing, malware analysis, exploring weird machines and much more.

Hak5

https://www.youtube.com

Thousands of videos on various infosec topics and news, hosted by the famous members of Hak5: Darren, Shannon and Mubix.

Seytonic

https://www.youtube.com

A variety of ethical-hacking related tutorials, diy projects, raspberry pi mods, arduino hacks and cyber security news created by Jhonti.

IppSec

https://www.youtube.com

A collection of detailed HackTheBox video walkthroughs, showing the methodology of attempting the challenge from start to finish for current and past boxes.

TechLinked

https://www.youtube.com

They say cyber security and tech news go hand in hand. Learn about the latest developments in technology in 10 minutes or so.

13Cubed

https://www.youtube.com

Information security-related videos on Digital Forensics & Incident Response, Penetration Testing, overviews of various apps, scripts and more.

Real Engineering

https://www.youtube.com

Interesting answers to simple questions, in-depth breakdowns of how the challenges in our world are being solved.

LinusTechTips

https://www.youtube.com

Insightful videos on current consumer technology, often exploring the boundaries of and indulging in creative projects, PC builds, unboxings and more.

Interesting Blogs

Cloudflare

https://blog.cloudflare.com

Cloudflare is a web performance and security company that deploy some of the world's fastest infrastructure to keep the internet running smoothly, learn about their endeavours here.

Malwarebytes

https://blog.malwarebytes.com

Read about the latest cyber security news around the world, with weekly summaries of the current threats, APT activity and more from Malwarebytes.

Akamai

https://blogs.akamai.com

Akamai focuses on security, content distribution networks, and internet performance. Their blog has news, insight and perspectives on living and working in a hyperconnected world.

Threatpost

https://threatpost.com

An independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.

Project Zero

https://googleprojectzero.blogspot.com

Project Zero is a team of security analysts employed by Google tasked with finding zero-day vulnerabilities. View their detailed posts and findings here.

Troy Hunt

https://www.troyhunt.com

Blog with weekly updates from Troy Hunt, creator of HaveIBeenPwned, Microsoft Regional Director and MVP. No man has seen more data breaches than Troy.

Fascinating Podcasts

Darknet Diaries

https://darknetdiaries.com

This is a gripping podcast about hackers, breaches, shadow government activity, hacktivism, cybercrime, and all the things that dwell on the hidden parts of the network.

Smashing Security

https://podcasts.google.com

A helpful and hilarious take on the week's tech SNAFUs. Graham Cluley and Carole Theriault chat with guests about cybercrime, hacking, and online privacy.

Malicious Life

https://podcasts.google.com

Malicious Life tells the unknown stories of the history of cybersecurity, with comments and reflections by real hackers, security experts, journalists & politicians.

Check Point

https://podcasts.google.com

Narrated by Ran Levi of Malicious Life, following Check Point's Threat Intelligence Group as they scour the internet for new threats and vulnerabilities.
Role Description
Root Server Administrator
Sudo Server Moderator
Agent J Agent J himself
Official Cyber Discovery Staff Staff from the Cyber Discovery program
Community Developer Made significant contributions to the community GitHub projects
Veteran - 2018/2019/2020/2021 Qualified for CyberStart Elite in 2018/2019/2020/2021
Quote Czar Have the ability to quote messages in #quotes
Level [1-75] Automatically assigned roles for MEE6 levels
Year [9-13] Corresponding school years
Technically Adults Those who are now older than any of the year roles
Trusted Can use external emoji, control Rythm and post embeds
Nitro Booster Those who have boosted our server allowing us to gain additional features
Partner Server From a server linked with or related to ours
For Your Own Protection Moderation role to hide all channels
Muted Cannot speak in any channel
Announcements Gets pinged when anything important is announced
Gaming Announcements Gets pinged for upcoming activity nights and gaming events

How do I get a role?

This depends on the role(s) in question. With roles such as Trusted and Quote Czar, this is applied and taken away at the discretion of the mods. You will therefore need to DM a mod asking for this, stating why you want it.

Where do I ask about a particular challenge?

You can use the remaining #cyberstart channel which is a catch all for all things relating to programme challenges. To bring up the brief for a level, use ":l h 1 1" (first HQ challenge for example). Please keep in mind that when asking the question, you should refrain from posting your methodology. Spoilers and hints which are too specific are also not allowed and may be subject to deletion.

How do I ask something about Cyber Discovery?

If it's a simple question such as what happened during the course of the programme or information regarding a particular past event, the members on our server should be more than happy to clarify it for you. However, if this is something that is specific to your circumstances or a question which requires an official response, you will need to email support with your query. Please note that the official Cyber Discovery staff or SANS instructors cannot help you here, and you should not ping them with a question like this.

What are activity nights?

Activity nights are where we accumulate in a voice chat channel, play a game and generally have some fun. It's usually run by a Root/Sudo, who acts as the party leader. The games that we play are mostly free to play titles, which are undemanding on hardware, so anyone can join in if they wish. If you want to take part in such an event, please ensure that you have the @Gaming Announcements role, which means you will be notified if we schedule such an event in the future.

How long did this programme run for?

Cyber Discovery was launched in 2017 as a four-year programme, funded and supported by the Department for Digital, Culture, Media and Sport (DCMS) as part of the UK National Cyber Security Strategy. The programme ended on June 30th 2021. According to the offical website, DCMS have announced their intention to procure another National Cyber Schools Programme that will launch later at an unspecified date.

What are year roles and pathways?

Year roles are self assignable roles, which you can assign by heading over to the #bot-commands channel and typing out the relevant command to do so. This is DMed to you once you join initially. They give you access to a channel with your peers for year relevant discussion. Pathways is also a self assignable role which gives you access to the pathways channel. This is intended so you can ask those in higher years about their experiences with things like examinations and choosing a university and a degree course to best suit you.

Who do I ask if I have a question about the server?

You can ask anyone who has the @Sudo or @Root role. There should be some members with those roles online most times of day. These roles are pingable, but unless it's an urgent question or you have something immediate, you are encouraged to ping individual members instead. If they cannot answer your question, they will escalate to their peers in the relevant internal channels. If one sudo/root isn't available, please try pinging or DMing another one.

Where do I appeal a ban?

The current recommended method of appealing a ban is by directly sending a DM to a @Root member. If you don't have their Discord details, feel free to create an Issue in the Meta GitHub repository on the GitHub page and a Root member should be in touch. However, please note this is not a place for appealing bans, so don't write your ban appeal there.

Who is Agent Q?

We're not sure; no one knows really. We continue our search each year but turn up empty handed. Perhaps with the JWST we will have a better chance ;)

THIS WEBSITE IS NOT AFFILIATED, DESIGNED, DEVELOPED OR ENDORSED BY SANS INSTITUTE OR CYBER DISCOVERY

This website was solely developed by the members of the Cyber Discovery Discord community. All content on this website is already publicly available. If you are a contributor and have content here that you want removed, please get in touch by private-messaging someone on our Discord server who possesses the 'Community Developer' role.

EVERYTHING ON THIS WEBSITE IS INTENDED FOR EDUCATIONAL PURPOSES

All the content here is intended for educational purposes under fair use (e.g. to demonstrate learning resources for students). If you are the creator/owner of something, and want it removed from this website, please create an issue on GitHub, and the members of our community will take action on it rapidly.

THIS WEBSITE USES MATERIAL COMPONENTS FOR THE WEB

Material Components for the web is the successor to Material Design Lite. It provides modular and customizable Material Design UI components for the web, which have also been used in creating this site. MDC-WEB is licensed under the MIT License, who's only condition is to include a copyright notice and a copy of the license, which can be found by clicking the appropriate button below.
  • eohomegrownapps A gifted person who contributed code and helped fix a major issue.
  • Lightspeedana An incredibly talented individual who contributed code, design and layout ideas.
  • Picapi Valuable contributor and skilled fellow student studying Computer Science
  • Bottersnike Web-dev extraordinaire who has an immense amount of knowledge for everything!
  • thebeanogamer The guy in charge of everything and quite the gamer. Kept you waiting huh?
  • Segway The terminator of typos and a great guy in general. Not to mention, likes Pokemon
  • Bax Cat lover and amazing guy who helped with layout, code and inspiration
  • Alphex Helped source the assets and layout for the site
  • BritMonkey The original unofficially offical purveyor of Lynery and a master graphic designer. XD
  • Linucks Hey that's me! I'm just trying to comprehend this complex world, one step at a time.
Hey there!