Postgraduate Summer School II

Dr. Konstantinos Mersinas – Royal Holloway, University of London

Title: The Underlying Forces of Cybercrime: Culture, Personality, and Conflict in Profiling and Attribution.

Abstract: This talk presents a research-led perspective on cybercrime and cyber conflict, showing how personality traits, cultural dimensions, organisational structures, and online behaviour inform cybercriminal profiling, cyber-attack attribution, and infrastructure resilience. We outline the foundations of profiling by examining how personality traits shape malicious behaviour and how cultural dimensions influence group dynamics. A case study of the Conti ransomware group will demonstrate how cultural markers embedded in leaked communications reveal group dynamics and identity, offering a proof-of-concept for this approach. At the geopolitical level, we explore how Chinese cyber operations contribute to strategic competition, how Iranian actors target Middle Eastern ports with implications for maritime security and global trade, and how rival Russian intelligence agencies complicate attribution in cyberwarfare. We close by reflecting on behaviour change in cybersecurity, highlighting cultural and behavioural barriers—and opportunities—for building resilience.

Bio: Dr Konstantinos Mersinas, PhD, CISSP, is an Associate Professor at the Information Security Group, Royal Holloway, University of London, and Visiting Professor at Keio University, Tokyo, Japan. Konstantinos’ research lies with human and behavioural aspects of cybersecurity, maritime security, and cybercrime. He has advised the UK All-Party Parliamentary Group (APPG) on Cybersecurity, the UK Fraud Act and Digital Fraud Committee, and a number of UK Government Departments. He co-founded the research group HIVE (Hub for Interdisciplinary research into Vulnerability to Exploitation). Konstantinos collaborates with the NATO Cooperative Cyber Defence Centre of Excellence (https://ccdcoe.org/) in Tallinn, Estonia, and the Pukhov Institute in the Ukraine. He is Director at the International Cyber Security Centre of Excellence (https://incs-coe.org), an international community founded between UK, USA and Japan, promoting cybersecurity research globally.

A.P. Luca Demetrio – Università degli Studi di Genova

Title: Pick Two: Robustness, Accuracy, Real Correlations in Malware Detection with AI

Abstract: While great progress has been achieved in the domain of Windows malware detection, there is still work to do. In particular, these models reach incredible performance, but at the cost of either robustness against unseen attacks, or by relying on spurious correlations inside data that are known to be useless by expert domain knowledge. In this talk, we will present the limits of current literature, and provide some pointers towards possible lines of research that address this triangle.

Bio: Luca Demetrio is an Assistant Professor (University of Genova). He is currently investigating the principal issues that hinders the security of Machine Learning and Artificial Intelligence, with strong emphasis on their applications in the Cyber Security domain. With his seminal work on top-tier international journals (TIFS, TOPS), he highlighted how novel machine-learning threat detectors can be easily deceived by injecting minimal perturbations inside malware, potentially harming end-user devices. In 2023, he received an honorable mention “Premio Giovani Ricercatori” from the “Gruppo 2003” for his research on adversarial attacks against Windows malware detectors. In 2024, he also was appointed Associate Editor for the journal Pattern Recognition.

Dr. Darren Hurley-Smith- University of Kent

Title: An introduction to practical UAV research: simulation environments, experiment design, and implementation

Abstract: Unmanned Aerial Vehicles (UAVs) offer a flexible, cost-effective platform for a wide range of research applications—from AI-driven swarm coordination to environmental monitoring and media production. However, conducting UAV research poses unique challenges that go beyond regulatory compliance, requiring careful attention to experiment design, simulation fidelity, and practical constraints.

This session introduces the foundational tools, methodologies, and planning strategies needed for rigorous and impactful UAV research. Attendees will learn how to design and implement meaningful simulations and real-world experiments using platforms like ArduCopter and Gazebo, with a focus on aligning technical setups to research goals.

We will also explore the trade-offs between data richness, repetition, and feasibility in UAV experiments, addressing questions such as: “How much data is enough?” and “When is simulation sufficient?” A hybrid approach that blends simulation with targeted real-world validation will be discussed as a practical path forward for many research projects.

This talk is aimed at helping PhD students build confidence in UAV experiment design—from concept to analysis—equipping them with the skills to balance rigor, realism, and resource constraints in their own work.

Bio: Dr. Darren Hurley-Smith is a Senior Lecturer in Information Security at the School of Computing, University of Kent. He earned a B.Eng. (Hons) in Hardware and Software Engineering (2012) and a Ph.D. in Autonomous Systems Network Security (2015), both from the University of Greenwich.

Dr. Hurley-Smith’s research covers a broad range of cybersecurity topics, including anti-ransomware strategies, random number generation, and secure mobile ad hoc networking (MANET) protocols. His work focuses on the detailed modelling of both technological and organisational systems to identify vulnerabilities and evaluate effective countermeasures. This includes analytical studies of random number generators and the use of game theory to model ransomware threats.

His recent research emphasizes the impact of engineering decisions on system security, particularly in real-world applications such as drone networks and autonomous vehicles. He is especially interested in resilient communication systems where safety and reliability are paramount—such as UAV and Vehicle-to-Infrastructure scenarios. His current projects include the development of secure MANET protocols to ensure communication redundancy in these contexts.

In addition to his research, Dr. Hurley-Smith is an active educator and science communicator, with a strong interest in methodology, modelling, and simulation for networked cyber-physical systems. He teaches Ethical Hacking and Digital Forensics at the University of Kent.

Dr. Pierre Ayoub – LAAS-CNRS

Title: Wireless Protocol Security: Mouse Sniffing and Keystroke Injection on Connected Peripherals

Abstract: The aim of this practical course is to familiarize you with the methods and tools used to analyze wireless protocols, particularly proprietary ones. We will first explain how to install the software tools, mainly WHAD (Wireless HAcking Devices) being a state of the art swiss-army tool for wireless security, as well as how to use hardware tools such as the nRF52840 dongle. In a second part, we will leverage those tools to analyze the Logitech Unifying protocol, which is widely used in wireless keyboards and mouses. We will learn how to sniff the mouse traffic and how to reproduce attacks exploiting the so called Mousejack vulnerability to inject malicious traffic to the host computer.

Bio: Pierre Ayoub is specialized into low-level computer and radio security, currently working at LAAS-CNRS in Toulouse (France) as a postdoctoral researcher. He obtained his PhD in 2024 at EURECOM in Sophia-Antipolis (France), under the supervision of Aurélien Francillon, Clémentine Maurice and Romain Cayre. He focused on novel electromagnetic side-channel attacks, such as Screaming Channels, and their security implications for IoT protocols such as the Bluetooth Low Energy.

During his master thesis supervised by Clémentine Maurice, he worked on processor micro-architectural attacks such as Spectre, and their simulation using gem5. Moreover, he is particularly interested into reproducible research, privacy concerns and free software development. In addition to computer science, he is also passionate about music and practice high altitude mountaineering.

A.P. Marie Vasek – UCL

Title: An introduction to cryptocurrency-based cybercrime

Abstract: Cryptocurrency crime has recently been in the news with splashy tales of money taken from grandmothers, influencers, and tech bros alike. A substantial sum has been lost to cryptocurrency investment romance scams, real world muggings of cryptocurrency wallets, and quick running DeFi scams. In this talk, we will delve into the history of cryptocurrency crime over the years as it has morphed through the popularisation of cryptocurrencies. We will discuss academic literature, government investigations, and corporate reports. By the end, we will understand the current types of cryptocurrency crimes (increasingly interactive), techniques to understand them (including estimating monetary losses), and future research avenues in this space.

Bio: Marie Vasek is an associate professor in the information security research group in the computer science department at University College London (UCL). Her work focuses on online harms ranging from cryptocurrency fraud to drug sales to surveillance. She’s broadly interested in measuring these harms towards suggesting countermeasures. Her work has informed policy through consultations to Ofcom and the FCA. She’s currently interested in mixed methods approaches to measuring harms, considering how we can leverage social science insights on data collected and analysed quantitatively. Her work has been featured in top venues in her field like IEEE Security & Privacy, Usenix Security, and Financial Cryptography.

Dr. Ricardo J. Rodríguez – UZ

Title: Hunting Ghosts in Memory: Challenges in Advanced Malware Analysis

Abstract: Today's most advanced malware no longer leaves traces on disk, but resides solely in volatile memory. These memory-only threats evade traditional forensic approaches based on non-volatile information analysis and pose one of the greatest challenges in modern cybersecurity. This talk will explore the hidden world of memory forensics, focusing on how digital investigators can uncover these "ghosts in memory." We will examine how malware leverages memory-resident execution to remain hidden, review current forensic techniques and tools (including Volatility and specialized plugins), and analyze case studies of real-life incidents. Beyond the techniques, we will address open research problems: ensuring the integrity of volatile evidence, addressing anti-forensic strategies, scaling analysis to large datasets, and developing reproducible experiments in a constantly evolving landscape.

Bio: Ricardo J. Rodríguez holds a PhD in Computer Science and Systems Engineering from the University of Zaragoza since 2013. He is currently an Associate Professor at the same university. His research interests include the analysis of complex systems, with a particular focus on performance and security, digital forensics, and binary application analysis. He is a regular speaker and workshop instructor at numerous industry-focused security conferences, such as NoConName, Hack.LU, RootedCON, Hack in Paris, MalCON, SSTIC, CCN-CERT, and Hack in the Box Amsterdam, among others. He leads a research line dedicated to computer security at the University of Zaragoza (https://reversea.me).

Dra. Patricia Callejo

Title: Exploring fingerprinting across connected devices and platforms

Abstract: With the promise of disappearing cookies, the perceived security of blockchain, and the introduction of regulations such as the GDPR, we might believe our identities are safe. But this is not the case. This talk explores the privacy risks posed by fingerprinting techniques fingerprinting across diverse digital ecosystems, from the decentralized world of blockchains to the web and connected home devices. We will examine how these platforms continue to expose users to profiling and surveillance despite existing privacy controls, and we will discuss practical countermeasures to better safeguard user privacy.

Bio: Patricia Callejo is an Assistant Professor in the Department of Telematics Engineering at the Universidad Carlos III de Madrid. She pursued her MSc and PhD in Telematics Engineering at the same university in 2016 and 2020 respectively. In 2018, she was awarded a grant by the RIPE Academic Cooperation Initiative (RACI) at RIPE 76. In the same year, she completed a six-month internship at the International Computer Science Institute (ICSI) at the University of California, Berkeley (USA), as part of her PhD. In 2022, she undertook a research stay at University College London (UCL). Her research interests include internet measurements, web transparency, privacy, online advertising and data analysis. Her work has been published in top JCR Q1 journals and top venues such as ACM IMC, WWW and Usenix Security.

Professor Orr Dunkelman – University of Haifa

Title: How to Attack ALL Symmetric-Key Cryptography

Abstract: Symmetric-key cryptography is widely used in computer security. The first step we take in evaluating the security offered by symmetric-key primitives such as block ciphers or stream ciphers, is their resistance to generic attacks --- attacks that can be applied to all primitives, independent of their actual structure. In this talk we will cover the basic generic attacks that can be applied to symmetric-key systems: exhaustive search (for key recovery and/or preimage detection), efficient memoryless collision finding, and time-memory-tradeoff attacks (suggested first by Hellman, and made widely known following the invention of Rainbow tables by Oeschlin).
.

Bio: Prof. Orr Dunkelman is a full professor of computer science at the Computer Science Department at the University of Haifa in Israel. Orr graduated from the Technion, Israel Institute of Technology, in 2006. He did his post-doctoral studies with the COSIC research group at KU Leuven in Belgium, with the Crypto team at Ecole Normale Superieure in Paris, France, and in the Weizmann Institute of Science in Israel. As a leading cryptanalyst, Prof. Dunkelman co-invented numerous cryptanalytic attacks and suggested attacks on many symmetric-key cryptosystems. He won several awards and distinctions such as the Krill Prize for 2014 and the best paper award of CRYPTO 2012. He also served as the program chair of several cryptographic conferences, including EUROCRYPT 2022. In addition, Prof.~Dunkelman served as a director on the board of the International Association for Cryptologic Research (IACR) in the years 2017--2018. He is currently the chair of the FSE steering committee, and was for many years a member of the SAC workshop board. Prof. Dunkelman was a co-director of the Center for Cyber, Law and Policy (CCLP) at the University of Haifa, and the head of the Center for the research of biometrics and its applications that operates as part of the CCLP. He is now on sabbatical with the Technische Universitat Berlin.

A.P. Alessandra Gorla – IMDEA Software

Title: On the Analysis of Mobile Apps. Why is most of our research on Android?

Abstract: Over the past decade, my research has been dedicated to the analysis of mobile applications, with a primary focus on the Android platform. As we delve into the intricacies of mobile app quality and trustworthiness, it becomes imperative to question the prevailing bias in our research toward the Android platform. This talk aims to shed light on the reasons behind this predominant focus and provide insights into the shift of our research paradigm towards the iOS platform. Specifically, the talk will illuminate some of the unique challenges associated with analyzing iOS applications, emphasizing the differences in terms of collecting apps for analysis, the security features, and app deployment mechanisms which make iOS and Android different. I will showcase key findings of a prototype that we developed to identify third-party libraries in iOS apps, offering a comparative lens to understand the key differences between these platforms.

Bio: Alessandra Gorla is Associate Research Professor at the IMDEA Software Institute in Madrid, Spain. She completed her Ph.D. in informatics at the Università della Svizzera Italiana in Lugano, Switzerland in 2011. In her Ph.D. thesis she defined and developed the notion of Automatic Workarounds, a self-healing technique to recover Web applications from field failures, a work for which she received the Fritz Kutter Award for the best industry related Ph.D. thesis in computer science in Switzerland. Before joining IMDEA, she was a postdoctoral researcher in the software engineering group at Saarland University in Germany. During
her postdoc, she has also been a visiting researcher at Google in Mountain View. Alessandra’s research interests are in software engineering, and in
particular on testing and analysis techniques to improve the reliability, security and privacy of software systems.