9:30 - 9:45 Registration & Welcome by the Organisers

9:45 - 10:15 CyberSecDome by Andreas Miaoudakis from CyberAlytics Limited & Vina Rompoti from ITML 

Abstract: CyberSecDome is a visionary European project that integrates Artificial Intelligence and Virtual Reality technologies to predict and efficiently respond to cybersecurity threats. It enhances resilience, privacy and situational awareness across complex digital infrastructures by enabling real-time threat detection, collaborative responses and privacy-aware information sharing.

10:20 - 10:50  SecOPERA 

"Secure OPen source softwarE and hardwaRe Adaptable framework" by Georgios Chatzivasilis from Technical University of Crete

Abstract: Ensuring the security of open-source software and hardware (OSS/OSH) in today’s interconnected environments – particularly in IoT systems that integrate components from various OEMs – is increasingly difficult due to the absence of a unified, end-to-end security auditing process. Devices with limited resources and no trusted execution environments face an expanded threat surface, and conventional DevSecOps practices fall short in guaranteeing security across the open-source supply chain. To address these challenges, SecOPERA delivers a comprehensive platform that enables designers, developers, and operators to analyze, assess, harden, and securely share OSS/OSH components as they are integrated into larger connected products. The platform supports the full open-source DevSecOps lifecycle by automating the decomposition and security testing of open-source solutions, applying debloating and hardening techniques to reduce code complexity and attack surfaces, and ensuring ongoing security through patching and update mechanisms – even when vulnerabilities exist in the original codebases. Additionally, SecOPERA offers a curated repository of secure modules to support enhancement workflows, and a library of pre-hardened OSS/OSH components with associated security assurances.

10:55 - 11:25 SYNAPSE

"LLM-Powered Intent-Based Categorization of Phishing Emails" by Even Eilertsen from University of Oslo

Abstract: A brief introduction to the SYNAPSE project and some research that is part of the project that investigates the practical potential of using Large Language Models (LLMs) for phishing emails by focusing on their intent. In addition to a binary classification of phishing emails, the paper introduces an intent-type taxonomy, which uses LLMs to classify emails into distinct categories and extract actionable cyber threat intelligence. The results show that existing LLMs can detect and categorize phishing emails.

11:30 - 12:00 CONSOLE

"Cybersecurity for Resilient Software Development" by Andreas Miaoudakis from CyberAlytics Limited

Abstract: CONSOLE's goal is to advance cybersecurity within the European software development industry. By creating a sophisticated automated platform complete with integral modules and additional training services, CONSOLE is set to significantly cut acquisition costs for end-users, notably EU SMEs, while maintaining stringent cybersecurity for software applications, systems, and a broader user base.

12:00 - 12:20 Brunch / Coffee Break ☕

12:20 - 12:50 fAith  

"Faith trustworthiness risk management framework AI-TAF" by Nineta Polemi from UPRC/trustilio

Abstract: Based on ISO27005 the AI_TAF provides a step-by-step approach  in assessing technical social and human threats and vulnerabilities  that impact the dimensions of trustworthiness ( fairness , security, privacy, explainability etc) in each phase of the AI system lifecycle. The trustworthiness risks are evaluated for each AI asset of the AI system in the particular phase under assessment.

12:55 - 13:25 NG-SOC

"Next Generation Security Operation Centres by European Dynamics" by Konstantinos Gombakis from European Dynamics

Abstract: NG-SOC aims to establish a network of AI-enabled, interoperable Security Operations Centres (SOCs) across EU member states to enhance cybersecurity through collaboration, information sharing, and coordinated threat response. The project will deliver a shared SOC service that integrates threat intelligence (CTI) tools, AI-driven threat detection, and response capabilities aligned with EU standards. Key components include a CTI exchange toolbox, coordinated incident response mechanisms, specialized cybersecurity training, and an open, standards-based architecture to support cross-border collaboration. NG-SOC’s solution will be validated in the banking, energy, and CSIRT training sectors.

13:30 - 14:30 CYBERUNITY & DYNAMO

"CyberOpsArena: A demonstration of a Cyber Range platform for realistic cybersecurity training" by Mariana Mazi from ITI, CERTH

Abstract: This cyber range system has been further developed and configured within the EU funded project CYBERUNITY, while the defensive components and security mechanisms  included in the Cyber Range scenarios have been developed under EU funded project DYNAMO. This demonstration introduces participants to the next generation cybersecurity tools of CERTH, focusing on the fundamentals and practical application of Cyber Range environments for cybersecurity training. Attendees will familiarize themselves with the simulated network infrastructures and in real-world cyberattack and defense scenarios. Key concepts such as threat detection, incident response, red/blue team operations and vulnerability exploitation will be demonstrated in a controlled and gamified environment. The session aims to demonstrate how  practical skills through immersive exercises can be acquired, preparing participants for real-life security challenges.

Tool used for the session: CERTH’s Cyber Range platform

Requirements for trainees: Laptop, web browser, internet connectivity, basic familiarity with networking and cybersecurity concepts

14:35 - 15:05 CO-EVOLUTION 

"A Comprehensive Trustworthy Framework for Connected Machine Learning and Secure Interconnected AI Solutions" by Orestis Tsirakis from CyberAlytics Limited

Abstract: The CoEvolution project integrates its architecture components to create an end-to-end Security, Trust, and Robustness (STR) assessment solution, generating context-aware AI models characterized by their AI Model Bill of Materials (AIMBOM). The goal is a universal hub providing a coherent STR risk assessment and security assurance flow, aligning with MLDevOps and EU AI regulatory frameworks. The paradigm includes novel AI model descriptions, AIMBOM management, security monitoring, and context awareness. CoEvolution introduces a new STR paradigm based on Bills of-Materials, offering a unified approach to describing AI models in supply chains, ensuring STR compliance with EU directives on trust, fairness, data governance, and GDPR guidelines.

9:30 - 9:45 Registration & Welcome by the Organisers

9:45 - 10:15 CUSTODES 

"A Certification approach for dynamic, agile and reUSable assessmenT for composite systems of ICT proDucts, servicEs, and processeS" by Andreas Miaoudakis from CyberAlytics LImited

Abstract: In an increasingly digital world, cybersecurity certification is a vital tool to enhance trust. However, the complex nature of this process presents numerous challenges. With this in mind, the EU-funded CUSTODES project will provide cost-effective, agile, and portable conformity assessment capabilities for a wide range of stakeholders. CUSTODES comprises various components designed to discover and translate certification information, offering transparency and trust in the evaluation of ICT products and services. It utilises a Restricted & Trusted Execution (RTE) environment to safeguard the product's custody during assessment.

10:20 - 10:50 RIGOUROUS 

"secuRe desIGn and deplOyment of trUsthwoRthy cOntinUum computing 6G Services (RIGOUROUS)" by Pedro Tomás from ONESOURCE

Abstract: The RIGOUROUS project represents a critical step towards ensuring the resilience of 6G against evolving cyber threats. By harnessing the power of ML and AI, RIGOUROUS is creating a dynamic DevSecOps and DevPrivOps aligned security solution that can adapt to the ever-changing threat landscape and safeguard the trust and reliability of future 6G networks. The project’s scope extends beyond security to encompass privacy and trust as well. Innovative techniques to embed privacy-preserving mechanisms into 6G architectures are being explored, ensuring that user data is protected and respected. Additionally, methods for establishing and maintaining trust in the use of future networks, including a human factor, are also being explored.

10:55 - 11:25 MIRANDA 

"Monitoring, Investigation and Response to cyber-attacks with an Adaptive digital twiN moDel for Agile services over the computing continuum" by Luis Cordeiro from ONESOURCE

Abstract: The MIRANDA project will design, develop, deploy, and validate a framework for collaborative cyber-security operations over service supply chains. It will include: a) a Cybersecurity Digital Twin (CDT) that discovers the composition and topology of service chains under strict trust constraints, models potential threats and predicts their materialisation and propagation; b) monitoring, detection, investigation, and response processes that leverage the CDT to proactively and adaptively protect single components as well as the whole system.

11:30 - 12:00 CYberSynchrony

"Harmonising People, Processes, and Technology for Robust Cybersecurity" by Violeta Vasileva from Maggioli & Evangelos Michos from IANUS technologies

Abstract: CYberSynchrony is a EU-funded project that introduces a holistic modular framework, amalgamating pioneering technologies to cultivate a cohesive, resilient cybersecurity infrastructure. Integrating every facet of organizational security, from technological advancements and human contributions to streamlined processes and a security-centric culture, the project lays significant emphasis on rapid incident responses. This ensures enhanced preparedness and mutual assistance, providing an efficient counter to cyber threats.

12:00 - 12:20 Brunch / Coffee Break ☕

12:20 - 12:50 RESCALE

"Revolutionising Supply Chain Security through Trusted Automation" by Panos Antoniou from AEGIS

Abstract: The RESCALE project (Revolutionised Enhanced Supply Chain Automation with Limited Threats Exposure) delivers a cutting-edge platform for auditing and securing software and hardware supply chains. This presentation will provide an overview of the project’s objectives, architecture, and its approach to enhancing cybersecurity in supply chains through trusted bills of materials (TBOMs), automated vulnerability analysis, and real-time assurance mechanisms. A video demonstration will be included to showcase how the RESCALE tools integrate into CI/CD pipelines and support dynamic and static analysis for component-level security validation.

12:55 - 13:25 LAZARUS

"Intelligence Inside: AI-Powered Defense for Your Code with LAZARUS"  by Eleni Maria Kalogeraki from Maggioli & Panagiotis Markovits from SOLVUS

Abstract: An introduction to LAZARUS, a 3-year EU-funded project building a holistic, AI-enhanced DevSecOps platform. LAZARUS integrates advanced ML methods to secure every stage of the Software Development Life Cycle (SDLC) — from early code analysis to deployment — enabling smarter, automated vulnerability detection and code hardening.

13:30 - 14:00 ATHENA

"Strengthening Cyber Resilience in the Water Sector" by Ricardo Lugo from TalTech

Abstract: The water sector is increasingly vulnerable due to growing digitisation, especially in operational technology, where cyber risk awareness remains low despite potentially severe consequences. ATHENA addresses this fragility by developing innovative, co-created training modules to boost cyber resilience. The project focuses on upskilling personnel through scientifically grounded, Europe-wide cyber risk training. In partnership with European infrastructure providers, academics, and security experts, ATHENA uses simulations, mixed reality, and gamification to enhance readiness against cyber threats.

14:05 - 14:35 CyberSecPro 

"A Collaborative, Multi-modal and Agile Professional Cybersecurity Training Program for A Skilled Workforce In the European Digital Single Market and Industries" by Pinelopi Kyranoudi from Technical University of Crete

Abstract: EU Higher Education Institutions (HEIs) have more than 128 cybersecurity academic programs (undergraduate and graduate) as identified by ENISA (CyberHEAD), JRC (ATLAS) and a variety of reports by the 4 pilot projects (Sparta, CyberSec4Europe, ECHO, CONCORDIA). These academic programs, with their static curricula, do not provide the dynamic capabilities and emerging skills needed in the market. The digital transformation imposes the HEIs to enhance their role in preparing the new generation workforce and to upskill the existing one in meeting the challenging and ever-growing cybersecurity challenges (e.g., massive AI attacks).

Fourteen (14) HEIs and thirteen (13) security companies from sixteen (16) EU countries propose the agile CyberSecPro professional cybersecurity practical and hands-on training program that will complement, support, and advance the existing academic programs by linking innovation, research, industry, academia and SME support. CyberSecPro aims to bridge the gap between degrees, working-life and marketable cybersecurity skill sets necessary in the digitalization efforts and become the best practice for all cybersecurity training programs.

14:40 - 15:10 Building Synergies and Collaborations 🌍

8:30 - 8:50 Opening of CyberHOT Day 1 - Registration

8:50 - 9:00 Welcome by the Organisers

9:00 - 11:00 

Room 1: DeepGuardian Security Framework: Hands-On by Pedro Tomas

Abstract: The training will cover the key topics around Intrusion Detection Systems, from traditional approaches to AI-based ones. In addition, cloud-native concepts and technologies are presented, followed by different AI/ML approaches commonly used in IDS systems. A practical hands-on session with DeepGuardian is included.

Info of the tool: The https://deepguardian.org

Requirements for trainees: Laptop, Linux/Debian terminal, web browser, internet connectivity

Room 2: Quantifying Organizational Cybersecurity Awareness in Maritime Operations: A Data-Driven Approach by Ricardo Lugo

Abstract: Cybersecurity awareness is a critical factor in safeguarding maritime operations against cyber threats. This workshop will explore methods to quantify cybersecurity awareness within maritime organizations, using the Human Aspects of Information Security Questionnaire (HAIS-Q) as a standardized measurement tool. Participants will gain insights into assessing organizational cybersecurity readiness, interpreting awareness levels, and implementing targeted interventions. Through interactive discussions and real-world case studies, attendees will learn how to leverage HAIS-Q to enhance security culture, improve compliance, and mitigate human-related vulnerabilities in maritime cybersecurity.

Info of the tool: The Human Aspects of Information Security Questionnaire (HAIS-Q) is a validated tool designed to measure information security awareness in organizations. It assesses three key dimensions—knowledge, attitude, and behavior (KAB model)—across seven focus areas, including password management, email use, internet use, social media, mobile devices, information handling, and incident reporting. HAIS-Q enables organizations to identify security weaknesses and tailor awareness programs to improve cybersecurity resilience.

Download: https://www.sciencedirect.com/science/article/pii/S0167404817300081 

Requirements for trainees: Prior reading of article. Download: https://www.sciencedirect.com/science/article/pii/S0167404817300081 

11:00 - 11:15 Coffee Break ☕

11:15 - 13:15 

Room 1: Secure Network Architecture and Design by Abdelkader Shaaban

Abstract: This presentation will explore cyber threats in maritime networks, highlighting key vulnerabilities in the sector. It will also discuss the process of assessing likelihood, impact, and risk, providing insights into how to apply effective protection measures to mitigate cyber risks. Additionally, I will cover cybersecurity regulations and related standards, ensuring a comprehensive understanding of cybersecurity strategies for protecting critical infrastructure, such as the maritime sector.

Info of the tool: ThreatGet is a threat analysis tool, that aims to automate the threat analysis approach to identify potential threats in a system model due to the existence of security vulnerabilities

Requirements for trainees: A computer is required, but no specific preparation is needed, as ThreatGet is a web-based tool. The tool’s link and necessary credentials will be provided during the session.

Room 2: Hands-on introduction to FastCVE and VulnBERTa as effective toolsets for Vulnerability Management, DevSecOps, SBOM management by Vadim Bogulean

Abstract: This session will introduce the advantages of using and integrating FastCVE into various solutions, due to its: highly-permissive licensing model, modular architecture, micro-service oriented RESTful API design, and highly-scalable dockerized approach. 

The presenter(s)/trainer(s) will provide a high level overview first, and then will proceed to practical hands-on aspects of setup, usage, management, and possible extensions of the tool (e.g., interactive UI/dashboards, etc.)

Info of the tool: https://github.com/binareio/FastCVE. FastCVE - fast, rich and API-based search for CVE and more (CPE, CWE, CAPEC). fastcve is a command-line tool that allows you to search for vulnerabilities in the Common Vulnerabilities and Exposures (CVE) database. The tool provides an easy way to search for vulnerabilities and retrieve relevant information about them, including their descriptions, CVSS scores, and references to related security advisories. fastcve is designed to be fast, lightweight, and easy to use. It provides a simple interface for querying the CVE database, allowing you to search for vulnerabilities based on vendors, products, and other criteria. The tool can be used by security professionals, system administrators, and developers to stay informed about known security vulnerabilities and to assess the risk of their systems and applications. Overall, fastcve is a useful tool for anyone who is interested in keeping up-to-date with the latest information about security vulnerabilities and how they can be addressed.

Requirements for trainees: Git tools (CLI or GUI), Fully functional docker environment (In case of Windows, WSL 2.0 is strongly recommended, and within WSL 2.0 having the latest docker version(s) setup, Linux-based distros are mostly/mainly welcome, however any major OS is welcome provided it supports latest docker versions and functionalities, Choice of developer IDEs

13:15 - 14:15 Lunch Break 🍽️

14:15 - 16:15

Room 1: Advanced Network Fuzzing for Security Testing by Wissam Mallouli

Abstract: In this lecture, we will explore the topic of network fuzzing, a powerful technique for networked system testing, used to identify both software bugs and security vulnerabilities that may affect the reliability and robustness of networked applications. Network fuzzing allows automatically generating and injecting malformed or unexpected inputs into network communications leading to potential crashes, unexpected behaviours, or security breaches. This session will provide both theoretical insights and practical demonstrations using the Montimage Network Fuzzer, an open-source tool designed to enhance automated testing.

Info of the tool: https://github.com/Montimage/NetworkFuzzer

Requirements for trainees: Laptop, Linux (Ubuntu), Docker

Room 2: Maritime Software Security by Pinelopi Kyranoudi

Abstract: This session explores the foundations of software security in the maritime domain, focusing on threats, secure development practices, and real-world attack scenarios. Participants will learn how to apply threat modeling techniques, integrate security into the software lifecycle, and use tools like OWASP Threat Dragon. The training emphasizes practical approaches to protecting maritime digital systems and ensuring resilience in port and vessel operations.

Info of the tool: https://owasp.org/www-project-threat-dragon/ & https://www.threatdragon.com/#/ 

Requirements for trainees: Laptop with at least 4 GB RAM and a modern web browser (e.g., Firefox, Opera, Chrome), Operating System: Windows, macOS, or Linux, Internet connection (for using the web version of Threat Dragon), No prior installation is required, but optionally, trainees can install the desktop version of OWASP Threat Dragon for offline use.

16:15 - 16:30 End of CyberHot Summer School Day 1

8:30 - 8:50 Opening of CyberHOT Day 2 - Registration

8:50 - 9:00 Welcome by the Organisers

9:00 - 11:00 

Room 1: Pentesting Techniques for Maritime Navigation Systems by Bruno Bender

Abstract: Both modules aim at presenting cybersecurity for maritime critical infrastructure as well as presenting pentesting tools and techniques for Maritime Systems as the Automatic Information System (A I S) or other systems based on the use of Radio Frequency technologies and often interconnected with Global Navigation Satellite Systems (GNSS).

A focus will be done on the use, specificities and vulnerabilities of these Systems but we will also grab deep into maritime laws and international regulations. Common vulnerabilities of these systems and applications will be detailed using the analysis of past events.

Info of the tool: AIS transponder 

Requirements for trainees: N/A

Room 2: HATCH – a serious tabletop game on social engineering by Sebastian Pape & Alejandro Quintanar

Abstract:  Participants will receive a short introduction into HATCH and then play the serious game in groups with an instructor / instructors. Within the game, players will

draw cards with psychological principles and social engineering attacks. Based on the cards, they have to come up with social engineering attacks on virtual personas in an energy provider scenario. The other players will rate the feasibility and plausibility of the attacks.

Info of the tool: HATCH, a serious game to raise knowledge and awareness about social engineering attacks.

Requirements for trainees: No computer needed. HATCH is a card game. We will bring the game, participants will only need a pen and perhaps some paper.

11:00 - 11:15 Coffee Break ☕

11:15 - 13:15 

Room 1: Frama-C for Cybersecurity by Julien Signoles

Abstract: Frama-C is an open-source platform for analysis of C code. This lecture presents how to use it to improve code security: How to specify properties with the ACSL specification language and prove them with Frama-C's Wp module, how to find code-level vulnerabilities or demonstrate the absence of a large class of them with the Eva module, and how to verify properties at runtime with the E-ACSL module. It also introduces some advanced uses of Frama-C combining Wp, Eva, and/or E-ACSL with other analyzers of the platform, in order to verify specific security properties, e.g., helping to ensure data confidentiality or system integrity. Several live demos and examples of industrial applications are included in the presentation.

Info of the tool: https://frama-c.com 

Requirements for trainees: Laptop with Frama-C installed (easier on Linux). Alternatively, you can use the Virtual Machine available at: https://julien-signoles.fr/teaching/Frama-C-28.0-vbox.zip

Room 2: Hacking Humans: A Practical Course on Social Engineering by Violeta Vasileva

Abstract: A look into the world of social engineering, showcase some use cases and also a hands-on exercise to analyze potential scenarios and strategies for identifying and mitigating them for critical infrastructures.

Info of the tool: N/A

Requirements for trainees: No specific technical equipment. Nice to have a laptop or phone as there will be an interactive exercise. 

13:15 - 14:15 Lunch Break 🍽️

14:15 - 16:15

Room 1: Authentication, passwords and applied cryptography by Andrei Costin

Abstract: This course teaches the participants technologies and techniques how authentication and crypto is being broken/hacked in practice, and what are practical defence-in-depth approaches. Breaking authentication, passwords and crypto in many cybersecurity situations have far-reaching implications up to complete compromise of any system. Therefore, it is crucial that the participants who set on the professional cybersecurity career path master the background knowledge, techniques and tools that are indispensable for breaking and defending authentication, password and crypto security.

Info of the tool: The training will involved access to cybersecurity lab exercises, Some exercises are based on DVWA, Some exercises are custom and based on applied crypto (mainly CLI tools used, such as john the ripper JtR, as well as template-based code in python for participants to fill-in the gaps).

Requirements for trainees: SSH clients (SSH CLI, Putty, etc.) (to ssh into remote shell where exercises live), curl and wget clients (to call remote APIs), any OS flavor (including dockerized or virtualized) that support the above clients should be enough, ideally Linux-based distros are preferred, but this not a hard/disqualifying requirement

Room 2: Network Security Strategies for Health Systems: A Focus on Endpoints by Vina Rompoti

Abstract: This training covers network security strategies for healthcare, focusing on endpoint protection. Participants will explore threat landscapes, best practices, regulatory compliance and the role of SIEM systems. Through practical exercises and knowledge sharing, they will gain skills to enhance endpoint security and strengthen healthcare networks.

Info of the tool: Security Infusion

Requirements for trainees: N/A

16:15 - 17:00 End of CyberHOT Summer School Day 2 - Participation Certifications