CYBR471 (2021) - Offensive and Defensive Security


This course focuses on offensive and defensive security techniques in the context of incident handling, best practices and theories about attacker behaviour. The course will include lectures and demonstrations but is designed around a virtual lab environment and scenarios that provide robust and realistic hands-on experiences in dealing with a range of offensive and defensive topic areas such as cybersecurity intelligence and investigation, incident response, and proactive cybersecurity.

Course learning objectives

Students who pass this course will be able to:

  1. Demonstrate an understanding of the methodologies used by attackers and defenders by developing and documenting plans for both incident handling and for conducting attacks.
  2. Evaluate the strengths and weaknesses of a range of defensive and offensive technique such as digital forensics, malware analysis, vulnerability discovery, ethical hacking activities and open source intelligence gathering.
  3. Show an appreciation for the legal and ethical dimensions of both cyber defensive and offensive activities in context of military and non-military contexts.

Course content

The course is primarily offered in-person, but there will also be a remote option and there will be online alternatives for all the components of the course for students who cannot attend in-person.
Students taking this course remotely must have access to a computer with camera and microphone and a reliable high speed internet connection that will support real-time video plus audio connections and screen sharing. Students must be able to use Zoom; other communication applications may also be used. A mobile phone connection only is not considered sufficient. The computer must be adequate to support the programming required by the course: a reasonably powerful Windows, Macintosh, or Unix laptop or desktop computer should be sufficient, but an Android or IOS tablet will not.
If the assessment of the course includes tests, the tests will generally be run in-person on the Kelburn campus. There will be a remote option for students who cannot attend in-person and who have a strong justification (for example, being enrolled from overseas). The remote test option may use the ProctorU system for online supervision of the tests. ProctorU requires installation of monitoring software on your computer which also uses your camera and microphone, and monitors your test-taking in real-time. Students who will need to use the remote test option must contact the course coordinator in the first two weeks to get permission and make arrangements.

Withdrawal from Course

Withdrawal dates and process:


Ian Welch

Teaching Format

This course will be offered in-person and online. For students in Wellington, there will be a combination of in-person components and web/internet based resources. It will also be possible to take the course entirely online for those who cannot attend on campus, with all the components provided in-person also made available online.
A weekly lecture and lab session, and individual assignments during the whole course.

Student feedback

Student feedback on University courses may be found at

Dates (trimester, teaching & break dates)

  • Teaching: 22 February 2021 - 28 May 2021
  • Break: 05 April 2021 - 18 April 2021
  • Study period: 31 May 2021 - 03 June 2021
  • Exam period: 04 June 2021 - 19 June 2021

Class Times and Room Numbers

22 February 2021 - 04 April 2021

  • Wednesday 09:00 - 09:50 – 201, Easterfield, Kelburn
  • Friday 09:00 - 09:50 – 201, Easterfield, Kelburn
19 April 2021 - 30 May 2021

  • Wednesday 09:00 - 09:50 – 201, Easterfield, Kelburn
  • Friday 09:00 - 09:50 – 201, Easterfield, Kelburn

Other Classes

Labs begin in week two of the course and are scheduled on Fridays starting at 9am. All labs take place in CO139.


There are no required texts for this offering.

Mandatory Course Requirements

In addition to achieving an overall pass mark of at least 50%, students must:

  • Submit reasonable attempts at all three assessment items, because completing all of the assessments is where much of the learning related to the CLOs of the course will take place.

If you believe that exceptional circumstances may prevent you from meeting the mandatory course requirements, contact the Course Coordinator for advice as soon as possible.


The first two assignments are very "hands on" in nature and the third one requires you to do some programming.

Assessment ItemDue Date or Test DateCLO(s)Percentage
Offensive security assignment (5 weeks)end of week 6CLO: 1,2,330%
Defensive security assignment (5 weeks)end of week 11CLO: 1,2,330%
Develop a tool (4 weeks)end of week 15CLO: 1,2,340%


Each student will have 3 "late days" - 72 hours of automatic extension which will be applied to any assignment or assignments during the course, as needed. Please note that these 72 hours are for the whole course, not for each assignment. 
The penalty for late work beyond your allocation of "late days" will be 10% shrinking cap per day after the due date, unless there has been prior negotiation. Shrinking cap reduces maximum mark per day so after 3 days the maximum mark is 70%(B) but C+ work will receive a C+ grade.


Individual extensions will only be granted in exceptional personal circumstances, and should be negotiated with the course coordinator before the deadline whenever possible. Documentation (eg, medical certificate) may be required.

Submission & Return

All work should be submitted through the ECS submission system, accessible through the course web pages. Marks and comments will be returned through the ECS marking system, also available through the course web pages.

Required Equipment

You can do all of the work using a standard ECS workstation. You will need to install a free copy of either VMware or VirtualBox on your laptop to complete the third assignment.


The student workload for this course is 150 hours. A plausible and approximate breakdown for these hours would be:

  • Lectures/labs: 2
  • Readings: 2
  • Assignments: 6

Teaching Plan


Communication of Additional Information

All online material for this course can be accessed at

Offering CRN: 32239

Points: 15
Prerequisites: CYBR 271, 371, 373
Duration: 22 February 2021 - 20 June 2021
Starts: Trimester 1
Campus: Kelburn