K0NSULT's manifesto for stepping onto the global stage — powered by the community of pentesters and security researchers. This is the first thing a mature researcher checks when assessing whether an organization is serious: is there somewhere to report, is contribution recognized, are the rules published, is there a safe harbor. Here, they are. Global is not a declaration — it is a position to be earned, measured by the evidence the community produces.
No internal team has as many eyes on the problem as an open community of researchers does. K0NSULT opens itself to testing and co-creation: it exposes reporting gateways, recognizes contribution, publishes its rules, and speaks one language with the world — standards. This is an evidence-first panel: every claim about a "global level" must be backed by measurable community contribution.
Everyone arrives differently: one wants to report a bug, another to compete, a third to learn, a fourth to join the team. Five doors, one house.
Found a vulnerability? Report it safely. Coordinated Vulnerability Disclosure (CVD), a security.txt channel, acknowledgement and status. Open to every researcher — no registration, no fees.
Recognition for contribution: a public Hall of Fame, reputation points, a rewards track as scopes come online. Your name on the board, not in a drawer.
Competition: recurring CTF/hackathon events, Polish and international teams, joint cyber + AI scenarios. A place where skills are measured, not declared.
Learn and prove it: training tracks (blue/purple team, AI security), labs, an exam with certification. Competence verified, not asserted.
Join as a specialist in the roster of researchers and responders. Profile, competencies, availability for tasks and response teams. Scale built person by person, honestly.
Global speaks one language. We do not lock ourselves into a proprietary format — we exchange data in standards that banks, CERTs and platforms understand worldwide.
| Standard | Role | Status |
|---|---|---|
| STIX / TAXII | Format and transport for threat intelligence exchange — IoCs, campaigns, actors. | ROADMAP |
| MISP | Interoperability with indicator-sharing communities (feeds, sharing groups). | ROADMAP |
| MITRE ATT&CK | A shared taxonomy of techniques and tactics — mapping of playbooks and reports. | LIVE |
| security.txt (RFC 9116) | A standard security point of contact — how to find us, where to report. | LIVE |
| OpenAPI | A machine-readable API contract — integration with partner SIEM/SOAR. | ROADMAP |
| DORA TLPT / TIBER-EU | A common language for intelligence-led penetration testing — with the banking sector. | ROADMAP |
Openness without boundaries is chaos. The global gateway is defensive, and its rules are hard and public.
Testing solely within the authorized scope and solely for defensive purposes. No activity against real targets without consent and Rules of Engagement (RoE).
A researcher acting in good faith and within the rules is protected — we do not pursue legal action over policy-compliant, coordinated disclosure.
Zero offensive payloads published publicly. Every test scenario has a scope, consent and criteria — otherwise it does not exist.
Data of researchers, hackathon participants and trainees is processed in line with the GDPR — minimization, purpose, retention, right of access and erasure.
Global starts with understanding. We provide the gateway bilingually, with a plan for further languages as we enter new markets.
The primary language of the portal and of contact with national authorities (KNF, CSIRT, MC).
The version for the global community of researchers and international partners.
DE / FR / ES / UA are planned — prioritized by real community traffic, not declared upfront.
K0NSULT grows in layers: local → national → regional → global. Each rung is earned with evidence, not an announcement. Global is the top of this ladder — a position measured by community contribution, public reports and acknowledged fixes.
→ The scale ladder (full description)
The best proof that we take security seriously is that we invite you to try to break it — within the rules. Find a gap, report it, and we will fix it and recognize your contribution. That is how the global level is built: not by declaration, but by invitation.
→ Enter through the disclosure gateway and report your first vulnerability