Welcome!
We are a large community of students who took part in HMG's Cyber Discovery programme for the UK which ran from 2017-2021. The community is centered around our discord server, which consists of over 4000 members from an extremely talented, diverse range of backgrounds.
The focus of our server used to be centered around Cyber Discovery; however, over time the scope of our server gradually mutated into something much greater as the programme evolved and was eventually sunset. Now our community hosts a more general student centric chat which leans towards a cyber security crowd but does not exclude other interest areas.
Who Are We?
Naturally, being a student-focused server, a large majority of our members lie within the 16-18 age range and are previous participants of Cyber Discovery or CyberStart residing in the UK or US. We are also home to alumni (ex-participants who have moved on to university and jobs in the industry), club leaders, teachers, parents, and a few official SANS institute instructors/staff members, who have been associated with the program to varying degrees during the time it was active.
Our server primarily accommodates the UK crowd, but if you're from the US, feel free to join as you may still be able to get help in the relevant channels.
Open Source
Discord Bot
This is the community bot for our server. Fetch dates, quotes, level briefings, etc.
Main Site
cyberdiscoverycommunity.uk - Our main site which is built upon Google's web framework.
Android App
Access the full soundboard with the unofficial Cyber Discovery App for Android.
Maths Bot
Gets the current weekly challenge from the Kings College London Maths School.
Elections Bot
Allows us to host staff elections allowing the community to vote on moderators.
Rich Presence
Show what stage and challenge you are attempting and set that as your Discord status.
UK
| Event | Date | Status |
|---|---|---|
| Cyber Discovery Year 1-4 | Q4 2017 - Q2 2021 | Finished |
US
| Event | Date | Status |
|---|---|---|
| CyberStart America | Ongoing | Pre-registration 2023 - Register Interest |
| Cyber FastTrack America | Ongoing | Register Here |
Rules
No discriminatory or adult content
Swearing is allowed, so long as it isn’t malicious. Racism, sexism, and any other form of harassment or offensive comment is not permitted and will be met with punishment.
No Spam
Spam clogs up the channels, and we will take action if you post a large number of messages in a short period of time or post long messages unnecessarily.
Keep spam or shitposting to #overflow
#overflow is still subject to other rules. However, spam, inappropriate discussions, etc to a reasonable extent should be moved here. Mention spam is not acceptable.
Appropriate channels should always be used
For example, memes belong in #memes not #general, and discussion of Cyber Discovery challenges belong in the appropriate CyberStart channels.
No spoilers
This server is for Cyber Discovery, but not for spoiling Cyber Discovery. By giving someone else answers you’re ruining the experience for everyone.
No harassment
Be it sexual or verbal, harassment is not acceptable. This is any targeted action towards someone else with malicious intent.
No unauthorised invite links
A list of authorised invite links can be found on the meta repository.
No enticement of illegal activity
This is not limited to, but includes acts which may break the Computer Misuse Act.
Sanctions
Adult Content/Doxing/Discrimination - Temporary (14 day) / Permanent ban
If the content is entirely unsuitable for the server, you will be banned. Doxing someone else is entirely unacceptable as well, as detailed in the doxing rules.
Discriminating someone on the basis of sex, race, etc. will also be met with a ban.
Harassment - Temporary (14 day) / Permanent Ban
Forms of sexual and verbal harassment are entirely unacceptable. Harassing another member on the server and ruining their experience is wrong,
and, after being judged on a case-by-case basis, will be punished with a temporary or permanent ban.
Repeated Infractions, Consistent Spam - 3 hour mute
If you receive 3 such mutes, this will escalate to a temporary ban of duration 7 days. If you make another serious infraction soon after this, you will be permanently banned.
Spam, Reposting Deleted Content - Warning, followed by 1h mute if continued
Three of these counts as one 3h mute, and further punishments will be given accordingly. The 1 hour duration can be increased to up to 3 hours depending on whether the offence has been repeated or not.
Information
Be Respectful
Other people are on the other side of a screen, and this server is aimed mostly at young people. Different people often feel differently about various remarks. As moderators, we reserve the right to take action if you're explicitly making someone's experience of the server difficult and miserable. We have a zero-tolerance policy on bullying or harassment, and targeting other members of the server with hurtful or offensive remarks is unacceptable, and will lead to mutes or bans.
Doxing
Do not expose any personal information about other people without express permission.
Personal information is any info pertaining to their identity, e.g. locations, names, contact details - anything that is linked to that person.
Ask the person in question first. Do not do it if you’re not sure. Do not try and find information that can dox someone else either without their permission either.
Releasing your own information means it can be re-quoted. If you say something on the server, unless it is removed then anyone can re-quote it. If you want something deleted, ask a moderator.
Do not harass someone else based on their information. Even if it's publicly linked, ask them
first before posting it in a public channel.
Reporting a Moderator/Appealing Punishments
If you have a serious complaint to make about a moderator, then DM an @Root in order to get this addressed. Please do not DM unless entirely required.
Do not harass a moderator about decisions they make - we reserve the right to make decisions not covered entirely by these rules if the situation requires it.
Moderators are @Root and @Sudo and are here to answer any queries you may have in DMs. We can also be DMed in order to appeal punishments.
Please note that we are not Cyber Discovery staff - any personal queries regarding the programme should be sent to [email protected], not us.
If you have any enquiry to make around the above rules, or wish to discuss a punishment or deletion, we will be happy to discuss the exact reasoning in DMs.
Harassing moderators is not acceptable - we are people as well, and any sort of malicious activity towards us, will be met with appropriate punishment.
Suggesting Changes to the Community
If you feel that something on the server could/should be improved, make an issue on the meta repository. This is a platform for constructive discussion around the future of our community - however, this is not the place to appeal punishments or to report moderators so please see below.
Response times for meta issues may vary depending on the time of year and ongoing exams.
Practice Challenges
OverTheWire
https://overthewire.org
Wargames offered by the OverTheWire community, which can help you to learn and practice security concepts in the form of fun-filled games.
Hack The Box
https://www.hackthebox.eu
A rapidly growing, massively popular online platform with access to a large number of pen-testing labs and machines. Perfect for practical learning.
TryHackMe
https://tryhackme.com
TryHackMe is a freemium training platform for learning and teaching pre-built courses using virtual machines to practice various techniques.
VulnHub
https://www.vulnhub.com
Community generated vulnerable environments, allowing anyone to gain hands-on experience with digital security, computer applications and network administration tasks.
SmashTheStack
http://smashthestack.org
An ethical hacking environment that supports the simulation of real world software vulnerabilities and allows the use of exploitation techniques.
Exploit Exercises
https://exploit.education/
A variety of challenges to learn about privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering and more.
Learn Concepts
Cybrary
https://www.cybrary.it
Online cyber security training which you can learn anytime, anywhere with open-source, high quality training from top professionals and companies.
Udacity
https://eu.udacity.com
A vast, comprehensive list of free online courses and Nanodegree programmes which range from mastering web design to business tech.
FutureLearn
https://www.futurelearn.com
Online courses from top universities and specialist organisations on cyber security and many other topics at no cost.
Real Python
https://realpython.com
Learn all things Python from the ground up. Everything from the absolute basics of Python, to web development and web scraping, to data visualization, and beyond.
Codecademy
https://www.codecademy.com
An online platform that offers free interactive programming lessons in various different programming languages. Great place to start Python, JS and more.
NSA's COMP3321
https://nsa.sfo2.digitaloceanspaces.com
Dive into the deep end and learn Python the hard way by reading NSA's declassified COMP3321 course which covers Python from start to finish in massive depth and detail.
Techquickie
https://www.youtube.com
Learn the fundamental concepts of computer science explained in a simplified infographic format as quickly as possible in a few minutes.
Learn RE
https://www.begin.re
Learn the basics of x86 and get hands-on experience with reverse engineering from scratch. Conceptually useful for binary reversing CTFs.
CTF Competitions
PicoCTF
https://picoctf.com
High-school CTF created by DEFCON CTF 4-time winning Carnegie Mellon team PPP where participants must reverse, break, hack and decrypt different challenges.
RACTF
https://ractf.co.uk
RACTF is a student-run, extensible, open-source, capture-the-flag event consisting of many different varieties and difficulty levels of challenges.
Reply Challenges
https://challenges.reply.com/
A series of CTF challenges and competitions, where participants compete in teams, with frequent events and prizes.
CTFtime
https://ctftime.org
CTF-related info - current overall Capture The Flag team ratings, per-team statistics, upcoming CTFs, CTF writeups and more.
Useful Tools
Replit
https://repl.it
A free, powerful, and simple online compiler, IDE, interpreter, and REPL. Allows you to Code, compile, and run code in 30+ programming languages.
DVWA
https://github.com
Damn Vulnerable Web Application is a web application that allows you to test common web vulnerabilities in a safe and legal environment.
OWASP Cheatsheets
https://cheatsheetseries.owasp.org
OWASP Cheat Sheet Series provide a concise collection of high value information on specific web/application security topics. Created by experienced professionals.
Mitre Att&ck
https://attack.mitre.org
Accessible knowledge base of adversary tactics and techniques based on real-world observations used for development of threat models and methodologies.
Pythonanywhere
https://www.pythonanywhere.com/
Free access to AWS micro tier instances with a full Python environment and batteries included. Develop & host your website or code directly from your browser.
GitHub Student
https://education.github.com
Learn to ship software like a pro. If you have a school, university or education email, you can get access to over 100+ tools and benefits for free!
YouTube Channels
LiveOverflow
https://www.youtube.com
Take a deep dive into topics such as reverse-engineering, XSS, pen-testing, malware analysis, exploring weird machines and much more.
Hak5
https://www.youtube.com
Thousands of videos on various infosec topics and news, hosted by the famous members of Hak5: Darren, Shannon and Mubix.
Seytonic
https://www.youtube.com
A variety of ethical-hacking related tutorials, diy projects, raspberry pi mods, arduino hacks and cyber security news created by Jhonti.
IppSec
https://www.youtube.com
A collection of detailed HackTheBox video walkthroughs, showing the methodology of attempting the challenge from start to finish for current and past boxes.
TechLinked
https://www.youtube.com
They say cyber security and tech news go hand in hand. Learn about the latest developments in technology in 10 minutes or so.
13Cubed
https://www.youtube.com
Information security-related videos on Digital Forensics & Incident Response, Penetration Testing, overviews of various apps, scripts and more.
Real Engineering
https://www.youtube.com
Interesting answers to simple questions, in-depth breakdowns of how the challenges in our world are being solved.
LinusTechTips
https://www.youtube.com
Insightful videos on current consumer technology, often exploring the boundaries of and indulging in creative projects, PC builds, unboxings and more.
Interesting Blogs
Cloudflare
https://blog.cloudflare.com
Cloudflare is a web performance and security company that deploy some of the world's fastest infrastructure to keep the internet running smoothly, learn about their endeavours here.
Malwarebytes
https://blog.malwarebytes.com
Read about the latest cyber security news around the world, with weekly summaries of the current threats, APT activity and more from Malwarebytes.
Akamai
https://blogs.akamai.com
Akamai focuses on security, content distribution networks, and internet performance. Their blog has news, insight and perspectives on living and working in a hyperconnected world.
Threatpost
https://threatpost.com
An independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.
Project Zero
https://googleprojectzero.blogspot.com
Project Zero is a team of security analysts employed by Google tasked with finding zero-day vulnerabilities. View their detailed posts and findings here.
Troy Hunt
https://www.troyhunt.com
Blog with weekly updates from Troy Hunt, creator of HaveIBeenPwned, Microsoft Regional Director and MVP. No man has seen more data breaches than Troy.
Fascinating Podcasts
Darknet Diaries
https://darknetdiaries.com
This is a gripping podcast about hackers, breaches, shadow government activity, hacktivism, cybercrime, and all the things that dwell on the hidden parts of the network.
Smashing Security
https://podcasts.google.com
A helpful and hilarious take on the week's tech SNAFUs. Graham Cluley and Carole Theriault chat with guests about cybercrime, hacking, and online privacy.
Malicious Life
https://podcasts.google.com
Malicious Life tells the unknown stories of the history of cybersecurity, with comments and reflections by real hackers, security experts, journalists & politicians.
Check Point
https://podcasts.google.com
Narrated by Ran Levi of Malicious Life, following Check Point's Threat Intelligence Group as they scour the internet for new threats and vulnerabilities.
| Role | Description |
|---|---|
| Root | Server Administrator |
| Sudo | Server Moderator |
| Agent J | Agent J himself |
| Official Cyber Discovery Staff | Staff from the Cyber Discovery program |
| Community Developer | Made significant contributions to the community GitHub projects |
| Veteran - 2018/2019/2020/2021 | Qualified for CyberStart Elite in 2018/2019/2020/2021 |
| Quote Czar | Have the ability to quote messages in #quotes |
| Level [1-75] | Automatically assigned roles for MEE6 levels |
| Year [9-13] | Corresponding school years |
| Technically Adults | Those who are now older than any of the year roles |
| Trusted | Can use external emoji, control Rythm and post embeds |
| Nitro Booster | Those who have boosted our server allowing us to gain additional features |
| Partner Server | From a server linked with or related to ours |
| For Your Own Protection | Moderation role to hide all channels |
| Muted | Cannot speak in any channel |
| Announcements | Gets pinged when anything important is announced |
| Gaming Announcements | Gets pinged for upcoming activity nights and gaming events |
How do I get a role?
This depends on the role(s) in question. With roles such as Trusted and Quote Czar, this is applied and taken away at the discretion of the mods. You will therefore need to DM a mod asking for this, stating why you want it.
Where do I ask about a particular challenge?
You can use the remaining #cyberstart channel which is a catch all for all things relating to programme challenges. To bring up the brief for a level, use ":l h 1 1" (first HQ challenge for example). Please keep in mind that when asking the question, you should refrain from posting your methodology. Spoilers and hints which are too specific are also not allowed and may be subject to deletion.
How do I ask something about Cyber Discovery?
If it's a simple question such as what happened during the course of the programme or information regarding a particular past event, the members on our server should be more than happy to clarify it for you.
However, if this is something that is specific to your circumstances or a question which requires an official response, you will need to email support with your query. Please note that the official Cyber Discovery staff or SANS instructors cannot help you here, and you should not ping them with a question like this.
What are activity nights?
Activity nights are where we accumulate in a voice chat channel, play a game and generally have some fun. It's usually run by a Root/Sudo, who acts as the party leader. The games that we play are mostly free to play titles, which are undemanding on hardware, so anyone can join in if they wish. If you want to take part in such an event, please ensure that you have the @Gaming Announcements role, which means you will be notified if we schedule such an event in the future.
How long did this programme run for?
Cyber Discovery was launched in 2017 as a four-year programme, funded and supported by the Department for Digital, Culture, Media and Sport (DCMS) as part of the UK National Cyber Security Strategy. The programme ended on June 30th 2021. According to the offical website, DCMS have announced their intention to procure another National Cyber Schools Programme that will launch later at an unspecified date.
What are year roles and pathways?
Year roles are self assignable roles, which you can assign by heading over to the #bot-commands channel and typing out the relevant command to do so. This is DMed to you once you join initially. They give you access to a channel with your peers for year relevant discussion. Pathways is also a self assignable role which gives you access to the pathways channel. This is intended so you can ask those in higher years about their experiences with things like examinations and choosing a university and a degree course to best suit you.
Who do I ask if I have a question about the server?
You can ask anyone who has the @Sudo or @Root role. There should be some members with those roles online most times of day. These roles are pingable, but unless it's an urgent question or you have something immediate, you are encouraged to ping individual members instead. If they cannot answer your question, they will escalate to their peers in the relevant internal channels. If one sudo/root isn't available, please try pinging or DMing another one.
Where do I appeal a ban?
The current recommended method of appealing a ban is by directly sending a DM to a @Root member. If you don't have their Discord details, feel free to create an Issue in the Meta GitHub repository on the GitHub page and a Root member should be in touch. However, please note this is not a place for appealing bans, so don't write your ban appeal there.
Who is Agent Q?
We're not sure; no one knows really. We continue our search each year but turn up empty handed. Perhaps with the JWST we will have a better chance ;)
THIS WEBSITE IS NOT AFFILIATED, DESIGNED, DEVELOPED OR ENDORSED BY SANS INSTITUTE OR CYBER DISCOVERY
This website was solely developed by the members of the Cyber Discovery Discord community. All content on this website is already publicly available.
If you are a contributor and have content here that you want removed, please get in touch by private-messaging someone on our Discord server who possesses the 'Community Developer' role.
EVERYTHING ON THIS WEBSITE IS INTENDED FOR EDUCATIONAL PURPOSES
All the content here is intended for educational purposes under fair use (e.g. to demonstrate learning resources for students).
If you are the creator/owner of something, and want it removed from this website, please create an issue on GitHub, and the members of our community will take action on it rapidly.
THIS WEBSITE USES MATERIAL COMPONENTS FOR THE WEB
Material Components for the web is the successor to Material Design Lite. It provides modular and customizable Material Design UI components for the web,
which have also been used in creating this site. MDC-WEB is licensed under the MIT License, who's only condition is to include a copyright notice and a copy of the license, which can be found by clicking the appropriate button below.
- eohomegrownapps A gifted person who contributed code and helped fix a major issue.
- Lightspeedana An incredibly talented individual who contributed code, design and layout ideas.
- Picapi Valuable contributor and skilled fellow student studying Computer Science
- Bottersnike Web-dev extraordinaire who has an immense amount of knowledge for everything!
- thebeanogamer The guy in charge of everything and quite the gamer. Kept you waiting huh?
- Segway The terminator of typos and a great guy in general. Not to mention, likes Pokemon
- Bax Cat lover and amazing guy who helped with layout, code and inspiration
- Alphex Helped source the assets and layout for the site
- BritMonkey The original unofficially offical purveyor of Lynery and a master graphic designer. XD
- Linucks Hey that's me! I'm just trying to comprehend this complex world, one step at a time.