Welcome!

We're a friendly, growing community of students taking part in Cyber Discovery and SANS' CyberStart family of programmes. Our community is mainly centered around a discord server consisting of over 3500+ members from a multi-talented, diverse range of backgrounds.

Although the focus of our server is cyber security and learning based, our members carry out insightful discussions on a range of subjects including STEM fields, media, gaming and computer hardware. Whether you're looking for pointers, hints or guidance on particular challenges, student run capture the flag events or more. It's a great place to hang out casually!

Who Are We?

The majority of the members on our server are students who fall within the 13-18 age range and are participants of one of the mentioned cyber security programmes. However, we are also home to alumni (those who have participated previously and have moved on to university and jobs), club leaders, teachers, parents and last but not least, official SANS institute staff who are associated with the programmes to varying degrees.

Our server primarily accommodates the UK demographic, but if you're from the US, feel free to join us! Whilst you're here, you may wish to check out some of our cool open source projects!

Open Source

Discord Bot

This is the community bot for our server. Fetch dates, quotes, level briefings, etc.

Main Site

cyberdiscoverycommunity.uk - Our site which is built upon Google's web framework.

Android App

Never miss a deadline again with the unofficial Cyber Discovery App for Android.

Maths Bot

Posts the current weekly challenge from the Kings College London Maths School.

Elections Bot

Allows us to host staff elections allowing the community to vote on moderators.

Rich Presence

Show what stage and challenge you are attempting and set that as your Discord status.

UK

Event Date Status
CyberStart Elite Online Year 3 27th-31st July / 3rd-7th August 2020 Course Confirmed
Elite Talent Development Programme Q3 2019 - Q4 2020 Ongoing
CyberStart Assess Year 4 2nd June – 30th September 2020 Ongoing
CyberStart Game Year 4 2nd June 2020 – 31st March 2021 Ongoing
CyberStart Essentials Year 4 15th September 2020 – 31st March 2021 Starting Soon™
Virtual Cyber School 31st August 2020 (Reg closes 1st August) Ongoing (Register Now)

US

Event Date Status
Girls Go CyberStart Game February 10 – June 30, 2020 Ongoing
Girls Go CyberStart Compete May 20 – May 21, 2020 Finished (See Winners!)
Cyber FastTrack: Summer Intake Spring 2020 - Summer 2020 (Register) Registration Open

Rules

No discriminatory or adult content

Swearing is allowed, so long as it isn’t malicious. Racism, sexism, and any other form of harassment or offensive comment is not permitted and will be met with punishment.

No Spam

Spam clogs up the channels, and we will take action if you post a large number of messages in a short period of time or post long messages unnecessarily.

Keep spam or shitposting to #overflow

#overflow is still subject to other rules. However, spam, inappropriate discussions, etc to a reasonable extent should be moved here. Mention spam is not acceptable.

Appropriate channels should always be used

For example, memes belong in #memes not #general, and discussion of Cyber Discovery challenges belong in the appropriate CyberStart channels.

No spoilers

This server is for Cyber Discovery, but not for spoiling Cyber Discovery. By giving someone else answers you’re ruining the experience for everyone.

No harassment

Be it sexual or verbal, harassment is not acceptable. This is any targeted action towards someone else with malicious intent.

No unauthorised invite links

A list of authorised invite links can be found on the meta repository.

No enticement of illegal activity

This is not limited to, but includes acts which may break the Computer Misuse Act.

Sanctions

Adult Content/Doxing/Discrimination - Temporary (14 day) / Permanent ban

If the content is entirely unsuitable for the server, you will be banned. Doxing someone else is entirely unacceptable as well, as detailed in the doxing rules. Discriminating someone on the basis of sex, race, etc. will also be met with a ban.

Harassment - Temporary (14 day) / Permanent Ban

Forms of sexual and verbal harassment are entirely unacceptable. Harassing another member on the server and ruining their experience is wrong, and, after being judged on a case-by-case basis, will be punished with a temporary or permanent ban.

Repeated Infractions, Consistent Spam - 3 hour mute

If you receive 3 such mutes, this will escalate to a temporary ban of duration 7 days. If you make another serious infraction soon after this, you will be permanently banned.

Spam, Reposting Deleted Content - Warning, followed by 1h mute if continued

Three of these counts as one 3h mute, and further punishments will be given accordingly. The 1 hour duration can be increased to up to 3 hours depending on whether the offence has been repeated or not.

Information

Be Respectful

Other people are on the other side of a screen, and this server is aimed mostly at young people. Different people often feel differently about various remarks. As moderators, we reserve the right to take action if you're explicitly making someone's experience of the server difficult and miserable. We have a zero-tolerance policy on bullying or harassment, and targeting other members of the server with hurtful or offensive remarks is unacceptable, and will lead to mutes or bans.

Doxing

Do not expose any personal information about other people without express permission. Personal information is any info pertaining to their identity, e.g. locations, names, contact details - anything that is linked to that person. Ask the person in question first. Do not do it if you’re not sure. Do not try and find information that can dox someone else either without their permission either. Releasing your own information means it can be re-quoted. If you say something on the server, unless it is removed then anyone can re-quote it. If you want something deleted, ask a moderator. Do not harass someone else based on their information. Even if it's publicly linked, ask them first before posting it in a public channel.

Reporting a Moderator/Appealing Punishments

If you have a serious complaint to make about a moderator, then DM an @Root in order to get this addressed. Please do not DM unless entirely required. Do not harass a moderator about decisions they make - we reserve the right to make decisions not covered entirely by these rules if the situation requires it. Moderators are @Root and @Sudo and are here to answer any queries you may have in DMs. We can also be DMed in order to appeal punishments. Please note that we are not Cyber Discovery staff - any personal queries regarding the program should be sent to [email protected], not us. If you have any enquiry to make around the above rules, or wish to discuss a punishment or deletion, we will be happy to discuss the exact reasoning in DMs. Harassing moderators is not acceptable - we are people as well, and any sort of malicious activity towards us, will be met with appropriate punishment.

Suggesting Changes to the Community

If you feel that something on the server could/should be improved, make an issue on the meta repository. This is a platform for constructive discussion around the future of our community - however, this is not the place to appeal punishments or to report moderators so please see below. Response times for meta issues may vary depending on the time of year and ongoing exams.

Practice Challenges

OverTheWire

https://overthewire.org

Wargames offered by the OverTheWire community, which can help you to learn and practice security concepts in the form of fun-filled games.

Hack The Box

https://www.hackthebox.eu

A rapidly growing, massively popular online platform of 330k+ users with access to a large number of pen-testing labs and machines. Perfect for practical learning.

TryHackMe

https://tryhackme.com

TryHackMe is a freemium training platform for learning and teaching pre-built courses using virtual machines to practice various techniques.

VulnHub

https://www.vulnhub.com

Community generated vulnerable environments, allowing anyone to gain hands-on experience with digital security, computer applications and network administration tasks.

SmashTheStack

http://smashthestack.org

An ethical hacking environment that supports the simulation of real world software vulnerabilities and allows the use of exploitation techniques.

Exploit Exercises

https://exploit-exercises.lains.space

A variety of challenges to learn about privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering and more.

Learn Concepts

Cybrary

https://www.cybrary.it

Online cyber security training which you can learn anytime, anywhere with open-source, high quality training from top professionals and companies.

Udacity

https://eu.udacity.com

A vast, comprehensive list of free online courses and Nanodegree programmes which range from mastering web design to business tech.

FutureLearn

https://www.futurelearn.com

Online courses from top universities and specialist organisations on cyber security and many other topics at no cost.

Real Python

https://realpython.com

Learn all things Python from the ground up. Everything from the absolute basics of Python, to web development and web scraping, to data visualization, and beyond.

Codecademy

https://www.codecademy.com

An online platform that offers free interactive programming lessons in various different programming languages. Great place to start Python, JS and more.

NSA's COMP3321

https://nsa.sfo2.digitaloceanspaces.com

Learn Python the hard way by reading NSA's declassified COMP3321 course which covers Python from start to finish in massive depth and detail.

Techquickie

https://www.youtube.com

Learn the fundamental concepts of computer science explained in a simplified infographic format as quickly as possible in a few minutes.

Learn RE

https://www.begin.re

Learn the basics of x86 and get hands-on experience with reverse engineering from scratch. Extremely useful for binary reversing CTFs.

CTF Competitions

PicoCTF

https://picoctf.com

High-school CTF created by DEFCON CTF 4-time winning Carnegie Mellon team PPP where participants must reverse, break, hack and decrypt different challenges.

RACTF

https://ractf.co.uk

RACTF is a student-run, extensible, open-source, capture-the-flag event consisting of many different varieties and difficulty levels of challenges.

Reply Challenges

https://challenges.reply.com/

A series of CTF challenges and competitions, where participants compete in teams, with frequent events and prizes.

CTFtime

https://ctftime.org

CTF-related info - current overall Capture The Flag team ratings, per-team statistics, upcoming CTFs, CTF writeups and more.

Useful Tools

Replit

https://repl.it

A free, powerful, and simple online compiler, IDE, interpreter, and REPL. Allows you to Code, compile, and run code in 30+ programming languages.

DVWA

https://github.com

Damn Vulnerable Web Application is a web application that allows you to test common web vulnerabilities in a safe and legal environment.

OWASP Cheatsheets

https://cheatsheetseries.owasp.org

OWASP Cheat Sheet Series provide a concise collection of high value information on specific web/application security topics. Created by experienced professionals.

Mitre Att&ck

https://attack.mitre.org

Accessible knowledge base of adversary tactics and techniques based on real-world observations used for development of threat models and methodologies.

Pythonanywhere

https://www.pythonanywhere.com/

Free access to AWS micro tier instances with a full Python environment and batteries included. Develop & host your website or code directly from your browser.

GitHub Student

https://education.github.com

Learn to ship software like a pro. If you have a school, university or education email, you can get access to over 100+ tools and benefits for free!

YouTube Channels

LiveOverflow

https://www.youtube.com

Take a deep dive into topics such as reverse-engineering, XSS, pen-testing, malware analysis, exploring weird machines and much more.

Hak5

https://www.youtube.com

Thousands of videos on various infosec topics and news, hosted by the famous members of Hak5: Darren, Shannon and Mubix.

Seytonic

https://www.youtube.com

A variety of ethical-hacking related tutorials, diy projects, raspberry pi mods, arduino hacks and cyber security news created by Jhonti.

IppSec

https://www.youtube.com

A collection of detailed HackTheBox video walkthroughs, showing the methodology of attempting the challenge from start to finish for current and past boxes.

TechLinked

https://www.youtube.com

They say cyber security and tech news go hand in hand. Learn about the latest developments in technology in 10 minutes or so.

13Cubed

https://www.youtube.com

Information security-related videos on Digital Forensics & Incident Response, Penetration Testing, overviews of various apps, scripts and more.

Null Byte

https://www.youtube.com

A series of videos demonstrating how to utilise various tools, techniques and operating systems for aspiring ethical hackers.

JackkTutorials

https://www.youtube.com

Video tutorials explaining a range of topics, CTF walkthroughs and demonstrations of various tools in an easy-to-understand format.

MAFH

https://www.youtube.com

Get started with malware analysis and reverse engineering by watching a malware analyst unpack and explain real-world malware.

LinusTechTips

https://www.youtube.com

Insightful videos on current consumer technology, often exploring the boundaries of and indulging in creative projects, PC builds, unboxings and more.

Interesting Blogs

Cloudflare

https://blog.cloudflare.com

Cloudflare is a web performance and security company that deploy some of the world's fastest infrastructure to keep the internet running smoothly, learn about their endeavours here.

Malwarebytes

https://blog.malwarebytes.com

Read about the latest cyber security news around the world, with weekly summaries of the current threats, APT activity and more from Malwarebytes.

Akamai

https://blogs.akamai.com

Akamai focuses on security, content distribution networks, and internet performance. Their blog has news, insight and perspectives on living and working in a hyperconnected world.

Threatpost

https://threatpost.com

An independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.

Project Zero

https://googleprojectzero.blogspot.com

Project Zero is a team of security analysts employed by Google tasked with finding zero-day vulnerabilities. View their detailed posts and findings here.

Troy Hunt

https://www.troyhunt.com

Blog with weekly updates from Troy Hunt, creator of HaveIBeenPwned, Microsoft Regional Director and MVP. No man has seen more data breaches than Troy.

Fascinating Podcasts

Darknet Diaries

https://darknetdiaries.com

This is a gripping podcast about hackers, breaches, shadow government activity, hacktivism, cybercrime, and all the things that dwell on the hidden parts of the network.

Smashing Security

https://podcasts.google.com

A helpful and hilarious take on the week's tech SNAFUs. Graham Cluley and Carole Theriault chat with guests about cybercrime, hacking, and online privacy.

Malicious Life

https://podcasts.google.com

Malicious Life tells the unknown stories of the history of cybersecurity, with comments and reflections by real hackers, security experts, journalists & politicians.

Check Point

https://podcasts.google.com

Narrated by Ran Levi of Malicious Life, following Check Point's Threat Intelligence Group as they scour the internet for new threats and vulnerabilities.
Role Description
Root Server Administrator
Sudo Server Moderator
Agent J Agent J himself
Official Cyber Discovery Staff Staff from the Cyber Discovery program
Community Developer Made significant contributions to the community GitHub projects
True 100% Completed all of CyberStart Assess, Game, and Essentials
100 Percent Completed all of CyberStart Game
Elite Online Those who have been selected for Elite Online 2020
Elite Online - FOR500 Those confirmed doing FOR500 for Elite Online
Elite Online - SEC503 Those confirmed doing SEC503 for Elite Online
Elite Online - SEC504 Those confirmed doing SEC504 for Elite Online
Elite Online - EHF Those confirmed doing Ethical Hacking Fundamentals for Elite Online
Veteran - 2018/2019 Qualified for CyberStart Elite in 2018/2019
Forensicator Completed FOR500 course and passed GCFE exam
Cyberist Completed SEC504 course and passed GCIH exam
Elite Talent Development Participating in the Elite Talent Development Programme
CCC Invited to Cyber Discovery Content Creators Club
HQ Completed the headquarters base from CyberStart Game
Moonbase Completed moon base from CyberStart Game
Forensics Completed forensics base from CyberStart Game
Volcano Completed volcano base from CyberStart Game
Quote Czar Have the ability to quote messages in #quotes
Level [1-80] Automatically assigned roles for MEE6 levels
Year [9-13] Corresponding school years
Technically Adults Those who are now older than any of the year roles
Trusted Can use external emoji and control Rythm
Nitro Booster Those who have boosted our server allowing us to gain additional features
Club Leader Restricted access for Cyber Discovery club leaders
Partner Server From a server linked with or related to ours
For Your Own Protection Moderation role to hide all channels
Probation Can only access certain few channels and under monitoring
Muted Cannot speak in any channel
Announcements Gets pinged when anything important is announced
Gaming Announcements Gets pinged for upcoming activity nights and gaming events

How do I get a role?

This depends on the role(s) in question. To claim Elite and base roles (such as HQ, Moon or Forensics) you will need to DM a Root/Sudo with a video of you refreshing the main page showing you have 100% completion on that base or a screenshot of the Elite invite email. With other roles such as Trusted and Quote Czar, this is given at the discretion of the mods. You will therefore need to DM a mod asking for this.

Where do I ask about a particular challenge?

You can use the relevant #Cyberstart, #HQ, #Moonbase, #Forensics or #Volcano channels. To bring up the brief for a level, use ":l h 1 1" (first HQ challenge for example). Please keep in mind that when asking the question, you should refrain from posting your methodology. Spoilers and hints which are too specific are also not allowed and may be subject to deletion. Use the ":fm" command to link to the field manual.

How do I ask something about Cyber Discovery?

If it's a simple question such as the opening/closing dates or information regarding a particular stage or event, the members on our server should be more than happy to clarify it for you. However, if this is something that is specific to your circumstances or a question which requires an official response, you will need to email support with your query. Please note that the official cyber discovery staff cannot help you here, and you should not ping them with a question like this.

What are activity nights?

Activity nights are where we accumulate in a voice chat channel, play a game and generally have some fun. It's usually run by a Root/Sudo, who acts as the party leader. The games that we play are mostly free to play titles, which are undemanding on hardware, so anyone can join in if they wish. If you want to take part in such an event, please ensure that you have the @Gaming Announcements role, which means you will be notified if we schedule such an event in the future.

How long has this programme been running for?

Cyber Discovery stems from the SANS CyberStart family of programmes and opened for it's first intake for Assess in late 2017. This means it's been 3 years running, and the 4th year intake is now open. Many of the members on our server have been around for these 3 years and have witnessed the rapid growth of this programme and the server along the way, as well as taking part and attending Elite events each year. Although we don't know how long this will continue for, we believe the initial contract for this was for 4 years by the UK government.

What are year roles and pathways?

Year roles are self assignable roles, which you can assign by heading over to the #bot-commands channel and typing out the relevant command to do so. This is DMed to you once you join initially. They give you access to a channel with your peers for year relevant discussion. Pathways is also a self assignable role which gives you access to the pathways channel. This is intended so you can ask those in higher years about their experiences with things like examinations and choosing a university and a degree course to best suit you.

Who do I ask if I have a question about the server?

You can ask anyone who has the @Sudo or @Root role. There should be some members with those roles online most of the time of day. These roles are pingable, but unless it's an urgent question or you have something immediate to report (such as flag posting or spoilers), you are encouraged to ping individual members instead. If they cannot answer your question, they will escalate to their peers. If one sudo/root isn't available, please try pinging or DMing another one.

Where do I appeal a ban?

The current recommended method of appealing a ban is by directly DMing an @Root member. If you don't have their Discord details, feel free to create an Issue in the Meta GitHub repository on the GitHub page and a Root member should be in touch. However, please note this is not a place for appealing bans, so don't write your ban appeal there. We are currently in the process of moving this to a platform like Google Forms where a form can be filled for this purpose.

How do I get the community developer role?

In order to get the community developer role, you will need to make a contribution to one of our GitHub projects or create a compelling new one. To start, you can head over to the one of the repositories and see what active issues that project might have which requires resolving. To contribute, you will need to setup Git in your dev environment, installing any required tools from the README such as Poetry and Pyenv. From there, you need to fork the project, make the changes in a separate branch and create a pull request.

What is the Cyberist/Forensicator role?

Those who performed well in the programme and those were called to the Elite stage were invited to attend SANS instructor-led course training events and had the opportunity to sit for a GIAC exam based on the SANS course they chose. Cyberists are those who attended a SEC504 Course and subsequently passed the corresponding GCIH exam. Forensicators took the FOR500 course and passed the GCFE exam. For Elite Online 2020 the option of SEC503 is there, which means we may add an Intrusionists role in the near future.

Who is Agent Q?

No one knows really. There are some mysteries of the universe which will always remain just that, regardless of how much you search ;)

THIS WEBSITE IS NOT AFFILIATED, DESIGNED, DEVELOPED OR ENDORSED BY SANS INSTITUTE OR CYBER DISCOVERY

This website was solely developed by the members of the Cyber Discovery Discord community. All content on this website is already publicly available. If you are a contributor and have content here that you want removed, please get in touch by private-messaging someone on our Discord server who possesses the 'Community Developer' role.

EVERYTHING ON THIS WEBSITE IS INTENDED FOR EDUCATIONAL PURPOSES

All the content here is intended for educational purposes under fair use (e.g. to demonstrate learning resources for students). If you are the creator/owner of something, and want it removed from this website, please create an issue on GitHub, and the members of our community will take action on it rapidly.

THIS WEBSITE USES MATERIAL COMPONENTS FOR THE WEB

Material Components for the web is the successor to Material Design Lite. It provides modular and customizable Material Design UI components for the web, which have also been used in creating this site. MDC-WEB is licensed under the MIT License, who's only condition is to include a copyright notice and a copy of the license, which can be found by clicking the appropriate button below.
  • eohomegrownapps A gifted person who contributed code and helped fix a major issue.
  • Lightspeedana An incredibly talented individual who contributed code, design and layout ideas.
  • Picapi Valuable contributor and skilled fellow student studying Computer Science
  • Bottersnike Web-dev extraordinaire who has an immense amount of knowledge for everything!
  • thebeanogamer The guy in charge of everything and quite the gamer. Kept you waiting huh?
  • Segway The terminator of typos and a great guy in general. Not to mention, likes Pokemon
  • Bax Cat lover and amazing guy who helped with layout, code and inspiration
  • Alphex Helped source the assets and layout for the site
  • BritMonkey The original unofficially offical purveyor of Lynery and a master graphic designer. XD
  • Linucks Hey that's me! I'm just trying to comprehend this complex world, one step at a time.
Hey there!