8:30 - 8:50 Opening of CyberHOT Day 1 - Registration

8:50 - 9:00 Welcome by the Organisers

9:00 - 9:30 Keynote Speaker - Automating Cyber Defenses Tejas Patel (DARPA Program Manager) 

9:35 - 10:35 Mechanics for Modern Attacks by Elias Athanasopoulos (UCY) & Dimitra Siaili (ITML)

In the first part we are going to discuss how memory corruption is still a problem, and in the second part more attacks and defenses in the energy sector.

Topics:

Module 1: safe vs unsafe systems, memory-safe vulnerabilities, stack in Intel/32-bit, code injections, defenses.

Module2: Real-time Threat Notifications and Response, Vulnerability Management and Reporting.

Tools: Module 1: gdb, gcc or clang toolchain for Intel/32-bit

Requirements: No Requirements

10:40 - 10:50 Coffee Break ☕

10:55 - 12:55 Communication in Cyber Incident Response by Ricardo Lugo (TalTech) & Paresh Rathod (Laurea & trustilio BV)

Topics: Cyber Situational Awareness Communication for Decision-making.

Requirements: No requirements

13:00 - 13:55 Lunch Break 🍽️

14:00 - 16:00 (1) Cybersecurity Stack: Fundamental Software Tools (2) Secure Healthcare Software Development by Stylianos Karagiannis (PDMFC) & Luis Miguel Campos (PDMFC)

Module 1: This module provides an in-depth exploration of essential software tools used in cybersecurity. Learners will gain practical skills in deploying and utilizing these tools to protect digital environments effectively.

Module 2: Participants will learn to conduct code scanning and maintain healthcare software that meets security standards.

Topics: 

Module 1: 

1. Port Scanning

2. Network Topology

3. Virtualization

4. IDS

5. Brute Force Attacks

6. Vulnerability Scanning

Module 2: 

1. Static Application Security Testing

2. Code Inspection

3. Vulnerability Management

4. CVE, CWE, OWASP taxonomies

Tools: 

Module 1: Laptop with access to Jupyter Notebook on Google Collabs or Kali Linux (as VM) to participate actively on a virtual lab, at least 8GB RAM free, 40 SSD free

Module 2: SAST Tools (e.g., CodeQL), GIT, DAST Tools

Requirements: Need to create account on Google Collabs and GitHub (if not have one), have a spare Linux VM or native just in case.

16:05 - 16:15 Coffee Break ☕

16:20 - 17:20 The weaponization of OSINT by Vanessa (TalTech) & Ahmed Nasr (TalTech)

A presentation and a demo explaining the case on targeting OT personnel.

Topics: OSINT, OT personnel

Tools: We as presenters BOYD, but important to have a screen where to present and speakers just in case if we need to present the demo in video form.

Requirements: Basic knowledge of security.

17:20 – 17:30 End of CyberHot Summer School Day 1

8:30 - 8:50 Opening of CyberHOT Day 2

8:50 - 9:00 Welcome by the Organisers

9:00 - 11:35 Network Security Essentials and Penetration Testing for SMEs by Paresh Rathod (Laurea & trustilio BV) & Riku Salmenkylä (Laurea) & Foteini Petropoulou (Zelus)

This workshop dives into the growing importance of Network Security Essentials and Penetration Testing for SMEs. The training also offers the hands-on demo of Nmap and Wireshark for Penetration Testing and Cybersecurity. We will explore two key initiatives that offers more comprehensive professional training on the subject including EU CyberSecPro and NERO project.

Topics: 

• What penetration testing is and why it is important

• The different types of penetration testing

• The tools and techniques used by penetration testers

• How to identify vulnerabilities in networks and systems

• Demo: Use of Nmap and Wireshark for Penetration Testing and Cybersecurity

Tools: Demo of Wireshark and NMap (how these two tools can be used offensively and defensively)

Requirements: Open mind, curiosity and basic knowledge of security 

11:40 - 11:50 Coffee Break ☕

11:55 - 13:55 Penetration Testing and Crowdsourcing platforms by Christos Grigoriadis (Focal Point) & Dimitris Koutras (UPRC)

Exploitation identifies vulnerabilities like buffer overflows and format string issues by analyzing and manipulating executable code.  This training assesses internal threats, patch management, and web based incident response strategies and overall security posture flaws.

Topics: Web, Network, Systems, Bug Bounty

Tools: Hack The Box platform

Requirements: Basic knowledge of security 

14:00 - 14:55 Lunch Break 🍽️

15:00 - 17:00 Mastering Cyber Defense: Hands-On Training with Montimage Cyber Range by Wissam Mallouli (MI) & Pedro Tomás(OneSource)

The seminar will address the crucial aspects of cybersecurity by immersing participants in the practical use of the Montimage Cyber Range. Attendees will learn how to generate, detect, and respond to various cyber attacks, including ransomware, phishing, and denial of service (DoS) attacks. Using Montimage's advanced MMT solution, this hands-on training will provide real-world scenarios to enhance skills and preparedness in cybersecurity defense. The training is supported by NERO and CYBERSUITE HE projects.

Topics: Concept of cyberranges (W), Generating Cyber Attacks (P), Detection Techniques (P), Response and Mitigation (W), Practical Exercises (WP)

Tools: Montimage ADR Cyber Range, MMT (Montimage Monitoring Tool), Antiphishing cyberrange

Requirements: Basic understanding of cybersecurity concepts, Familiarity with network protocols and architecture

17:05 - 17:10 Coffee Break ☕

17:15 - 18:15 Sector Specific Controls and Standards by Argyro (Iro) Chatzopoulou (APIRO), George Kliafas (MAG) & Pinelopi Kyranoudi (TUC)

This session covers the following subjects:

1. An introduction to ISO/IEC 27001, the applicability and controls.

2. Examples of how the controls change based on the sector:

• Example Energy sector

• Example Health sector

• Example Maritime sector - Software Security in the Maritime Industry

Topics: 

• Security Governance

• Risk Management

• Introduction to Software Security in the Maritime Industry

• Principles of secure software development lifecycle (SDLC) tailored for the maritime industry

• Understanding the process of threat modelling for identifying and mitigating maritime software security risks

Tools: https://www.enisa.europa.eu/topics/cybersecurity-policy/nis-directive-new/minimum-security-measures-for-operators-of-essentials-services

Requirements: Basic knowledge of security 

18:20 – 18:30 End of CyberHot Summer School Day 2 - Certifications 🏆🎓