Day 1 - 22nd October 2026

8:00 - 8:30 Opening of CyberHOT Day 1 - Registration

8:30 - 9:00 Welcome by the Organisers

9:00 - 10:30 DeepGuardian Security Framework: Hands-On

by Pedro Tomás

Abstract: The training will cover the key topics around Intrusion Detection Systems, from traditional approaches to AI-based ones. In addition, cloud-native concepts and technologies are presented, followed by different AI/ML approaches commonly used in IDS systems. A practical hands-on session with DeepGuardian is included.

Tool to be used: https://deepguardian.org

Requirements for trainees: Laptop, Linux/Debian terminal, web browser, internet connectivity (docker, gitlab, and kubectl installed are advised)

10:30 - 10:45 Coffee Break ☕

10:45 - 12:15 Hands-on Phishing Detection Training through Serious Gaming

by Leandros Maglaras, Spyros Papagiannopoulos, Luong Nguyen, Wissam Mallouli

Abstract: The training will cover the key topics around Intrusion Detection Systems, from traditional approaches to AI-based ones. In addition, cloud-native concepts and technologies are presented, followed by different AI/ML approaches commonly used in IDS systems. A practical hands-on session with DeepGuardian is included.

Tool to be used: https://deepguardian.org

Requirements for trainees: Laptop, Linux/Debian terminal, web browser, internet connectivity (docker, gitlab, and kubectl installed are advised)

12:15 - 12:45 Poster Session 📜

12:45 - 13:45 Lunch Break 🍽️

13:45 - 15:15 Incident Response Playbooks: From Strategy to Automated Execution

by Leandros Maglaras, Spyros Papagiannopoulos, Luong Nguyen, Wissam Mallouli

Abstract: This training session provides a comprehensive introduction to incident response playbooks, combining theoretical foundations with practical demonstration. Participants will learn how to design, structure, and operationalize playbooks to effectively detect, analyze, and respond to cybersecurity incidents. The session will cover best practices for standardizing response procedures, integrating automation, and leveraging AI-driven tools to enhance efficiency and consistency. A live demo will illustrate how playbooks can be applied in real-world scenarios to accelerate response time and improve resilience.

Tool to be used: AI4SOAR

Requirements for trainees: Ubuntu OS. Follow instructions here : https://github.com/montimage/ai4soar

15:15 - 15:30 Coffee Break ☕

15:30 - 17:00 Cymph platorm & Hyper-Automation Platforms like Stackstorm or N8N

by Manos Athanatos

Abstract: TBA

Tool to be used: TBA

Requirements for trainees: Laptop, Web access

17:00 End of CyberHOT Summer School Day 1

Day 2 - 23rd October 2026

8:00 - 8:30 Opening of CyberHOT Day 2

8:30 - 9:00 Welcome by the Organisers

9:00 - 10:30 SW Vulnerability Assessment & Hands-on Training Courses

by Marinos Tsantekidis

Abstract: Bridging the gap between theoretical security and practical execution requires immersive, hands-on training environments. This session introduces participants to the PSTVA Toolkit via CONSOLE, a platform dedicated to static and dynamic code analysis. Utilizing CONSOLE’s integrated training module - powered by Moodle technology - attendees will engage in a custom-built Capture The Flag (CTF) exercise designed to simulate real-world vulnerability assessment workflows.

The workshop is structured into three core phases. First, participants will master the foundational mechanics of the PSTVA environment and its underlying open-source security utilities: nmap for network discovery, nikto for web server scanning, ffuf for web fuzzing, and nuclei for automated vulnerability scanning. Second, we will map out the specific penetration testing methodology required to analyze a deliberately vulnerable target service (such as Metasploitable). Finally, participants will apply these tools in real time, navigating the attack lifecycle to identify flaws, exploit weaknesses, and successfully capture the flag. Attendees will leave with a practical framework for conducting structured vulnerability assessments.

Tools to be used: nmap (network mapper), nikto (vulnerability scanner), fuff (web fuzzer), nuclei (vulnerability scanner), bandit (Python), dca (JavaScript, Node.js), horusec (Java, Kotlin, Kubernetes, Node.js, C#, Dart, Nginx, Swift), insider (Java, JavaScript, C#, Kotlin, Swift), njsscan (Node.js), zapproxy (Web), gosec (Go), progpilot (PHP), sql-injection (Web), Moodle (e-learning)

Requirements for trainees: Level of experience: Basic understanding of security and network-related terms, Own laptop: >8GB RAM, >10GB disk space, Internet browser, VM player (VMware or VirtualBox), Docker environment, OS: Unix-based or Windows with WSL support

10:30 - 10:45 Coffee Break ☕

10:45 - 12:15 Reverse Engineering Browser Synchronisation Protocols

by Pantelina Ioannou

Abstract: Browser synchronisation services enable users to seamlessly share browsing state and activity across multiple devices, improving usability and session continuity. This hands-on workshop explores the technical aspects of browser synchronisation through reverse engineering, traffic analysis, and synchronisation artefact investigation. Participants will build synchronised environments using a host machine and a virtual machine acting as a second device, perform browsing and synchronisation actions, capture synchronisation traffic using a MiTM proxy, and analyse browser storage and synchronisation behaviour. 

The workshop investigates synchronisation workflows, protocol behaviour, and observable metadata across both account-based and account-less synchronisation approaches, while discussing the associated privacy implications.

Tool to be used: Virtual machine environment (VirtualBox/VMware), synchronised browsers (e.g., Firefox, Chrome, Brave), mitmproxy for interception and analysis of synchronisation traffic, Wireshark for network traffic analysis.

Requirements for trainees: Trainees should bring a laptop (Windows/Linux/macOS, recommended: at least 8 GB RAM) with VirtualBox or VMware pre-installed and a working Ubuntu virtual machine. Basic knowledge of networking concepts, basic familiarity with the Linux command line, and some experience with Wireshark or similar traffic analysis tools is recommended.

12:15 - 12:45 Poster Session 📜

12:45 - 13:45 Lunch Break 🍽️

13:45 - 15:15 Automating Cybersecurity Risk Assessment Through System Modelling

by Nicholas Fair

Abstract: Participants will get hands-on with the Spyderisk - System Security Modeller tool (SSM), learning how to model a basic AI system (inc. the people, places and processes involved in the system) and run an automated risk assessment. Then participants will learn how to interpret the results and apply Controls and Control Strategies to model mitigations. There will also be a chance to discover the AI Trustworthiness Assessment Framework and to join the international MITHRA risk assessment community.

Tool to be used: Spyderisk - System Security Modeller

Requirements for trainees: No experience needed, but an understanding and interest in cybersecurity risk assessment core concepts will be beneficial. Participants will need to bring their own laptops.

15:15 - 15:30 Coffee Break ☕

15:30 - 17:00 TrustGuard: An in-isolation AI Risk Assessment System

by Eleni Tsalapati

Abstract: In the session, trainees will be offered a hands-on training on the TrustGuard system. TrustGuard is an in-isolation AI risk assessment system designed to evaluate risks arising from the compromise of key trustworthiness characteristics—such as safety, security and resilience—across both model and data assets throughout the entire AI lifecycle, from design and development to deployment. In addition to identifying risks, the tool provides asset-level controls to support targeted mitigation.

Built as a checklist-based solution, TrustGuard operationalises a six-phase, risk-based methodology defined within the FAITH trustworthiness assessment framework and is aligned with ISO 27005 and ISO 42001 standards.

The tool assesses trustworthiness dimensions derived from leading European and international best practices and standards, including guidance from the EU High-Level Expert Group on AI (HLEG), ENISA, NIST’s AI Risk Management Framework, and relevant ISO/IEC initiatives. Together, these references form a comprehensive framework for evaluating and promoting trustworthy AI systems.

Tool to be used: TrustGuard system

Requirements for trainees: Trainees must be familiar with AI technologies. Initially, slides will be presented, so a projector with HDMI will be needed. Also, as TrustGuard is a web-based application, laptops and Internet access will be required.

17:00 - 17:30 End of CyberHOT Summer School Day 2 - Certifications