Cyber Offence

Contact information

For further information or to request a quotation, please contact the Professional Education Courses Unit on:

Enquiries Phone: 02 5114 5573

Enquiries Email:

In-house delivery

UNSW Canberra Professional Education Courses may be available for in-house delivery at your organisation's premises. In-house courses allow maximum attendance without the additional travel costs. Courses can be developed to suit the specific staff development and training needs of your organisation. Recommended for groups of 10 or more.

The aim of this course is to provide the foundation for offensive tactical cyber operations, to develop knowledge and skills of various tools, techniques and procedures (TTP) involved with offensive cyber operations, and to develop competence in addressing strategic, operational and tactical issues of cyber operations. Students will be walked through the various stages of the Cyber Kill Chain, which is an industry-accepted methodology for understanding how an attacker will conduct the activities necessary to cause harm to an organisation. For every stage, students will get hands-on experience with various TTPs as employed by cyber threat actors.

Topics covered include:

  • Enumeration
  • Exploitation
  • Escalation
  • Netcat and Wireshark
  • OS Fingerprinting
  • Vulnerability Scanning
  • Social Engineering
  • Avoiding Attribution

Learning outcomes

On completion of this course, you participants be able to:

  • Conduct simple computer network operations by defining the suitable operation goals and outcomes.
  • Identify opportunities in defeating cyber threat actor tradecraft by understanding the full spectrum of offensive activities.
  • Improve an organisation’s security by understanding and acting on artefacts and signatures generated by cyber offensive activities.
  • Provide advice to policy makers on strategic issues regarding cyber capabilities, doctrine, and partnerships.
  • Plan computer network operations using industry and government best practices.

Course Information

Day 1

Cyber Offence Basics

The first day of the course will introduce the Cyber Kill Chain and the legal aspects of Cyber Offence. We will then look at Windows and Kali Linux File System navigation and manipulation, and go through basic computer networking principles. Students will utilise virtual machines to do exercises with Netcat and Wireshark.


Command Line, Standard input/output, Pipes, IP Addresses, Ports, Network Commands, Services, Netcat, Wireshark.

Day 2


Day 2 of the course will introduce the main reconnaissance techniques, including Social Engineering, OSINT, network enumeration, vulnerability scanning, email harvesting, OS (and service) fingerprinting. Practical exercises include passive recon on real targets and active recon on the virtual machines.


SMTP, SMB, SNMP and DNS Enumeration, nmap, nikto, SET, phishing, OpenVAS, the Harvester.

Day 3

Access and Exploitation

Day 3 of the course will introduce students to Searching for Exploits, Execution Techniques and Transfer Methods. Practical exercises include creating a reverse shell using msfvenom, outputting and executing payloads and detecting them with Metasploit.


Exploit Sources, Bind vs Reverse, Staged vs Stageless, Executable Formats, Metasploit, Msfvenom, Catching Shells.

Day 4 & Day 5

Perseverance and Exfiltration

This session will cover basic Windows and Linux escalation techniques such as Kernel Exploits, Privileged Exploits, Attacking Hashes, and Pivoting. Students learn to understand password hacking using Meterpreter and Medusa. We will also look at avoiding detection, website attacks, and exfiltration.


Kernel Exploits, High Privileged Programs Credential Theft, Insecure Configurations, Privileged Exploits, Metasploit, Proxytunnels.

This course maps to the following NICE Framework KSAs (Knowledge, Skills & Abilities):

K0005: Knowledge of cyber threats and vulnerabilities.

K0041: Knowledge of incident categories, incident responses, and timelines for responses.

K0058: Knowledge of network traffic analysis methods.

K0106: Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.

K0161: Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).

K0177: Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).

S0078: Skill in recognising and categorising types of vulnerabilities and associated attacks.

A0128: Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.

What is the NICE Framework?

The National Initiative for Cybersecurity Education (NICE) Cyber Security Workforce Framework developed by the National Institute of Standards and Technology (NIST) establishes a taxonomy and common lexicon that describes cyber security work and job roles.

To find out more about the NICE Framework, go to:


Courses will be held subject to sufficient registrations. UNSW Canberra reserves the right to cancel a course up to five working days prior to commencement of the course. If a course is cancelled, you will have the opportunity to transfer your registration or be issued a full refund. If registrant cancels within 10 days of course commencement, a 50% registration fee will apply. UNSW Canberra is a registered ACT provider under ESOS Act 2000-CRICOS provider Code 00098G.

UNSW Institute for Cyber Security is a unique, cutting-edge, interdisciplinary research and teaching centre, working to develop the next generation of cyber security experts and leaders.

The centre is based in Canberra at the Australian Defence Force Academy and provides professional, undergraduate and post graduate education in cyber security. Our air-gapped, state of the art cyber range offers a secure environment where we deliver a number of technical and highly specialised learning opportunities.

Our courses are designed to give the next generation of cyber security professionals the skill sets needed to thrive in the industry. We can also create bespoke professional education programs tailored to your organisation's needs.

Contact us at to discuss how.