Winter School • Hackathons • Labs • Realistic Cyber Range Exercises

Session 1 – Introduction to Cybersecurity

Trainer

            Davide Ferraris, Universidad de Málaga

Session Details

1. Session Title:
   Introduction to Cybersecurity
2. Session Description:
   Explain Cybersecurity fundamentals, why it is important, how it is implemented and basic techniques
3. Key Learning Objectives:
   Improve awareness on Cybersecurity

Lab Details

1. Lab Title:
   Virtual Machine Setup and Hands-on Cybersecurity Concepts
2. Lab Description:
   Using a virtual machine (Linux) with installed Wireshark, access to cryptii (online) to exercise with cryptography, also OpenSSL
3. Key Learning Objectives:
   Apply cryptography and improve skills on this important aspect.
4. Tools/Software Required:
   Wireshark, Cryptii, OpenSSL in a Linux Virtual Machine.

Session 2 – Operating System Security

Trainer

            Stylianos Karagiannis, PDM/Ionian University

Session Details

1. Session Title:
   Operating System Security 
2. Session Description:
   This session provides a concise introduction to operating system security, focusing on managing permissions, system hardening, and configuring firewalls in Linux and Windows. Participants will explore best practices and tools to secure systems against threats, with an emphasis on practical, real-world application.
3. Key Learning Objectives:
   Understand file system permissions and their role in operating system security.
   Learn system hardening techniques for Linux and Windows environments.
   Configure and manage firewalls using UFW and Windows Firewall.

Lab Details

1. Lab Title:
   Operating System Hardening
2. Lab Description:
   This lab focuses on system hardening using Lynis, an open-source security auditing tool for Linux. Participants will perform a detailed security audit, analyze the results, and implement hardening measures to strengthen the operating system against threats. The hands-on activities will provide practical experience in identifying and mitigating vulnerabilities. In addition, the lab provides hands-on practice in managing permissions, performing system audits with Lynis, and configuring firewalls in Linux and Windows environments.
3. Key Learning Objectives:
   Configure and audit file system permissions in Linux and Windows.
   Analyze audit reports to identify potential vulnerabilities.
   Apply OS hardening techniques based on the recommendations from Lynis.
   Understand the importance of compliance and benchmarking in security.
   Set up and manage firewalls using UFW in Linux and Windows Firewall.
4. Tools/Software Required:
   VirtualBox (for MAC users install UTM and follow: https://www.youtube.com/watch?v=ikepa9QD3t0)
   Installed virtual machines Ubuntu, and ParrotOS.
   Lynis (pre-installed in the Linux VM).
   UFW and Windows Firewall utilities.

Session 3 – Cybersecurity in the Energy Domain: Theories and Strategies for Network Protection

Trainer

            Shaaban Abdelkader, Austrian Institute of Technology

Session Details

1. Session Title:
   Cybersecurity in the Energy Domain: Theories and Strategies for Network Protection 
2. Session Description:
   The session will include an overview and discussion of common network protocols, such as TCP/IP, along with topics on internet and web security. Additionally, the session will provide an introduction to the energy domain and highlight the most common cybersecurity vulnerabilities within this sector.
3. Key Learning Objectives:
   Understanding the fundamental concepts of network security.
   Acquire knowledge about common vulnerabilities and threats in specific network systems and their associated protocols, including not only TCP/IP but also those used in industrial communication networks.
   Gain knowledge in the most relevant security protocols, such as SSL/TLS and IPSec, and understand their critical role in protecting systems and communication networks.
   Gain a basic understanding of security in the energy domain and identify the most common security vulnerabilities in this sector.

Lab Details

1. Lab Title:
   Practical Activities on Network Cyberattacks and Protection Strategies
2. Lab Description:
   The practical activities lab will cover a variety of exercises designed to demonstrate how cyberattacks can compromise network data and highlight the importance of implementing robust cybersecurity measures to minimize cyber risks. These activities will include code injection, packet injection, DoS attacks, ARP spoofing, packet sniffing, and more, alongside prevention and detection methods to mitigate network-related cyber risks. The lab will be conducted within the GNS3 network simulation environment to simulate all planned practical activities in a secure, closed virtual environment.
3. Key Learning Objectives:
   An understanding of how various cyberattacks can compromise network security and emphasize the importance of implementing effective protection mechanisms to secure networks.
   Provide insights into designing and implementing detection and prevention mechanisms to protect network assets and associated data.
4. Tools/Software Required:
   The practical lab will be conducted within a virtual environment using the GNS3 network simulator. Participants will be required to set up separate virtual machines to simulate a network, highlighting the roles of attacker and victim machines within the GNS3 network.

Session 4 – Access Control and Authentication: Foundations and SOC Design for Incident Management

Trainer

            Rodrigo Adão da Fonseca, Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa

Session Details

1. Session Title:
   Access Control and Authentication: Foundations and SOC Design for Incident Management 
2. Session Description:
   This session will explore the theoretical foundations of Access Control and Authentication, focusing on essential principles and practices to safeguard systems from unauthorized access. In the second part, we will delve into the components of a Security Operations Center (SOC) project for incident management and alarm handling, providing practical insights into designing and operating an effective SOC.
3. Key Learning Objectives:
   Understand the theoretical foundations of Access Control and Authentication.
   Learn key principles and practices to secure systems against unauthorized access.
   Gain practical insights into SOC design, focusing on incident management and alarm handling.

Lab Details

1. Lab Title:
   SOC Design and Incident Management: Practical Exercise
2. Lab Description:
   This lab will provide participants hands-on experience in SOC design and incident management related to access control and credentials. Participants will engage in group exercise to simulate real-world SOC scenario and test their knowledge in a quiz-style game inspired by Trivial Pursuit, focused on SOC concepts and practices.
3. Key Learning Objectives:
   Apply theoretical knowledge to design a SOC model tailored for effective incident management.
   Collaborate in groups to analyze and solve SOC-related scenarios.
   Demonstrate understanding of SOC concepts through a quiz-style challenge.
4. Tools/Software Required:
   None

Session 5 – Navigating Cyber Threats: The Risk of Vulnerable Binaries

Trainer

            Dimitris Koutras, University of Piraeus

Session Details

1. Session Title:
   Navigating Cyber Threats: The Risk of Vulnerable Binaries
2. Session Description:
   This session will explore the risks associated with vulnerable software and binaries in critical systems. It will cover key topics such as identifying vulnerabilities, assessing risks, and mitigation strategies to protect critical assets.
3. Key Learning Objectives:
   Understand the role of software in modern critical operations.
   Identify common vulnerabilities in binaries and software systems.
   Learn mitigation strategies to secure software.

Lab Details

1. Lab Title:
   Vulnerability Tracking and Exploitation: Hands-On
2. Lab Description:
   This lab provides a practical approach to identifying, tracking, and mitigating vulnerabilities in binaries systems. Participants will engage in hands-on activities to explore real-world scenario
3. Key Learning Objectives:
   Apply vulnerability identification techniques in binary systems.
   Demonstrate the ability to mitigate common vulnerabilities.
   Develop skills in using debugging and testing tools.
4. Tools/Software Required:
   Debugging tools like GDB.
   Tools for binary analysis (e.g., objdump, strace).
   Pre-installed virtual machines with necessary software.

Session 6 – Cyber Security Risk and Vulnerability Management

Trainer

            Shareeful Islam, Security Labs Consulting

Session Details

1. Session Title:
   Cyber Security Risk and Vulnerability Management
2. Session Description:
   This section provides an overview of cybersecurity risk management and allows the learners to understand the threats, vulnerabilities, risks and mitigation actions to ensure security of the system and infrastructure.
   Key topics include:
   Risk Management overview 
   Open intelligence, i.e., CVE,CVSS, NVD and CAPEC 
   Cyber-attack path discovery
   Asset inventory, vulnerability chain and risk register
3. Key Learning Objectives:
   Demonstrate an in-depth understanding of cyber security risk management
   Critically assess and report  security risk and suggested suitable mitigation strategy in professional manner

Lab Details

1. Lab Title:
   Hands on Risk Management
2. Lab Description:
   This session will provide hands-on practice about assessing risk and developing risk register
3. Key Learning Objectives:
   Assessment of Risk and development of risk register
4. Tools/Software Required:
   Mitigate risk management tool 
   Open intelligence CVE, CAPEC

Session 7 – Configuring and exploring Suricata logs through PFsense

Trainer

            Christos Lazaridis, Focal Point

Session Details

1. Session Title:
   Configuring and exploring Suricata logs through PFsense
2. Session Description:
   Throughout this session a proper deployment and configuration of IDS solutions will be showcased for the attendees
3. Key Learning Objectives:
   Understanding how intrusion detection systems work
   Network placement
   Logging Configuration
   Suricata rule structure
   Exploring IDS logs through SIEM technologies

Lab Details

1. Lab Title:
   Exploring Suricata Logs through Azure Data Explorer
2. Lab Description:
   Students will be given access to Azure Data Explorer containing Suricata logs captured throughout an ongoing attack to the underlying monitored infrastructure. The instructor will go through detections along with the students throughout the lab
3. Key Learning Objectives:
   Students will get to experience firsthand how KQL querying in Sentinel can leverage IDS datasets to perform efficient detections
4. Tools/Software Required:
   Web Browser

Session 8 – Network Forensics Overview

Trainer

            Riku Salmenkylä, Laurea University of Applied Sciences

Session Details

1. Session Title:
   Network Forensics Overview
2. Session Description:
   Describing area of network forensics and helping the students understand the fundamentals of network forensics. Concentrating in the structure of Network Forensics examination concepts and tools to capture, record, and analyze network data rather than legal issues
3. Key Learning Objectives:
   Students gain fundamental knowledge of network forensics, understanding of network forensics concepts and they are able to describe how network incidents can be detected and evaluated

Lab Details

1. Lab Title:
   Monitor and analyse Network Forensics scenarios with Wireshark
2. Lab Description:
   Hands-on exercises on monitoring, capturing, and analysing of network traffic to uncover and investigate security incidents or breaches
3. Key Learning Objectives:
   Student will be able to use wireshark to filter and analyze network traffic to find intrusions and abnormalities in network data
4. Tools/Software Required:
   Wireshark. Internet access with it. If the VM is built on Kali linux or such, Wireshark is pre-installed and should be fine

Session 9 – Analysing Malware samples using Forensics Analysis Tools

Trainer

            Christos Apostolakis, Zelus

Session Details

1. Session Title:
   Analyzing Malware samples using Forensics Analysis Tools
2. Session Description:
   This session will focus on identifying malware and analyzing its processes using memory analysis tools. Participants will learn techniques for dumping processes to facilitate malware analysis
3. Key Learning Objectives:
   Understand the methodology for initiating an analysis of a malware infection incident.
   Learn to identify malicious processes and extract critical information about the methods used to infect system.
   Gain insights into how malware functions, enabling participants to recover and mitigate its impact.

Lab Details

1. Lab Title:
   Malware Infection Incident analysis with Volatility and other State of the Art Digital Forensics Tools
2. Lab Description:
   Lab focuses on the use of Digital Forensics Tools, that will help the participants to understand the methodologies we use to identify malware infections and how to analyze the evidence and perform Malware Analysis
3. Key Learning Objectives:
   Utilize memory forensics tools to identify and analyze processes of an infected system in order to locate and isolate malicious software.
   Perform process dumping to capture malware and evaluate its functionality
4. Tools/Software Required:
   Volatility 3, hex editor (xxd), aeskeyfind
   Virtual Environment: Kali Linux or other preferred Linux Distro with the essential tools installed

Session 10 – Log Management and Threat Modelling

Trainer

            Penelope Kyranoudi, Technical University of Crete

Session Details

1. Session Title:
   Log Management and Threat Modelling
2. Session Description:
   This session provides an introduction to Security Information and Event Management (SIEM) and its role in cybersecurity as well as to the threat modelling process and its use. Participants will explore log management principles, understand SIEM configurations, and learn how it can be connected with the threat modelling process.
3. Key Learning Objectives:
   Understand the core functionalities of SIEM systems and their importance in cybersecurity.
   Learn the fundamentals of log management.
   Discover how to use threat modelling in connection with a SIEM.

Lab Details

1. Lab Title:
   SIEM Platform and Threat Modelling Tool Setup
2. Lab Description:
   This hands-on lab guides participants through the setup and configuration of a SIEM system as well as a Threat Modelling Tool. Participants will ingest and analyze logs and simulate threat detection scenarios to understand how SIEM systems work in practice. They will also understand in practice how these two processes can be useful to each other.
3. Key Learning Objectives:
   Set up and configure a SIEM platform for log ingestion and monitoring.
   Log analysis
   Threat Modelling tool setup and use
4. Tools/Software Required:
   SIEM platform
   Sample log datasets (to be provided)
   Threat Modelling tool

Hackathon – Cybersecurity Hackathon WinterSchool

Trainer

            Stylianos Karagiannis, PDM/Ionian University

Session Details

• Session Title:
  Cybersecurity Hackathon WinterSchool – Introduction and Preparation
• Session Description:
  This session provides an immersive introduction to essential cybersecurity skills, combining Linux fundamentals, network forensics, and penetration testing. Participants will gain hands-on experience in navigating Linux systems, analyzing network traffic, and exploiting vulnerabilities in a simulated attack scenario. The participants will be prepared for real-world cybersecurity challenges.
• Key Learning Objectives:
  Master essential Linux commands and operations for cybersecurity.
  Understand the fundamentals of network traffic analysis and forensics.
  Learn reconnaissance, exploitation, and privilege escalation techniques.
  Develop skills for tackling Capture The Flag (CTF) challenges in cybersecurity.

Hackathon Details

5. Lab Title:
   Cybersecurity Hackathon WinterSchool
6. Lab Description:
   In this Hacjathon, participants will engage in a penetration testing exercise where they must gain root access to a victim machine. The lab includes reconnaissance, exploitation, and privilege escalation phases. Additionally, participants will practice network traffic analysis to identify and exploit vulnerabilities, reinforcing key concepts in cybersecurity.
7. Key Learning Objectives:
   Perform network reconnaissance to identify targets.
   Use tools like Netdiscover and Nmap to scan and identify open ports and services.
   Exploit identified vulnerabilities to gain initial access and escalate privileges.
   Analyze network traffic and identify potential security threats.
8. Tools/Software Required:
   Virtualization software (VirtualBox)
   Tools: netdiscover, Nmap, Netcat, Wireshark, Linux terminal utilities, vulnerability scanners.
   Pre-configured VM images for VictimVM, will be given as ova to deploy