Cyber Offence

UNSW graphic yellow


This course currently has no scheduled dates. To express interest in this course or to discuss bespoke options for yourself or your organisation, please submit an expression of interest or contact the Professional Education Team on +61 2 5114 5573 or


5 days

Delivery mode




Standard price


Defence price


Accelerate your career, learn new skills, and expand your knowledge.

First in Australia for research excellence and impact.

Top 50 in the world. 2020 QS World University Rankings.


This course provides the foundation for offensive tactical cyber operations to develop knowledge and skills of various tools, techniques and procedures (TTP) involved with offensive cyber operations, and to develop competence in addressing strategic, operational and tactical issues of cyber operations. Students will be walked through the various stages of the Cyber Kill Chain, which is an industry-accepted methodology for understanding how an attacker conducts the activities necessary to cause harm to an organisation. For every stage, students will receive hands-on experience with various TTPs as employed by cyber threat actors.

Course content

Day 1: Cyber Offence Basics

This session introduces the Cyber Kill Chain and legal aspects of Cyber Offence. We'll then look at Windows and Kali Linux File System navigation and manipulation, and go through basic computer networking principles. Students will utilise virtual machines to do exercises with Netcat and Wireshark.


Command Line, Standard input/output, Pipes, IP Addresses, Ports, Network Commands, Services, Netcat, Wireshark.

Day 2: Reconnaissance

This session introduces the main reconnaissance techniques, including Social Engineering, OSINT, network enumeration, vulnerability scanning, email harvesting, and OS (and service) fingerprinting. Practical exercises include passive recon on real targets and active recon on the virtual machines.


SMTP, SMB, SNMP and DNS Enumeration, nmap, nikto, SET, phishing, OpenVAS, the Harvester.

Day 3: Access and Exploitation

This session introduces students to Searching for Exploits, Execution Techniques and Transfer Methods. Practical exercises include creating a reverse shell using msfvenom, outputting and executing payloads and detecting them with Metasploit.


Exploit Sources, Bind vs Reverse, Staged vs Stageless, Executable Formats, Metasploit, Msfvenom, Catching Shells.

Days 4 & 5: Perseverance and Exfiltration

This session covers basic Windows and Linux escalation techniques such as Kernel Exploits, Privileged Exploits, Attacking Hashes, and Pivoting. Students learn to understand password hacking using Meterpreter and Medusa. We will also look at avoiding detection, website attacks, and exfiltration.


Kernel Exploits, High Privileged Programs Credential Theft, Insecure Configurations, Privileged Exploits, Metasploit, Proxytunnels.

Please download the Cyber Offence course PDF.

Learning outcomes

Skills/competencies/knowledge that would be gained through this course:
  • conduct simple computer network operations by defining the suitable operation goals and outcomes
  • identify opportunities in defeating cyber threat actor tradecraft by understanding the full spectrum of offensive activities
  • improve an organisation’s security by understanding and acting on artefacts and signatures generated by cyber offensive activities
  • provide advice to policy makers on strategic issues regarding cyber capabilities, doctrine, and partnerships
  • plan computer network operations using industry and government best practices.

Who should attend

This course is well suited to experienced IT professionals who wish to specialise in offensive and defensive tactical Cyber Operations.

Cancellation policy

Courses will be held subject to sufficient registrations. UNSW Canberra reserves the right to cancel a course up to five working days prior to commencement of the course. If a course is cancelled, you will have the opportunity to transfer your registration or be issued a full refund. If registrant cancels within 10 days of course commencement, a 50% registration fee will apply. UNSW Canberra is a registered ACT provider under ESOS Act 2000-CRICOS provider Code 00098G.