Introduction to Pen Testing

UNSW graphic yellow


This course currently has no scheduled dates. To express interest in this course or to discuss bespoke options for yourself or your organisation, please submit an expression of interest or contact the Professional Education Team on +61 2 5114 5573 or


5 days

Delivery mode




Standard price


Defence price


Accelerate your career, learn new skills, and expand your knowledge.

First in Australia for research excellence and impact.

Top 50 in the world. 2020 QS World University Rankings.


This course provides an introduction to Penetration Testing and works through the differences between Vulnerability Assessments and actual Penetration Tests. The course takes participants into the attacker's world and the lengths that are taken to gain a foothold in the networks of their victims.

Course content

Day 1: Pen Testing Introduction

This session gives a brief history and overview of the  purpose and different types of penetration testing. We'll also discuss the goals and outcomes of penetration testing, rules of engagement that govern the field, data collection and reporting methods.


Red teaming, Vulnerability scanning, Attack cycles, Change control, Testing frameworks, Exploit techniques, Stakeholder engagement.

Day 2: Scanning and Enumeration

This session looks at the techniques and tools used in network scanning such as ARP sweeping, DNS scanning, DNS enumeration and port scanning. We'll also run through several practical lab-based exercises utilising Ettercap and Kali Linux.


Networking scanning, Google hacking database vulnerability scanning, Netcat, Nikto, Golismero tool, Dnswalk, Dnsrecon, Fierce Script, Thehavester.

Day 3: Exploitation Techniques

We continue exploring network exploitation techniques utilising the Metasploit framework, modules and shellcode payloads. Afterwards, we’ll see how the framework integrates with Postgresql database within Kali Linux, and have a lab walkthrough on MSF3 Windows System.


Metasploit framework, Ruby programming, Exploit code, Auxiliary modules, Exploit modules, Post modules, Shellcode, Listeners, Encoders, Social Engineer Toolkit.

Day 4: Website Penetration Testing

This session will broaden your knowledge of web-based attacks and provide a greater understanding of how dangerous and difficult they are to identify and track. You'll gain hands-on experience using the same tools and processes attackers follow in simulated online scenarios.


Injection attacks, Scripting attacks, Sensitive information exposure, Cross site scripting, SQLi, SQLMAP, Web scanners, directory brute force tools.

Day 5: Internal Testing & Social Engineering

This session focuses on how social engineering (SE) campaigns are formed and will introduce some of the software and methods used for these attacks. We'll touch on the use of SMB Protocol, MimiKatz, Responder Python Script and Social-Engineer Toolkit.


SMB Protocol with Kali Linux, MimiKatz Post exploit tool, Responder Python Script, Browser exploitation framework.

Please download the Introduction to Pen Testing course PDF.

Learning outcomes

Skills/competencies/knowledge that would be gained through this course:
  • understand the different types of penetration testing and the industry standards that regulate the field
  • understand how penetration testers utilise common attack vectors in exploits
  • use software and command line tools for scanning, enumeration and exploitation
  • understand how web-based attacks affect penetration testing workflows
  • understand how social engineering techniques are utilised in penetration testing strategies.

Who should attend

This course is useful for IT graduates entering the Cyber Security profession or those in junior and intermediate Cyber Security roles.

Cancellation policy

Courses will be held subject to sufficient registrations. UNSW Canberra reserves the right to cancel a course up to five working days prior to commencement of the course. If a course is cancelled, you will have the opportunity to transfer your registration or be issued a full refund. If registrant cancels within 10 days of course commencement, a 50% registration fee will apply. UNSW Canberra is a registered ACT provider under ESOS Act 2000-CRICOS provider Code 00098G.