Please confirm if this course is available in current course offerings.
To express interest for a different date, please fill out the
The aim of this course is to provide the foundation for offensive tactical cyber operations, to develop knowledge and skills of various tools, techniques and procedures (TTP) involved with offensive cyber operations, and to develop competence in addressing strategic, operational and tactical issues of cyber operations. Students will be walked through the various stages of the Cyber Kill Chain, which is an industry-accepted methodology for understanding how an attacker will conduct the activities necessary to cause harm to an organisation. For every stage, students will get hands-on experience with various TTPs as employed by cyber threat actors.
Topics covered include:
On completion of this course, you participants be able to:
Cyber Offence Basics
The first day of the course will introduce the Cyber Kill Chain and the legal aspects of Cyber Offence. We will then look at Windows and Kali Linux File System navigation and manipulation, and go through basic computer networking principles. Students will utilise virtual machines to do exercises with Netcat and Wireshark.
Command Line, Standard input/output, Pipes, IP Addresses, Ports, Network Commands, Services, Netcat, Wireshark.
Day 2 of the course will introduce the main reconnaissance techniques, including Social Engineering, OSINT, network enumeration, vulnerability scanning, email harvesting, OS (and service) fingerprinting. Practical exercises include passive recon on real targets and active recon on the virtual machines.
SMTP, SMB, SNMP and DNS Enumeration, nmap, nikto, SET, phishing, OpenVAS, the Harvester.
Access and Exploitation
Day 3 of the course will introduce students to Searching for Exploits, Execution Techniques and Transfer Methods. Practical exercises include creating a reverse shell using msfvenom, outputting and executing payloads and detecting them with Metasploit.
Exploit Sources, Bind vs Reverse, Staged vs Stageless, Executable Formats, Metasploit, Msfvenom, Catching Shells.
Perseverance and Exfiltration
This session will cover basic Windows and Linux escalation techniques such as Kernel Exploits, Privileged Exploits, Attacking Hashes, and Pivoting. Students learn to understand password hacking using Meterpreter and Medusa. We will also look at avoiding detection, website attacks, and exfiltration.
Kernel Exploits, High Privileged Programs Credential Theft, Insecure Configurations, Privileged Exploits, Metasploit, Proxytunnels.
This course maps to the following NICE Framework KSAs (Knowledge, Skills & Abilities):
K0005: Knowledge of cyber threats and vulnerabilities.
K0041: Knowledge of incident categories, incident responses, and timelines for responses.
K0058: Knowledge of network traffic analysis methods.
K0106: Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.
K0161: Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
K0177: Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
S0078: Skill in recognising and categorising types of vulnerabilities and associated attacks.
A0128: Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.
The National Initiative for Cybersecurity Education (NICE) Cyber Security Workforce Framework developed by the National Institute of Standards and Technology (NIST) establishes a taxonomy and common lexicon that describes cyber security work and job roles.
To find out more about the NICE Framework, go to: https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework
Courses will be held subject to sufficient registrations. UNSW Canberra reserves the right to cancel a course up to five working days prior to commencement of the course. If a course is cancelled, you will have the opportunity to transfer your registration or be issued a full refund. If registrant cancels within 10 days of course commencement, a 50% registration fee will apply. UNSW Canberra is a registered ACT provider under ESOS Act 2000-CRICOS provider Code 00098G.
UNSW Institute for Cyber Security is a unique, cutting-edge, interdisciplinary research and teaching centre, working to develop the next generation of cyber security experts and leaders.
The centre is based in Canberra at the Australian Defence Force Academy and provides professional, undergraduate and post graduate education in cyber security. Our air-gapped, state of the art cyber range offers a secure environment where we deliver a number of technical and highly specialised learning opportunities.
Our courses are designed to give the next generation of cyber security professionals the skill sets needed to thrive in the industry. We can also create bespoke professional education programs tailored to your organisation's needs.
Contact us at firstname.lastname@example.org to discuss how.