Cyber Deception

UNSW graphic yellow


This course currently has no scheduled dates. To express interest in this course or to discuss bespoke options for yourself or your organisation, please submit an expression of interest or contact the Professional Education Team on +61 2 5114 5573 or


5 days

Delivery mode




Standard price


Defence price


Accelerate your career, learn new skills, and expand your knowledge.

First in Australia for research excellence and impact.

Top 50 in the world. 2020 QS World University Rankings.


The need for awareness of cyber deception is growing. Cyber deception has been identified as one of the top 10 technologies businesses should be employing for cyber defence.

This course provides students with hands-on experience of how to build, deploy and configure various cyber deception tools and technologies to protect computer networks and digital data. Students will use a combination of open source software, scripts and direct operating system configurations to create confusion, and bait and trap intruders and unauthorised insiders.

The course has been designed for people with a beginner and intermediate level of technical IT skill and experience. Most of the course content is made up of hands-on activities. Students will configure and build cyber deceptions. Many of these will be using command line. The course walks students through the basics of how to undertake each activity and provides them the means to complete the exercises. No academic or technical knowledge is assumed, but the course can be challenging in places if users are not familiar with basic IT and cyber security principles and tools.

Course content

Day 1: Introduction to Cyber Deception

This sessions starts with a comprehensive overview of the history of cyber deception and looks at how this concept fits into a cyber security framework. Students are set up with VMWare environments and stepped through practical exercises.


VMWare Essentials, Linux Distributions, Command Line Basics, File System Navigation, Directories, Commands and Arguments.

Day 2: Hiding the Real

This session covers the structure of deception and looks at methods for disrupting automated attacks. Students will be introduced to Steganography along with lab-based exercises covering changing identity and modifying ports.


Hidden Partitions, Port Obfuscation, Covert Network Tunnels, Steganography Processes, Obfuscating Code, Masking and Repackaging Ports.

Day 3: Honeypots and other defensive tools

This session introduces students to the history of Honeypots and how they can be used to defend against cyber attacks. The session also looks how to set up a convincing honeypot and covers a number of other defensive tools.


SSH Honeypots, Elastichoney, HoneyNet Project, MHN Server.

Day 4: Showing the False

This session looks at techniques to disrupt automated attacks such as faking network traffic and services. Students are also introduced to the requirements of building fake content to delay and confuse adversaries. Practical exercises include faking web pages and traffic, and faking a SSH service.


Fake Services, Fake Traffic, Fake Content, Sinkholes, Labrea Tarpit, Tiny HP, SpiderTrap, Glastopf, Cowrie.

Day 5: Cyber Deception Limitations and Planning

The final day of the course gives an overview of the limitations of deceptive techniques and issues surrounding the legality of practices. Reasons and considerations to be aware of when planning to use deception is also covered. Students will break into groups and complete a deception planning exercise.


Deception strategies, Tactics and Plan Architecture, Passive and Active Actions, Kill Chain.

Please download the Cyber Deception course PDF.

Learning outcomes

Skills/competencies/knowledge that would be gained through this course:
  • understand basic cyber deception tactics used in civilian businesses and defence environments
  • understand how cyber deception tools and technologies protect computer networks and digital data
  • understand and set up honeypots, sinkholes and covert network tunnels
  • use open source software and command line tools to falsify web pages, web traffic and SSH services
  • demonstrate the ability to plan and use best industry practices in cyber deception.

Who should attend

Managers, network security professionals and cybersecurity engineers.

Cancellation policy

Courses will be held subject to sufficient registrations. UNSW Canberra reserves the right to cancel a course up to five working days prior to commencement of the course. If a course is cancelled, you will have the opportunity to transfer your registration or be issued a full refund. If registrant cancels within 10 days of course commencement, a 50% registration fee will apply. UNSW Canberra is a registered ACT provider under ESOS Act 2000-CRICOS provider Code 00098G.