COSC421-24S1 (C) Semester One 2024

Advanced Topics in Security

15 points

Start Date: Monday, 19 February 2024
End Date: Sunday, 23 June 2024
Withdrawal Dates
Last Day to withdraw from this course:
  • Without financial penalty (full fee refund): Sunday, 3 March 2024
  • Without academic penalty (including no fee refund): Sunday, 12 May 2024


This course will cover the wide-ranging issues on advanced topics in computer, network, and systems security. Students will learn from security fundamentals to advanced topics in security.

This is a highly practical course in which lectures and lab work are integrated. It is designed to provide practical skills in building secure industry and Government systems as well as developing a range of penetration testing skills.
Students need to be familiar with configuring Windows and Linux systems and will work in pairs in a lab environment and both build secure systems as well as test them for cyber security vulnerabilities. All software and hardware used will be industry grade equipment. All experiments are to be written up as individuals (but with shared results) and submitted according to a prescribed format.

These six topics are fundamental to applied cybersecurity and students will be provided with background fundamentals and will then design and test Wireless/Mobile systems, VPNs, IoT, Smartcard Systems, Multi-factor authentication and reverse-shell engineering attacks in the cybersecurity lab.

• Wireless/Mobile LANs – Vulnerabilities in mobile and wireless network architecture. Wireless Enterprise Architecture – design, setup and testing, Android and Bluetooth vulnerabilities. This lab focuses on graduates who will work in the area of wireless and mobile enterprise security and will be responsible for design, implementation, testing and addressing key cybersecurity issues in this framework.

• VPNs (Virtual Private Networks) – design and setting up of VPNs for secure cloud access. We will build two types of VPNs in the lab – OpenVPN or a Linux Wireguard VPN and an industry-based IKEv2-VPN. We will test their operation with servers, firewalls and mobile client devices such as laptops and mobile phones.

• IoT (IN)Security. IoT devices are becoming widely used in home automation, offices and in SCADA systems. We will experiment with IoT devices such as switches, lights, thermostats, video cameras, door locks, and music players. In particular we will see how traffic between the mobile device and IoT device can be intercepted and modified and in certain circumstances one can take control of these systems.

• Smartcard technology is used in ticketing systems such as Oyster, Octopus, Snapper, Metro, Myki, Gallagher access and for contactless payment. libnfc is a software library run out of Kali Linux and used for smartcards. A set of python scripts will be used for carrying out basic security analysis functions on smartcards such as reading, writing and cracking. This work will then be interfaced with the Gallagher smartcard system as used within the UoC for physical security.

• Multi-Factor Authentication including RSA hard and soft tokens and Google Authenticators. Active Directory, RSA multifactor authentication using hardware, software and mobile phone devices. Google Authentication using a RADIUS Server and PAM (Pluggable Authentication Module) to handle the Google Authenticator component of 2FA in conjunction with mobile phone authenticators.

• Reverse Shell and Ransomware attacks: MSFvenom, EternalBlue, Mousejack and USB cable attacks. The Metasploit Framework is commonly used by pen testers and involves the setting up of listeners that create an environment (referred to as a Meterpreter) to manipulate compromised machines. In these labs we will see how this framework within Kali Linux can be used to attack (or indeed test the security) of a Windows 10 machines through to ransomware attacks which encrypt client databases.

All six of these topics (both lectures and labs) will run in the specialist cybersecurity lab – Room West 715.

The precise timetable for lecture-lab combinations will be released early February.

Learning Outcomes

1. Discuss the concepts of wireless and mobile security including the operation of IoT devices and how interception and modification of traffic can occur and be protected against [WA1, WA10]
2. Design and test VPNs for cloud operation which are immune to cyber-attacks [WA3]
3. Analyse how smartcard security is used with the Gallagher system at UoC, Justice Precinct and Convention Centre [WA4]
4. Experiment with reverse shell engineering attacks (typical of those used to attack the UK National Health Service) [WA4, WA5]
5. Build secure 2FA systems as used in UoC and Google involving both RSA and Google authenticators [WA3]

University Graduate Attributes

This course will provide students with an opportunity to develop the Graduate Attributes specified below:

Employable, innovative and enterprising

Students will develop key skills and attributes sought by employers that can be used in a range of applications.


(1) COSC362 and (2) subject to approval by the Head of Department

Timetable 2024

Students must attend one activity from each section.

Lecture A
Activity Day Time Location Weeks
01 Thursday 14:00 - 16:00 E12
19 Feb - 25 Feb

Timetable Note

All activities are in the West715 laboratory at a time arranged by the Lecturer for each person individually.

Course Coordinator

Richard Green


Ray Hunt


Assessment Due Date Percentage 
Assignments 60%
Final Exam 40%

Additional Course Outline Information

Assessment and grading system

Assessment: 60% Assignments
40% Final Exam

Grade moderation

The Computer Science department's grading policy states that in order to pass a course you must meet two requirements:
1. You must achieve an average grade of at least 50% over all assessment items.
2. You must achieve an average mark of at least 45% on invigilated assessment items.

If you satisfy both these criteria, your grade will be determined by the following University-wide scale for converting marks to grades: an average mark of 50% is sufficient for a C- grade, an average mark of 55% earns a C grade, 60% earns a C+ grade and so forth. However if you do not satisfy both the passing criteria you will be given either a D or E grade depending on marks. Marks are sometimes scaled to achieve consistency between courses from year to year.

Students may apply for special consideration if their performance in an assessment is affected by extenuating circumstances beyond their control.

Applications for special consideration should be submitted via the Examinations Office website within five days of the assessment.

Where an extension may be granted for an assessment, this will be decided by direct application to the Department and an application to the Examinations Office may not be required.

Special consideration is not available for items worth less than 10% of the course.

Students prevented by extenuating circumstances from completing the course after the final date for withdrawing, may apply for special consideration for late discontinuation of the course. Applications must be submitted to the Examinations Office within five days of the end of the main examination period for the semester.

Indicative Fees

Domestic fee $1,110.00

* All fees are inclusive of NZ GST or any equivalent overseas tax, and do not include any programme level discount or additional course-related expenses.

Minimum enrolments

This course will not be offered if fewer than 5 people apply to enrol.

For further information see Computer Science and Software Engineering .

All COSC421 Occurrences

  • COSC421-24S1 (C) Semester One 2024