This course provides in-depth understanding of the techniques and policy used in computer and network defence. Cyber defenders learn the strategy and technical skills to protect and harden cyber systems, collect appropriate information through logging, detect attempted attacks, and respond to intrusions. Numerous cyber defence technologies and their effectiveness are discussed within this framework. This course will increase the competency of participants in building cyber resilience within an organisation.
Topics covered include:
- Threat modelling
- Network and host-based intrusion detection
- Identifying malicious network and host-based activity
- Linking malicious indicators of compromise to build an intelligence picture
- Classifying intrusion, intent and damage
- NSO theory, methodology and frameworks
- Defensive techniques
On completion of this course, you should be able to:
- Understand basic cyber deception tactics used in civilian businesses and defence environments.
- Understand how cyber deception tools and technologies protect computer networks and digital data.
- Understand and set up honeypots, sinkholes and covert network tunnels.
- Use open source software and command line tools to falsify web pages, web traffic and SSH services.
- Demonstrate the ability to plan and use best industry practices in cyber deception.
Course Day Breakdown
Networking and Threat Modelling
Day 1 kicks off with a comprehensive introduction to Cyber Defence, The Information Environment and Network Centric Operations. Students will be introduced to ways of affecting the information environment, approaches to threat modelling, and will be stepped through examples of network attacks.
Situational awareness, Network Collection Value-Chain, Self-Synchronisation, Hardening, Obfuscation, Threat-Detected Protection, Anomaly Detection, Network Attacks.
This session presents the concept of using protection techniques to proactively prevent or minimise the effect of a compromise or breach. Techniques covered include methods listed in the ASD Essential 8, architectural security design and vulnerability scanning.
User Application Hardening, Host-Based Hardening, Minimising Attack Surfaces, Linux Firewalls, Network Segmentation, Demilitarised Zones, LUN Masking, Encryption.
Collection and Detection
Students will be introduced to collection methods such as the deployment and configuration of sensors, sensor data processing and aggregation for analysis. The session will also cover detection strategies, network and host based intrusion detection and honeypots.
Network Sensors, Fusion, IOCs and Signatures, Anomaly Detection, Security Onion Architecture, Open Threat Exchange, Honeypots.
Day 4 & Day 5
Day 4 & 5 will give an overview of orientation and investigation techniques. Students will understand how to make sense of observed information to assess the situation, identify indicators of compromise and the extent of threat activity. We will also cover how such indicators initiates incident response plans and look at writing, editing and proper formatting of intelligence reports.
Orientation, Investigation, Instigation, Association, Incident Response Planning, Intelligence Reporting.
Who Should Attend
This course is well suited to experienced IT professionals who wish to further specialise in offensive and defensive tactical Cyber Operations.
What You Will Receive
- Comprehensive set of course notes.
- UNSW certificate of attendance.
- Morning tea, lunch and afternoon tea.
UNSW Canberra Cyber
UNSW Canberra Cyber is a unique, cutting-edge, interdisciplinary research and teaching centre, working to develop the next generation of cyber security experts and leaders.
The centre is based in Canberra at the Australian Defence Force Academy and provides professional, undergraduate and post graduate education in cyber security. Our air-gapped, state of the art cyber range offers a secure environment where we deliver a number of technical and highly specialised learning opportunities.
Our courses are designed to give the next generation of cyber security professionals the skill sets needed to thrive in the industry. We can also create bespoke professional education programs tailored to your organisation's needs.
Contact us at firstname.lastname@example.org to discuss how.