Intrusion Analysis and Response

UNSW graphic yellow


This course currently has no scheduled dates. To express interest in this course or to discuss bespoke options for yourself or your organisation, please submit an expression of interest or contact the Professional Education Team on +61 2 5114 5573 or


5 days

Delivery mode




Standard price


Defence price


  • Accelerate your career, learn new skills, and expand your knowledge.

  • First in Australia for research excellence and impact.

  • Top 50 in the world. 2020 QS World University Rankings.


This course aims to develop knowledge and understanding of the strategies, techniques and technologies used in attacking and defending networks, and how to design secure networks and protect against intrusion, malware and other hacker exploits.

Designed as either a standalone course or to follow on from Introduction to Pen Testing, the course explores attackers’ mindsets and methods, and works through the different ways of protecting the estate. The course also covers keystone technologies required in an effective security defence solution including an introduction to usable and effective policies that staff will follow and not be encouraged to work around.

Course content

Day 1

Network Security and Linux IAR Fundamentals

This session looks at Linux incident analysis and response processes, specifically Bash Shell scripting, permissions, shell expansion, functions and hashing. Students will also be introduced to network security fundamentals, looking at layers, services, protocols and common issues.


Linux Command Line, Shell Coding, Trustico, Networking, Traffic Management, Security Architecture, SSL Components, Firewall Principles, Intrusion Analysis Practices.

Day 2

Cryptography and Computer Networks

This session introduces students to the principles of cryptography, properties of secure communication and methods of encryption/decryption. Students will then be stepped through the fundamentals of computer networks, covering transport-layer services, UDP/TCP and IP protocol.


Confidentiality, Authentication, Integrity, Digital Signatures, Access Control, Public Key Algorithms, Transport & Network Layer Protocols, Internet Routing.

Day 3

Introduction to MANET; Incident Analysis & Response Theory

This session covers the characteristics of mobile ad hoc networks (MANET), their applications and common security vulnerabilities. It will also focus on the concepts and practical processes of incident analysis and response.


Security in MANET, Dynamic Source Routing, Attacks in MANET, DDoS, Incident Response Process, Electronic Evidence Collection and Analysis, Cyber Kill Chain techniques.

Day 4

Attacks, Counter Measures, Security Assessment and Testing

This session looks at different types of attack vectors and methods of defence. Students are introduced to security assessment, risk identification and evaluation techniques. We'll also look at penetration testing methodologies, information gathering and flaw testing.


In-line Memory Attacks, Webshells, Dos Attack, Flood Attack, Smurf IP Attack, Asset Identification, Threat Assessment, Security Assessment Components, Probing the Network.

Day 5

Legal, Privacy and Ethical Aspects

This session provides an overview of various governance issues involved with cybercrime and computer crime. Students are introduced to the issues facing law enforcement, intellectual property and copyright implications, privacy concerns and ethical codes of conduct.


Types of Property, Patents, Trademarks, DMCA Copyright Act, Privacy Protections, Australian and Global Privacy Laws, Data Surveillance.

Download the course outline

Learning outcomes

Skills/competencies/knowledge that would be gained through this course:
  • understand the main functions of a Security Operations Centre
  • understand and evaluate the key issues involved in designing secure networks
  • understand the issues arising in the collection of computer evidence after network breach
  • develop effective risk management plans to protect against malware and other hacking exploits
  • formulate a range of strategies and solutions for testing and continuously improving the security of a network.

Who should attend

This course is useful for IT graduates entering the Cyber Security profession or those in junior Cyber Security roles.  It's also useful for investigators who wish to develop a technical approach to their profession. Prior attendance at Cyber Security Boot Camp is recommended.

Cancellation policy

Courses will be held subject to sufficient registrations. UNSW Canberra reserves the right to cancel a course up to five working days prior to commencement of the course. If a course is cancelled, you will have the opportunity to transfer your registration or be issued a full refund. If registrant cancels within 10 days of course commencement, a 50% registration fee will apply. UNSW Canberra is a registered ACT provider under ESOS Act 2000-CRICOS provider Code 00098G.