9:30 - 9:45 Registration & Welcome by the Organisers

9:45 - 10:15 CyberSecDome by Vina Rompoti from ITML 

Abstract: CyberSecDome is a visionary European project that integrates Artificial Intelligence and Virtual Reality technologies to predict and efficiently respond to cybersecurity threats. It enhances resilience, privacy and situational awareness across complex digital infrastructures by enabling real-time threat detection, collaborative responses and privacy-aware information sharing.

10:20 - 10:50 LAZARUS

"Intelligence Inside: AI-Powered Defense for Your Code with LAZARUS" by Eleni Maria Kalogeraki from Maggioli

Abstract: An introduction to LAZARUS, a 3-year EU-funded project building a holistic, AI-enhanced DevSecOps platform. LAZARUS integrates advanced ML methods to secure every stage of the Software Development Life Cycle (SDLC) — from early code analysis to deployment — enabling smarter, automated vulnerability detection and code hardening.

10:55 - 11:25 SYNAPSE

"LLM-Powered Intent-Based Categorization of Phishing Emails" by Even Eilertsen

11:30 - 12:00 PHOENI2X by Sebastian Pape

12:00 - 12:20 Brunch / Coffee Break ☕

12:20 - 12:50 fAith by Nineta Polemi from UPRC/trustilio

12:55 - 13:25 NG-SOC

"Next Generation Security Operation Centres by European Dynamics" by Konstantinos Gombakis from European Dynamics

Abstract: NG-SOC aims to establish a network of AI-enabled, interoperable Security Operations Centres (SOCs) across EU member states to enhance cybersecurity through collaboration, information sharing, and coordinated threat response. The project will deliver a shared SOC service that integrates threat intelligence (CTI) tools, AI-driven threat detection, and response capabilities aligned with EU standards. Key components include a CTI exchange toolbox, coordinated incident response mechanisms, specialized cybersecurity training, and an open, standards-based architecture to support cross-border collaboration. NG-SOC’s solution will be validated in the banking, energy, and CSIRT training sectors.

13:30 - 14:30 CyberOpsArena

"A demonstration of a Cyber Range platform for realistic cybersecurity training" by George Lazaridis from ITI, CERTH

Abstract: This hands-on session introduces participants to the fundamentals and practical application of Cyber Range environments for cybersecurity training. Attendees will explore simulated network infrastructures and engage in real-world cyberattack and defense scenarios. Key concepts such as threat detection, incident response, red/blue team operations and vulnerability exploitation will be demonstrated in a controlled and gamified environment. The session aims to enhance practical skills through immersive exercises, preparing participants for real-life security challenges.

Tool used for the session: CERTH’s Cyber Range platform

Requirements for trainees: Laptop, web browser, internet connectivity, basic familiarity with networking and cybersecurity concepts

9:30 - 9:45 Registration & Welcome by the Organisers

9:45 - 10:15 CUSTODES 

"A Certification approach for dynamic, agile and reUSable assessmenT for composite systems of ICT proDucts, servicEs, and processeS" by Andreas Miaoudakis from CyberAlytics LImited

Abstract: In an increasingly digital world, cybersecurity certification is a vital tool to enhance trust. However, the complex nature of this process presents numerous challenges. With this in mind, the EU-funded CUSTODES project will provide cost-effective, agile, and portable conformity assessment capabilities for a wide range of stakeholders. CUSTODES comprises various components designed to discover and translate certification information, offering transparency and trust in the evaluation of ICT products and services. It utilises a Restricted & Trusted Execution (RTE) environment to safeguard the product's custody during assessment.

10:20 - 10:50 RIGOROUS 

"secuRe desIGn and deplOyment of trUsthwoRthy cOntinUum computing 6G Services (RIGOUROUS)" by Pedro Tomás from ONE

Abstract: The RIGOUROUS project represents a critical step towards ensuring the resilience of 6G against evolving cyber threats. By harnessing the power of ML and AI, RIGOUROUS is creating a dynamic DevSecOps and DevPrivOps aligned security solution that can adapt to the ever-changing threat landscape and safeguard the trust and reliability of future 6G networks. The project’s scope extends beyond security to encompass privacy and trust as well. Innovative techniques to embed privacy-preserving mechanisms into 6G architectures are being explored, ensuring that user data is protected and respected. Additionally, methods for establishing and maintaining trust in the use of future networks, including a human factor, are also being explored.

10:55 - 11:25 MIRANDA 

"Monitoring, Investigation and Response to cyber-attacks with an Adaptive digital twiN moDel for Agile services over the computing continuum" by Luis Cordeiro from ONE

Abstract: The MIRANDA project will design, develop, deploy, and validate a framework for collaborative cyber-security operations over service supply chains. It will include: a) a Cybersecurity Digital Twin (CDT) that discovers the composition and topology of service chains under strict trust constraints, models potential threats and predicts their materialisation and propagation; b) monitoring, detection, investigation, and response processes that leverage the CDT to proactively and adaptively protect single components as well as the whole system.

11:30 - 12:00 CYberSynchrony

"Harmonising People, Processes, and Technology for Robust Cybersecurity" by Violeta Vasileva from Maggioli & Xenia Economidou from IANUS technologies

Abstract: CYberSynchrony is a EU-funded project that introduces a holistic modular framework, amalgamating pioneering technologies to cultivate a cohesive, resilient cybersecurity infrastructure. Integrating every facet of organizational security, from technological advancements and human contributions to streamlined processes and a security-centric culture, the project lays significant emphasis on rapid incident responses. This ensures enhanced preparedness and mutual assistance, providing an efficient counter to cyber threats.

12:00 - 12:20 Brunch / Coffee Break ☕

12:20 - 12:50 ATHENA

"Strengthening Cyber Resilience in the Water Sector" by Ricardo Lugo & Vanessa Roberts from TalTech

Abstract: The water sector is increasingly vulnerable due to growing digitisation, especially in operational technology, where cyber risk awareness remains low despite potentially severe consequences. ATHENA addresses this fragility by developing innovative, co-created training modules to boost cyber resilience. The project focuses on upskilling personnel through scientifically grounded, Europe-wide cyber risk training. In partnership with European infrastructure providers, academics, and security experts, ATHENA uses simulations, mixed reality, and gamification to enhance readiness against cyber threats.

12:55 - 13:25 CyberSecPro by Pinelopi Kyranoudi from Technical University of Crete

13:30 - 14:00 RESCALE by TBD

14:05 - 14:35 Building Synergies and Collaborations 🌍

8:30 - 8:50 Opening of CyberHOT Day 1 - Registration

8:50 - 9:00 Welcome by the Organisers

9:00 - 11:00 

Room 1: DeepGuardian Security Framework: Hands-On by Pedro Tomas

Abstract: The training will cover the key topics around Intrusion Detection Systems, from traditional approaches to AI-based ones. In addition, cloud-native concepts and technologies are presented, followed by different AI/ML approaches commonly used in IDS systems. A practical hands-on session with DeepGuardian is included.

Tool used for the session: https://deepguardian.org

Requirements for trainees: Laptop, Linux/Debian terminal, web browser, internet connectivity

Room 2: Quantifying Organizational Cybersecurity Awareness in Maritime Operations: A Data-Driven Approach by Ricardo Lugo

Abstract: Cybersecurity awareness is a critical factor in safeguarding maritime operations against cyber threats. This workshop will explore methods to quantify cybersecurity awareness within maritime organizations, using the Human Aspects of Information Security Questionnaire (HAIS-Q) as a standardized measurement tool. Participants will gain insights into assessing organizational cybersecurity readiness, interpreting awareness levels, and implementing targeted interventions. Through interactive discussions and real-world case studies, attendees will learn how to leverage HAIS-Q to enhance security culture, improve compliance, and mitigate human-related vulnerabilities in maritime cybersecurity.

Requirements for trainees: Prior reading of article. Download: https://www.sciencedirect.com/science/article/pii/S0167404817300081 

11:00 - 11:15 Coffee Break ☕

11:15 - 13:15 

Room 1: Secure Network Architecture and Design by Abdelkader Shaaban

Abstract: This presentation will explore cyber threats in maritime networks, highlighting key vulnerabilities in the sector. It will also discuss the process of assessing likelihood, impact, and risk, providing insights into how to apply effective protection measures to mitigate cyber risks. Additionally, I will cover cybersecurity regulations and related standards, ensuring a comprehensive understanding of cybersecurity strategies for protecting critical infrastructure, such as the maritime sector.

Room 2: Hands-on introduction to FastCVE and VulnBERTa as effective toolsets for Vulnerability Management, DevSecOps, SBOM management by Vadim Bogulean

13:15 - 14:15 Lunch Break 🍽️

14:15 - 16:15

Room 1: Advanced Network Fuzzing for Security Testing by Wissam Mallouli

Abstract: In this lecture, we will explore the topic of network fuzzing, a powerful technique for networked system testing, used to identify both software bugs and security vulnerabilities that may affect the reliability and robustness of networked applications. Network fuzzing allows automatically generating and injecting malformed or unexpected inputs into network communications leading to potential crashes, unexpected behaviours, or security breaches. This session will provide both theoretical insights and practical demonstrations using the Montimage Network Fuzzer, an open-source tool designed to enhance automated testing.

Tool used for the session: https://github.com/Montimage/NetworkFuzzer

Requirements for trainees: Laptop, Linux (Ubuntu), Docker

Room 2: Maritime Software Security by Pinelopi Kyranoudi

Abstract: This session explores the foundations of software security in the maritime domain, focusing on threats, secure development practices, and real-world attack scenarios. Participants will learn how to apply threat modeling techniques, integrate security into the software lifecycle, and use tools like OWASP Threat Dragon. The training emphasizes practical approaches to protecting maritime digital systems and ensuring resilience in port and vessel operations.

16:15 - 16:30 End of CyberHot Summer School Day 1

8:30 - 8:50 Opening of CyberHOT Day 2 - Registration

8:50 - 9:00 Welcome by the Organisers

9:00 - 11:00 

Room 1: Pentesting Techniques for Maritime Navigation Systems by Bruno Bender

Abstract: Both modules aim at presenting cybersecurity for maritime critical infrastructure as well as presenting pentesting tools and techniques for Maritime Systems as the Automatic Information System (A I S) or other systems based on the use of Radio Frequency technologies and often interconnected with Global Navigation Satellite Systems (GNSS).

A focus will be done on the use, specificities and vulnerabilities of these Systems but we will also grab deep into maritime laws and international regulations. Common vulnerabilities of these systems and applications will be detailed using the analysis of past events.

Room 2: HATCH – a serious tabletop game on social engineering by Sebastian Pape

Abstract:  Participants will receive a short introduction into HATCH and then play the serious game in groups with an instructor / instructors. Within the game, players will

draw cards with psychological principles and social engineering attacks. Based on the cards, they have to come up with social engineering attacks on virtual personas in an energy provider scenario. The other players will rate the feasibility and plausibility of the attacks.

Requirements for trainees: No computer needed. HATCH is a card game. We will bring the game, participants will only need a pen and perhaps some paper.

11:00 - 11:15 Coffee Break ☕

11:15 - 13:15 

Room 1: Frama-C for Cybersecurity by Julien Signoles

Abstract: Frama-C is an open-source platform for analysis of C code. This lecture presents how to use it to improve code security: How to specify properties with the ACSL specification language and prove them with Frama-C's Wp module, how to find code-level vulnerabilities or demonstrate the absence of a large class of them with the Eva module, and how to verify properties at runtime with the E-ACSL module. It also introduces some advanced uses of Frama-C combining Wp, Eva, and/or E-ACSL with other analyzers of the platform, in order to verify specific security properties, e.g., helping to ensure data confidentiality or system integrity. Several live demos and examples of industrial applications are included in the presentation.

Tool used for the session: https://frama-c.com 

Requirements for trainees: Laptop with Frama-C installed (easier on Linux). Alternatively, you can use the Virtual Machine available at: https://julien-signoles.fr/teaching/Frama-C-28.0-vbox.zip

Room 2: Hacking Humans: A Practical Course on Social Engineering by Violeta Vasileva

Abstract: A look into the world of social engineering, showcase some use cases and also a hands-on exercise to analyze potential scenarios and strategies for identifying and mitigating them for critical infrastructures.

13:15 - 14:15 Lunch Break 🍽️

14:15 - 16:15

Room 1: Applied cryptography practices by Andrei Costin

Abstract: This course teaches the participants technologies and techniques how authentication and crypto is being broken/hacked in practice, and what are practical defence-in-depth approaches. Breaking authentication, passwords and crypto in many cybersecurity situations have far-reaching implications up to complete compromise of any system. Therefore, it is crucial that the participants who set on the professional cybersecurity career path master the background knowledge, techniques and tools that are indispensable for breaking and defending authentication, password and crypto security.

Room 2: Network Security Strategies for Health Systems: A Focus on Endpoints by Vina Rompoti

Abstract: This training covers network security strategies for healthcare, focusing on endpoint protection. Participants will explore threat landscapes, best practices, regulatory compliance and the role of SIEM systems. Through practical exercises and knowledge sharing, they will gain skills to enhance endpoint security and strengthen healthcare networks.

16:15 - 17:00 End of CyberHOT Summer School Day 2 - Participation Certifications