The aim of this course is to provide the foundation for offensive tactical cyber operations, to develop knowledge and skills of various tools, techniques and procedures (TTP) involved with offensive cyber operations, and to develop competence in addressing strategic, operational and tactical issues of cyber operations. Students will be walked through the various stages of the Cyber Kill Chain, which is an industry-accepted methodology for understanding how an attacker will conduct the activities necessary to cause harm to an organisation. For every stage, students will get hands-on experience with various TTPs as employed by cyber threat actors.
Topics covered include:
- Netcat and Wireshark
- OS Fingerprinting
- Vulnerability Scanning
- Social Engineering
- Avoiding Attribution
On completion of this course, you participants be able to:
- Conduct simple computer network operations by defining the suitable operation goals and outcomes.
- Identify opportunities in defeating cyber threat actor tradecraft by understanding the full spectrum of offensive activities.
- Improve an organisation’s security by understanding and acting on artefacts and signatures generated by cyber offensive activities.
- Provide advice to policy makers on strategic issues regarding cyber capabilities, doctrine, and partnerships.
- Plan computer network operations using industry and government best practices.
Course Day Breakdown
Cyber Offence Basics
The first day of the course will introduce the Cyber Kill Chain and the legal aspects of Cyber Offence. We will then look at Windows and Kali Linux File System navigation and manipulation, and go through basic computer networking principles. Students will utilise virtual machines to do exercises with Netcat and Wireshark.
Command Line, Standard input/output, Pipes, IP Addresses, Ports, Network Commands, Services, Netcat, Wireshark.
Day 2 of the course will introduce the main reconnaissance techniques, including Social Engineering, OSINT, network enumeration, vulnerability scanning, email harvesting, OS (and service) fingerprinting. Practical exercises include passive recon on real targets and active recon on the virtual machines.
SMTP, SMB, SNMP and DNS Enumeration, nmap, nikto, SET, phishing, OpenVAS, the Harvester.
Access and Exploitation
Day 3 of the course will introduce students to Searching for Exploits, Execution Techniques and Transfer Methods. Practical exercises include creating a reverse shell using msfvenom, outputting and executing payloads and detecting them with Metasploit.
Exploit Sources, Bind vs Reverse, Staged vs Stageless, Executable Formats, Metasploit, Msfvenom, Catching Shells.
Day 4 & Day 5
Perseverance and Exfiltration
This session will cover basic Windows and Linux escalation techniques such as Kernel Exploits, Privileged Exploits, Attacking Hashes, and Pivoting. Students learn to understand password hacking using Meterpreter and Medusa. We will also look at avoiding detection, website attacks, and exfiltration.
Kernel Exploits, High Privileged Programs Credential Theft, Insecure Configurations, Privileged Exploits, Metasploit, Proxytunnels.
Who Should Attend
This course is well suited to experienced IT professionals who wish to further specialise in offensive and defensive tactical Cyber Operations.
What You will Receive
- Comprehensive set of course notes.
- UNSW Canberra certificate of attendance.
- Morning tea, lunch and afternoon tea.
NICE Framework Mapping
This course maps to the following NICE Framework KSAs (Knowledge, Skills & Abilities):
K0005: Knowledge of cyber threats and vulnerabilities.
K0041: Knowledge of incident categories, incident responses, and timelines for responses.
K0058: Knowledge of network traffic analysis methods.
K0106: Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.
K0161: Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
K0177: Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
S0078: Skill in recognising and categorising types of vulnerabilities and associated attacks.
A0128: Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.
What is the NICE Framework?
The National Initiative for Cybersecurity Education (NICE) Cyber Security Workforce Framework developed by the National Institute of Standards and Technology (NIST) establishes a taxonomy and common lexicon that describes cyber security work and job roles.
To find out more about the NICE Framework, go to: https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework
UNSW Canberra Cyber
UNSW Canberra Cyber is a unique, cutting-edge, interdisciplinary research and teaching centre, working to develop the next generation of cyber security experts and leaders.
The centre is based in Canberra at the Australian Defence Force Academy and provides professional, undergraduate and post graduate education in cyber security. Our air-gapped, state of the art cyber range offers a secure environment where we deliver a number of technical and highly specialised learning opportunities.
Our courses are designed to give the next generation of cyber security professionals the skill sets needed to thrive in the industry. We can also create bespoke professional education programs tailored to your organisation's needs.
Contact us at firstname.lastname@example.org to discuss how.