Intrusion Analysis and Response

This course aims to develop knowledge and understanding of the strategies, techniques and technologies used in attacking and defending networks and how to design secure networks and protect against intrusion, malware and other hacker exploits.

Designed as either a standalone course or to flow from Introduction to Pen Testing, the course will explore the attackers’ mindsets and methods, and work through the different ways of protecting the estate. The course will cover keystone technologies required in an effective security defence solution including an introduction to usable and effective policies that staff will follow and not be encouraged to work around.

Topics covered include:

  • Network security fundamentals
  • Intrusion analysis and response
  • Secure socket layer (SSL)
  • IPSec
  • Firewalls
  • Intrusion analysis practices
  • Legal, privacy and ethics issues

Who Should Attend?

Course Day Breakdown

Learning Outcomes

Further Information

Dates & Registration

Duration: 5 Days

Delivery Mode: Classroom


Advertised: Canberra

In-house: Contact the  for more information and to arrange a quote. Recommended for groups of 10 or more.

What you will receive:

  • Comprehensive set of course notes.
  • UNSW Certificate of attendance/completion.
  • Morning tea, lunch and afternoon tea.

This course is useful for IT graduates entering the Cyber Security profession or those in junior Cyber Security roles.  It is also useful for investigators who wish to develop a technical approach to their profession. Prior attendance at Cyber Security Boot Camp is recommended.

Course Day Breakdown

Day 1

Network Security and Linux IAR Fundamentals

The first day of the course will look at Linux incident analysis and response processes, specifically Bash Shell scripting, permissions, shell expansion, functions and hashing. Students will then be introduced to network security fundamentals, looking at layers, services, protocols and common issues.


Linux Command Line, Shell Coding, Trustico, Networking, Traffic Management, Security Architecture, SSL Components, Firewall Principles, Intrusion Analysis Practices.

Day 2

Cryptography and Computer Networks

Day 2 of the course will introduce students to the principles of cryptography, properties of secure communication and methods of encryption/decryption. Students will then be stepped through the fundamentals of computer networks, covering transport-layer services, UDP/TCP and IP protocol.


Confidentiality, Authentication, Integrity, Digital Signatures, Access Control, Public Key Algorithms, Transport & Network Layer Protocols, Internet Routing.

Day 3

Introduction to MANET; Incident Analysis & Response Theory

The first half of the session will cover the characteristics of mobile ad hoc networks (MANET), their applications and common security vulnerabilities. The rest of the day will focus on the concepts and practical processes of incident analysis and response.


Security in MANET, Dynamic Source Routing, Attacks in MANET, DDoS, Incident Response Process, Electronic Evidence Collection and Analysis, Cyber Kill Chain techniques.

Day 4

Attacks, Counter Measures, Security Assessment and Testing

Day 4 will look at different types of attack vectors and methods of defence. Students will be given an introduction to security assessment, risk identification and evaluation techniques. We will also look at penetration testing methodologies, information gathering and flaw testing.


In-line Memory Attacks, Webshells, Dos Attack, Flood Attack, Smurf IP Attack, Asset Identification, Threat Assessment, Security Assessment Components, Probing the Network.

Day 5

Legal, Privacy and Ethical Aspects

The final day of the course will give an overview of the various governance issues involved with cybercrime and computer crime. Students will be introduced to the issues facing law enforcement, intellectual property and copyright implications, privacy concerns, and ethical codes of conduct.


Types of Property, Patents, Trademarks, DMCA Copyright Act, Privacy Protections, Australian and Global Privacy Laws, Data Surveillance.

Learning Outcomes

On completion of this course, participants should be able to:

  • Understand the main functions of a Security Operations Centre.
  • Understand and evaluate the key issues involved in designing secure networks.
  • Understand the issues arising in the collection of computer evidence after network breach.
  • Develop effective risk management plans to protect against malware and other hacking exploits.
  • Formulate a range of strategies and solutions for testing and continuously improving the security of a network.

UNSW Canberra Cyber

UNSW Canberra Cyber is a unique, cutting-edge, interdisciplinary research and teaching centre, working to develop the next generation of cyber security experts and leaders.

The centre is based in Canberra at the Australian Defence Force Academy and provides professional, undergraduate and post graduate education in cyber security. Our air-gapped, state of the art cyber range offers a secure environment where we deliver a number of technical and highly specialised learning opportunities.

Our courses are designed to give the next generation of cyber security professionals the skill sets needed to thrive in the industry. We can also create bespoke professional education programs tailored to your organisation's needs.

Contact us at to discuss how. 

Further Information

UNSW Canberra Cyber
UNSW Canberra

No dates? Or unable to attend dates shown? Submit an Expression of Interest below to be notified of upcoming courses.