Programme
Survey 1: Profiling
This is the first part of the questionnaire. Each participant is invited to answer this part ONCE.
Survey 2: Module Feedback
Please submit feedback regarding the Cyber-security Training you have just completed. To be filled 8 times by the trainee, ONE for EACH training session.
Day 1 - 9th September
8:30 - 8:50 Opening of CyberHOT Day 1 - Registration
8:50 - 9:00 Welcome by the Organisers
9:00 - 9:30 Keynote Speaker - Automating Cyber Defenses Tejas Patel (DARPA Program Manager)
9:35 - 11:35 Training Session 1:
Penetration Testing and Crowdsourcing platforms by Christos Grigoriadis (Focal Point) & Dimitris Koutras (UPRC)
Exploitation identifies vulnerabilities like buffer overflows and format string issues by analyzing and manipulating executable code. This training assesses internal threats, patch management, and web based incident response strategies and overall security posture flaws.
Topics: Web, Network, Systems, Bug Bounty
Tools: Hack The Box platform
Requirements: Basic knowledge of security
11:40 - 11:50 Coffee Break ☕
11:55 - 12:55 Training Session 2:
Communication in Cyber Incident Response by Ricardo Lugo (TalTech) & Paresh Rathod (Laurea & trustilio BV)
Topics: Cyber Situational Awareness Communication for Decision-making.
Requirements: No requirements
13:00 - 13:55 Lunch Break 🍽️
14:00 - 16:00 Training Session 3:
(1) Cybersecurity Stack: Fundamental Software Tools (2) Secure Healthcare Software Development by Stylianos Karagiannis (PDMFC) & Luis Miguel Campos (PDMFC)
Module 1: This module provides an in-depth exploration of essential software tools used in cybersecurity. Learners will gain practical skills in deploying and utilizing these tools to protect digital environments effectively.
Module 2: Participants will learn to conduct code scanning and maintain healthcare software that meets security standards.
Topics:
Module 1:
Port Scanning
Network Topology
Virtualization
IDS
Brute Force Attacks
Vulnerability Scanning
Module 2:
Static Application Security Testing
Code Inspection
Vulnerability Management
CVE, CWE, OWASP taxonomies
Tools:
Module 1: Laptop with access to Jupyter Notebook on Google Collabs or Kali Linux (as VM) to participate actively on a virtual lab, at least 8GB RAM free, 40 SSD free
Module 2: SAST Tools (e.g., CodeQL), GIT, DAST Tools
Requirements: Need to create account on Google Collabs and GitHub (if not have one), have a spare Linux VM or native just in case.
16:05 - 16:15 Coffee Break ☕
16:20 - 17:20 Training Session 4:
The weaponization of OSINT by Vanessa (TalTech) & Ahmed Nasr (TalTech)
A presentation and a demo explaining the case on targeting OT personnel.
Topics: OSINT, OT personnel
Tools: We as presenters BOYD, but important to have a screen where to present and speakers just in case if we need to present the demo in video form.
Requirements: Basic knowledge of security.
17:20 – 17:30 End of CyberHot Summer School Day 1
Day 2 - 10th September
8:30 - 8:50 Opening of CyberHOT Day 2
8:50 - 9:00 Welcome by the Organisers
9:00 - 11:05 Training Session 5:
Network Security Essentials and Penetration Testing for SMEs by Paresh Rathod (Laurea & trustilio BV) & Riku Salmenkylä (Laurea), Foteini Petropoulou (Zelus) & Thanos Apostolidis (Zelus)
This workshop dives into the growing importance of Network Security Essentials and Penetration Testing for SMEs. The training also offers the hands-on demo of Nmap and Wireshark for Penetration Testing and Cybersecurity. We will explore two key initiatives that offers more comprehensive professional training on the subject including EU CyberSecPro and NERO project.
Topics:
What penetration testing is and why it is important
The different types of penetration testing
The tools and techniques used by penetration testers
How to identify vulnerabilities in networks and systems
Demo: Use of Nmap and Wireshark for Penetration Testing and Cybersecurity
Tools: Demo of Wireshark and NMap (how these two tools can be used offensively and defensively)
Requirements: Open mind, curiosity and basic knowledge of security
11:10 - 11:20 Coffee Break ☕
11:25 - 13:25 Training Session 6:
Mechanics for Modern Attacks by Elias Athanasopoulos (UCY) & Dimitra Siaili (ITML)
In the first part we are going to discuss how memory corruption is still a problem, and in the second part more attacks and defenses in the energy sector.
Topics:
Module 1: safe vs unsafe systems, memory-safe vulnerabilities, stack in Intel/32-bit, code injections, defenses.
Module2: Real-time Threat Notifications and Response, Vulnerability Management and Reporting.
Tools: Module 1: gdb, gcc or clang toolchain for Intel/32-bit
Requirements: No Requirements
13:30 - 14:25 Lunch Break 🍽️
14:30 - 16:30 Training Session 7:
Mastering Cyber Defense: Hands-On Training with Montimage Cyber Range by Wissam Mallouli (MI), Pedro Tomás (OneSource) & Luis Cordeiro (OneSource)
The seminar will address the crucial aspects of cybersecurity by immersing participants in the practical use of the Montimage Cyber Range. Attendees will learn how to generate, detect, and respond to various cyber attacks, including ransomware, phishing, and denial of service (DoS) attacks. Using Montimage's advanced MMT solution, this hands-on training will provide real-world scenarios to enhance skills and preparedness in cybersecurity defense. The training is supported by NERO and CYBERSUITE HE projects.
Topics: Concept of cyberranges (W), Generating Cyber Attacks (P), Detection Techniques (P), Response and Mitigation (W), Practical Exercises (WP)
Tools: Montimage ADR Cyber Range, MMT (Montimage Monitoring Tool), Antiphishing cyberrange
Requirements: Basic understanding of cybersecurity concepts, Familiarity with network protocols and architecture
16:35 - 16:40 Coffee Break ☕
16:45 - 17:45 Training Session 8:
Sector Specific Controls and Standards by Argyro (Iro) Chatzopoulou (APIRO), George Kliafas (MAG) & Pinelopi Kyranoudi (TUC)
This session covers the following subjects:
An introduction to ISO/IEC 27001, the applicability and controls.
Examples of how the controls change based on the sector:
Example Energy sector
Example Health sector
Example Maritime sector - Software Security in the Maritime Industry
Topics:
Security Governance
Risk Management
Introduction to Software Security in the Maritime Industry
Principles of secure software development lifecycle (SDLC) tailored for the maritime industry
Understanding the process of threat modelling for identifying and mitigating maritime software security risks
Requirements: Basic knowledge of security
17:50 – 18:00 End of CyberHot Summer School Day 2 - Certifications 🏆🎓
19:00 Social Dinner for the Trainers 🍽️ at Salty
Nice to have Requirements for the attendees: