Welcome!
We're a friendly, growing community of students taking part in Cyber Discovery and SANS' CyberStart family of programmes. Our community is mainly centered around a discord server consisting of over 3500+ members from a multi-talented, diverse range of backgrounds.
Although the focus of our server is cyber security and learning based, our members carry out insightful discussions on a range of subjects including STEM fields, media, gaming and computer hardware. Whether you're looking for pointers, hints or guidance on particular challenges, student run capture the flag events or more. It's a great place to hang out casually!
Who Are We?
The majority of the members on our server are students who fall within the 13-18 age range and are participants of one of the mentioned cyber security programmes. However, we are also home to alumni (those who have participated previously and have moved on to university and jobs), club leaders, teachers, parents and last but not least, official SANS institute staff who are associated with the programmes to varying degrees.
Our server primarily accommodates the UK demographic, but if you're from the US, feel free to join us! Whilst you're here, you may wish to check out some of our cool open source projects!
Open Source
Discord Bot
This is the community bot for our server. Fetch dates, quotes, level briefings, etc.
Main Site
cyberdiscoverycommunity.uk - Our site which is built upon Google's web framework.
Android App
Never miss a deadline again with the unofficial Cyber Discovery App for Android.
Maths Bot
Posts the current weekly challenge from the Kings College London Maths School.
Elections Bot
Allows us to host staff elections allowing the community to vote on moderators.
Rich Presence
Show what stage and challenge you are attempting and set that as your Discord status.
UK
| Event | Date | Status |
|---|---|---|
| CyberStart Elite Online Year 3 | 27th-31st July / 3rd-7th August 2020 | Finished |
| Elite Talent Development Programme | Q3 2019 - Q4 2020 | Finished |
| CyberStart Assess Year 4 | 2nd June – 30th September 2020 | Finished |
| CyberStart Game Year 4 | 2nd June 2020 – 31st March 2021 | Ongoing |
| CyberStart Essentials Year 4 | 15th September 2020 – 31st March 2021 | Ongoing |
| Virtual Cyber School | 31st August 2020 (Reg closes 1st August) | Finished |
US
| Event | Date | Status |
|---|---|---|
| Girls Go CyberStart Game | February 10 – June 30, 2020 | Finished |
| Girls Go CyberStart Compete | May 20 – May 21, 2020 | Finished (Winners) |
| Cyber FastTrack | Spring 2020 - 2021? | In Progress |
Rules
No discriminatory or adult content
Swearing is allowed, so long as it isn’t malicious. Racism, sexism, and any other form of harassment or offensive comment is not permitted and will be met with punishment.
No Spam
Spam clogs up the channels, and we will take action if you post a large number of messages in a short period of time or post long messages unnecessarily.
Keep spam or shitposting to #overflow
#overflow is still subject to other rules. However, spam, inappropriate discussions, etc to a reasonable extent should be moved here. Mention spam is not acceptable.
Appropriate channels should always be used
For example, memes belong in #memes not #general, and discussion of Cyber Discovery challenges belong in the appropriate CyberStart channels.
No spoilers
This server is for Cyber Discovery, but not for spoiling Cyber Discovery. By giving someone else answers you’re ruining the experience for everyone.
No harassment
Be it sexual or verbal, harassment is not acceptable. This is any targeted action towards someone else with malicious intent.
No unauthorised invite links
A list of authorised invite links can be found on the meta repository.
No enticement of illegal activity
This is not limited to, but includes acts which may break the Computer Misuse Act.
Sanctions
Adult Content/Doxing/Discrimination - Temporary (14 day) / Permanent ban
If the content is entirely unsuitable for the server, you will be banned. Doxing someone else is entirely unacceptable as well, as detailed in the doxing rules.
Discriminating someone on the basis of sex, race, etc. will also be met with a ban.
Harassment - Temporary (14 day) / Permanent Ban
Forms of sexual and verbal harassment are entirely unacceptable. Harassing another member on the server and ruining their experience is wrong,
and, after being judged on a case-by-case basis, will be punished with a temporary or permanent ban.
Repeated Infractions, Consistent Spam - 3 hour mute
If you receive 3 such mutes, this will escalate to a temporary ban of duration 7 days. If you make another serious infraction soon after this, you will be permanently banned.
Spam, Reposting Deleted Content - Warning, followed by 1h mute if continued
Three of these counts as one 3h mute, and further punishments will be given accordingly. The 1 hour duration can be increased to up to 3 hours depending on whether the offence has been repeated or not.
Information
Be Respectful
Other people are on the other side of a screen, and this server is aimed mostly at young people. Different people often feel differently about various remarks. As moderators, we reserve the right to take action if you're explicitly making someone's experience of the server difficult and miserable. We have a zero-tolerance policy on bullying or harassment, and targeting other members of the server with hurtful or offensive remarks is unacceptable, and will lead to mutes or bans.
Doxing
Do not expose any personal information about other people without express permission.
Personal information is any info pertaining to their identity, e.g. locations, names, contact details - anything that is linked to that person.
Ask the person in question first. Do not do it if you’re not sure. Do not try and find information that can dox someone else either without their permission either.
Releasing your own information means it can be re-quoted. If you say something on the server, unless it is removed then anyone can re-quote it. If you want something deleted, ask a moderator.
Do not harass someone else based on their information. Even if it's publicly linked, ask them
first before posting it in a public channel.
Reporting a Moderator/Appealing Punishments
If you have a serious complaint to make about a moderator, then DM an @Root in order to get this addressed. Please do not DM unless entirely required.
Do not harass a moderator about decisions they make - we reserve the right to make decisions not covered entirely by these rules if the situation requires it.
Moderators are @Root and @Sudo and are here to answer any queries you may have in DMs. We can also be DMed in order to appeal punishments.
Please note that we are not Cyber Discovery staff - any personal queries regarding the program should be sent to [email protected], not us.
If you have any enquiry to make around the above rules, or wish to discuss a punishment or deletion, we will be happy to discuss the exact reasoning in DMs.
Harassing moderators is not acceptable - we are people as well, and any sort of malicious activity towards us, will be met with appropriate punishment.
Suggesting Changes to the Community
If you feel that something on the server could/should be improved, make an issue on the meta repository. This is a platform for constructive discussion around the future of our community - however, this is not the place to appeal punishments or to report moderators so please see below.
Response times for meta issues may vary depending on the time of year and ongoing exams.
Practice Challenges
OverTheWire
https://overthewire.org
Wargames offered by the OverTheWire community, which can help you to learn and practice security concepts in the form of fun-filled games.
Hack The Box
https://www.hackthebox.eu
A rapidly growing, massively popular online platform of 330k+ users with access to a large number of pen-testing labs and machines. Perfect for practical learning.
TryHackMe
https://tryhackme.com
TryHackMe is a freemium training platform for learning and teaching pre-built courses using virtual machines to practice various techniques.
VulnHub
https://www.vulnhub.com
Community generated vulnerable environments, allowing anyone to gain hands-on experience with digital security, computer applications and network administration tasks.
SmashTheStack
http://smashthestack.org
An ethical hacking environment that supports the simulation of real world software vulnerabilities and allows the use of exploitation techniques.
Exploit Exercises
https://exploit-exercises.lains.space
A variety of challenges to learn about privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering and more.
Learn Concepts
Cybrary
https://www.cybrary.it
Online cyber security training which you can learn anytime, anywhere with open-source, high quality training from top professionals and companies.
Udacity
https://eu.udacity.com
A vast, comprehensive list of free online courses and Nanodegree programmes which range from mastering web design to business tech.
FutureLearn
https://www.futurelearn.com
Online courses from top universities and specialist organisations on cyber security and many other topics at no cost.
Real Python
https://realpython.com
Learn all things Python from the ground up. Everything from the absolute basics of Python, to web development and web scraping, to data visualization, and beyond.
Codecademy
https://www.codecademy.com
An online platform that offers free interactive programming lessons in various different programming languages. Great place to start Python, JS and more.
NSA's COMP3321
https://nsa.sfo2.digitaloceanspaces.com
Learn Python the hard way by reading NSA's declassified COMP3321 course which covers Python from start to finish in massive depth and detail.
Techquickie
https://www.youtube.com
Learn the fundamental concepts of computer science explained in a simplified infographic format as quickly as possible in a few minutes.
Learn RE
https://www.begin.re
Learn the basics of x86 and get hands-on experience with reverse engineering from scratch. Extremely useful for binary reversing CTFs.
CTF Competitions
PicoCTF
https://picoctf.com
High-school CTF created by DEFCON CTF 4-time winning Carnegie Mellon team PPP where participants must reverse, break, hack and decrypt different challenges.
RACTF
https://ractf.co.uk
RACTF is a student-run, extensible, open-source, capture-the-flag event consisting of many different varieties and difficulty levels of challenges.
Reply Challenges
https://challenges.reply.com/
A series of CTF challenges and competitions, where participants compete in teams, with frequent events and prizes.
CTFtime
https://ctftime.org
CTF-related info - current overall Capture The Flag team ratings, per-team statistics, upcoming CTFs, CTF writeups and more.
Useful Tools
Replit
https://repl.it
A free, powerful, and simple online compiler, IDE, interpreter, and REPL. Allows you to Code, compile, and run code in 30+ programming languages.
DVWA
https://github.com
Damn Vulnerable Web Application is a web application that allows you to test common web vulnerabilities in a safe and legal environment.
OWASP Cheatsheets
https://cheatsheetseries.owasp.org
OWASP Cheat Sheet Series provide a concise collection of high value information on specific web/application security topics. Created by experienced professionals.
Mitre Att&ck
https://attack.mitre.org
Accessible knowledge base of adversary tactics and techniques based on real-world observations used for development of threat models and methodologies.
Pythonanywhere
https://www.pythonanywhere.com/
Free access to AWS micro tier instances with a full Python environment and batteries included. Develop & host your website or code directly from your browser.
GitHub Student
https://education.github.com
Learn to ship software like a pro. If you have a school, university or education email, you can get access to over 100+ tools and benefits for free!
YouTube Channels
LiveOverflow
https://www.youtube.com
Take a deep dive into topics such as reverse-engineering, XSS, pen-testing, malware analysis, exploring weird machines and much more.
Hak5
https://www.youtube.com
Thousands of videos on various infosec topics and news, hosted by the famous members of Hak5: Darren, Shannon and Mubix.
Seytonic
https://www.youtube.com
A variety of ethical-hacking related tutorials, diy projects, raspberry pi mods, arduino hacks and cyber security news created by Jhonti.
IppSec
https://www.youtube.com
A collection of detailed HackTheBox video walkthroughs, showing the methodology of attempting the challenge from start to finish for current and past boxes.
TechLinked
https://www.youtube.com
They say cyber security and tech news go hand in hand. Learn about the latest developments in technology in 10 minutes or so.
13Cubed
https://www.youtube.com
Information security-related videos on Digital Forensics & Incident Response, Penetration Testing, overviews of various apps, scripts and more.
Null Byte
https://www.youtube.com
A series of videos demonstrating how to utilise various tools, techniques and operating systems for aspiring ethical hackers.
JackkTutorials
https://www.youtube.com
Video tutorials explaining a range of topics, CTF walkthroughs and demonstrations of various tools in an easy-to-understand format.
MAFH
https://www.youtube.com
Get started with malware analysis and reverse engineering by watching a malware analyst unpack and explain real-world malware.
LinusTechTips
https://www.youtube.com
Insightful videos on current consumer technology, often exploring the boundaries of and indulging in creative projects, PC builds, unboxings and more.
Interesting Blogs
Cloudflare
https://blog.cloudflare.com
Cloudflare is a web performance and security company that deploy some of the world's fastest infrastructure to keep the internet running smoothly, learn about their endeavours here.
Malwarebytes
https://blog.malwarebytes.com
Read about the latest cyber security news around the world, with weekly summaries of the current threats, APT activity and more from Malwarebytes.
Akamai
https://blogs.akamai.com
Akamai focuses on security, content distribution networks, and internet performance. Their blog has news, insight and perspectives on living and working in a hyperconnected world.
Threatpost
https://threatpost.com
An independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.
Project Zero
https://googleprojectzero.blogspot.com
Project Zero is a team of security analysts employed by Google tasked with finding zero-day vulnerabilities. View their detailed posts and findings here.
Troy Hunt
https://www.troyhunt.com
Blog with weekly updates from Troy Hunt, creator of HaveIBeenPwned, Microsoft Regional Director and MVP. No man has seen more data breaches than Troy.
Fascinating Podcasts
Darknet Diaries
https://darknetdiaries.com
This is a gripping podcast about hackers, breaches, shadow government activity, hacktivism, cybercrime, and all the things that dwell on the hidden parts of the network.
Smashing Security
https://podcasts.google.com
A helpful and hilarious take on the week's tech SNAFUs. Graham Cluley and Carole Theriault chat with guests about cybercrime, hacking, and online privacy.
Malicious Life
https://podcasts.google.com
Malicious Life tells the unknown stories of the history of cybersecurity, with comments and reflections by real hackers, security experts, journalists & politicians.
Check Point
https://podcasts.google.com
Narrated by Ran Levi of Malicious Life, following Check Point's Threat Intelligence Group as they scour the internet for new threats and vulnerabilities.
| Role | Description |
|---|---|
| Root | Server Administrator |
| Sudo | Server Moderator |
| Agent J | Agent J himself |
| Official Cyber Discovery Staff | Staff from the Cyber Discovery program |
| Community Developer | Made significant contributions to the community GitHub projects |
| True 100% | Completed all of CyberStart Assess, Game, and Essentials |
| 100 Percent | Completed all of CyberStart Game |
| Elite Online | Those who have been selected for Elite Online 2020 |
| Elite Online - FOR500 | Those confirmed doing FOR500 for Elite Online |
| Elite Online - SEC503 | Those confirmed doing SEC503 for Elite Online |
| Elite Online - SEC504 | Those confirmed doing SEC504 for Elite Online |
| Elite Online - EHF | Those confirmed doing Ethical Hacking Fundamentals for Elite Online |
| Veteran - 2018/2019 | Qualified for CyberStart Elite in 2018/2019 |
| Forensicator | Completed FOR500 course and passed GCFE exam |
| Cyberist | Completed SEC504 course and passed GCIH exam |
| Elite Talent Development | Participating in the Elite Talent Development Programme |
| CCC | Invited to Cyber Discovery Content Creators Club |
| HQ | Completed the headquarters base from CyberStart Game |
| Moonbase | Completed moon base from CyberStart Game |
| Forensics | Completed forensics base from CyberStart Game |
| Volcano | Completed volcano base from CyberStart Game |
| Quote Czar | Have the ability to quote messages in #quotes |
| Level [1-80] | Automatically assigned roles for MEE6 levels |
| Year [9-13] | Corresponding school years |
| Technically Adults | Those who are now older than any of the year roles |
| Trusted | Can use external emoji and control Rythm |
| Nitro Booster | Those who have boosted our server allowing us to gain additional features |
| Club Leader | Restricted access for Cyber Discovery club leaders |
| Partner Server | From a server linked with or related to ours |
| For Your Own Protection | Moderation role to hide all channels |
| Probation | Can only access certain few channels and under monitoring |
| Muted | Cannot speak in any channel |
| Announcements | Gets pinged when anything important is announced |
| Gaming Announcements | Gets pinged for upcoming activity nights and gaming events |
How do I get a role?
This depends on the role(s) in question. To claim Elite and base roles (such as HQ, Moon or Forensics) you will need to DM a Root/Sudo
with a video of you refreshing the main page showing you have 100% completion on that base or a screenshot of the Elite invite email. With other roles such as Trusted and Quote Czar, this is given
at the discretion of the mods. You will therefore need to DM a mod asking for this.
Where do I ask about a particular challenge?
You can use the relevant #Cyberstart, #HQ, #Moonbase, #Forensics or #Volcano channels. To bring up the brief for a level, use ":l h 1 1" (first HQ challenge for example). Please keep in mind that
when asking the question, you should refrain from posting your methodology. Spoilers and hints which are too specific are also not allowed and may be subject to deletion. Use the ":fm" command to
link to the field manual.
How do I ask something about Cyber Discovery?
If it's a simple question such as the opening/closing dates or information regarding a particular stage or event, the members on our server should be more than happy to clarify it for you.
However, if this is something that is specific to your circumstances or a question which requires an official response, you will need to email support with your query. Please note that the official cyber discovery staff cannot help you here, and you should not ping them with a question like this.
What are activity nights?
Activity nights are where we accumulate in a voice chat channel, play a game and generally have some fun. It's usually run by a Root/Sudo, who acts as the party leader.
The games that we play are mostly free to play titles, which are undemanding on hardware, so anyone can join in if they wish. If you want to take part in such an event, please
ensure that you have the @Gaming Announcements role, which means you will be notified if we schedule such an event in the future.
How long has this programme been running for?
Cyber Discovery stems from the SANS CyberStart family of programmes and opened for it's first intake for Assess in late 2017. This means it's been 3 years running, and the 4th year
intake is now open. Many of the members on our server have been around for these 3 years and have witnessed the rapid growth of this programme and the server along the way, as well
as taking part and attending Elite events each year. Although we don't know how long this will continue for, we believe the initial contract for this was for 4 years by the UK government.
What are year roles and pathways?
Year roles are self assignable roles, which you can assign by heading over to the #bot-commands channel and typing out the relevant command to do so. This is DMed to you once you join
initially. They give you access to a channel with your peers for year relevant discussion. Pathways is also a self assignable role which gives you access to the pathways channel. This is
intended so you can ask those in higher years about their experiences with things like examinations and choosing a university and a degree course to best suit you.
Who do I ask if I have a question about the server?
You can ask anyone who has the @Sudo or @Root role. There should be some members with those roles online most of the time of day. These roles are pingable, but unless it's an urgent question
or you have something immediate to report (such as flag posting or spoilers), you are encouraged to ping individual members instead. If they cannot answer your question, they will escalate to
their peers. If one sudo/root isn't available, please try pinging or DMing another one.
Where do I appeal a ban?
The current recommended method of appealing a ban is by directly DMing an @Root member. If you don't have their Discord details, feel free to create an Issue in the Meta GitHub repository on the
GitHub page and a Root member should be in touch. However, please note this is not a place for appealing bans, so don't write your ban appeal there. We are currently in the process
of moving this to a platform like Google Forms where a form can be filled for this purpose.
How do I get the community developer role?
In order to get the community developer role, you will need to make a contribution to one of our GitHub projects or create a compelling new one.
To start, you can head over to the one of the repositories and see what active issues that project might have which requires resolving. To contribute, you will need to
setup Git in your dev environment, installing
any required tools from the README such as Poetry and
Pyenv. From there, you need to
fork the project, make the changes in a
separate branch
and create a pull request.
What is the Cyberist/Forensicator role?
Those who performed well in the programme and those were called to the Elite stage were invited to attend SANS instructor-led course training events and had the opportunity to sit for a GIAC exam
based on the SANS course they chose. Cyberists are those who attended a SEC504 Course and subsequently passed the corresponding GCIH exam. Forensicators took the FOR500 course and passed
the GCFE exam. For Elite Online 2020 we also had SEC503, a corresponding role may be added in the future.
Who is Agent Q?
No one knows really. There are some mysteries of the universe which will always remain just that, regardless of how much you search ;)
THIS WEBSITE IS NOT AFFILIATED, DESIGNED, DEVELOPED OR ENDORSED BY SANS INSTITUTE OR CYBER DISCOVERY
This website was solely developed by the members of the Cyber Discovery Discord community. All content on this website is already publicly available.
If you are a contributor and have content here that you want removed, please get in touch by private-messaging someone on our Discord server who possesses the 'Community Developer' role.
EVERYTHING ON THIS WEBSITE IS INTENDED FOR EDUCATIONAL PURPOSES
All the content here is intended for educational purposes under fair use (e.g. to demonstrate learning resources for students).
If you are the creator/owner of something, and want it removed from this website, please create an issue on GitHub, and the members of our community will take action on it rapidly.
THIS WEBSITE USES MATERIAL COMPONENTS FOR THE WEB
Material Components for the web is the successor to Material Design Lite. It provides modular and customizable Material Design UI components for the web,
which have also been used in creating this site. MDC-WEB is licensed under the MIT License, who's only condition is to include a copyright notice and a copy of the license,
which can be found by clicking the appropriate button below.
- eohomegrownapps A gifted person who contributed code and helped fix a major issue.
- Lightspeedana An incredibly talented individual who contributed code, design and layout ideas.
- Picapi Valuable contributor and skilled fellow student studying Computer Science
- Bottersnike Web-dev extraordinaire who has an immense amount of knowledge for everything!
- thebeanogamer The guy in charge of everything and quite the gamer. Kept you waiting huh?
- Segway The terminator of typos and a great guy in general. Not to mention, likes Pokemon
- Bax Cat lover and amazing guy who helped with layout, code and inspiration
- Alphex Helped source the assets and layout for the site
- BritMonkey The original unofficially offical purveyor of Lynery and a master graphic designer. XD
- Linucks Hey that's me! I'm just trying to comprehend this complex world, one step at a time.