Difference between revisions of "Ethical Hacking"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
(42 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | Outline kuliah Ethical Hacking untuk | + | Outline kuliah Ethical Hacking untuk 15 modul dengan fokus pada pengetahuan praktis dan skill hacking. Tiap pertemuan menggabungkan teori dan hands-on lab untuk mengembangkan keterampilan secara bertahap: |
==Pengantar Ethical Hacking== | ==Pengantar Ethical Hacking== | ||
Line 8: | Line 8: | ||
* [[Perangkat Tool dan Lingkungan Kerja (VM, Kali Linux)]] | * [[Perangkat Tool dan Lingkungan Kerja (VM, Kali Linux)]] | ||
* [[Hands-on: Setup Lab dan Lingkungan Testing Aman]] | * [[Hands-on: Setup Lab dan Lingkungan Testing Aman]] | ||
+ | |||
+ | |||
+ | * [[Definition of Ethical Hacking (en) ]] | ||
+ | * [[Roles and Responsibilities of an Ethical Hacker (en) ]] | ||
+ | * [[Legality, Ethics, and Law Related to Hacking. (en) ]] | ||
+ | * [[Tools and Work Environment (VM, Kali Linux) (en) ]] | ||
+ | * [[Hands-on: Setting Up a Secure Lab and Testing Environment (en) ]] | ||
==Metodologi Penetration Testing== | ==Metodologi Penetration Testing== | ||
Line 13: | Line 20: | ||
* [[Standar Penetration Testing (OWASP, NIST)]] | * [[Standar Penetration Testing (OWASP, NIST)]] | ||
* [[Hands-on: Membuat Rencana Penetration Testing]] | * [[Hands-on: Membuat Rencana Penetration Testing]] | ||
+ | |||
+ | |||
+ | * [[Penetration Testing Phases (Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks) (en)]] | ||
+ | * [[Penetration Testing Standards (OWASP, NIST) (en)]] | ||
+ | * [[Hands-on: Hands-on: Creating a Penetration Testing Plan (en)]] | ||
==Reconnaissance (Information Gathering)== | ==Reconnaissance (Information Gathering)== | ||
* [[Teknik Open Source Intelligence (OSINT)]] | * [[Teknik Open Source Intelligence (OSINT)]] | ||
* [[Passive dan Active Reconnaissance]] | * [[Passive dan Active Reconnaissance]] | ||
− | * [[Tools: WHOIS, | + | * [[Tools: WHOIS, dig, Maltego, Google Dorking]] |
* [[Hands-on: Pengumpulan Informasi Target secara Pasif]] | * [[Hands-on: Pengumpulan Informasi Target secara Pasif]] | ||
+ | |||
+ | |||
+ | * [[Open Source Intelligence (OSINT) Techniques (en)]] | ||
+ | * [[Passive and Active Reconnaissance (en)]] | ||
+ | * [[Tools: WHOIS, dig, Maltego, Google Dorking (en)]] | ||
+ | * [[Hands-on: Passive Target Information Gathering (en)]] | ||
==Scanning dan Enumeration== | ==Scanning dan Enumeration== | ||
Line 25: | Line 43: | ||
* [[Enumeration Services: SMB, SNMP, FTP, HTTP]] | * [[Enumeration Services: SMB, SNMP, FTP, HTTP]] | ||
* [[Hands-on: Identifikasi Port, Services, dan Vulnerability Target]] | * [[Hands-on: Identifikasi Port, Services, dan Vulnerability Target]] | ||
+ | |||
+ | |||
+ | * [[Network Scanning: Nmap, Netcat (en)]] | ||
+ | * [[Vulnerability Scanning: OpenVAS, Nessus (en)]] | ||
+ | * [[Enumeration Services: SMB, SNMP, FTP, HTTP (en)]] | ||
+ | * [[Hands-on: Target Port, Services, and Vulnerability Identification (en)]] | ||
==Exploitation Basics== | ==Exploitation Basics== | ||
Line 33: | Line 57: | ||
* [[Tools: Metasploit Framework]] | * [[Tools: Metasploit Framework]] | ||
* [[Hands-on: Menggunakan Metasploit untuk Eksploitasi]] | * [[Hands-on: Menggunakan Metasploit untuk Eksploitasi]] | ||
+ | |||
+ | |||
+ | * [[Pengertian Eksploitasi (en)]] | ||
+ | * [[Memahami Common Vulnerabilities (CVE) (en)]] | ||
+ | * [[Membuat Exploit sederhana berdasarkan CVE (en)]] | ||
+ | * [[Memilih dan Memodifikasi Exploit (en)]] | ||
+ | * [[Tools: Metasploit Framework (en)]] | ||
+ | * [[Hands-on: Menggunakan Metasploit untuk Eksploitasi (en)]] | ||
==Web Application Hacking - Bagian 1== | ==Web Application Hacking - Bagian 1== | ||
Line 39: | Line 71: | ||
* [[Tools: Burp Suite, OWASP ZAP]] | * [[Tools: Burp Suite, OWASP ZAP]] | ||
* [[Hands-on: Eksploitasi SQL Injection pada Aplikasi Web]] | * [[Hands-on: Eksploitasi SQL Injection pada Aplikasi Web]] | ||
+ | |||
+ | |||
+ | * [[Konsep HTTP, Session, dan Cookies (en)]] | ||
+ | * [[Vulnerabilities umum: SQL Injection, XSS (en)]] | ||
+ | * [[Tools: Burp Suite, OWASP ZAP (en)]] | ||
+ | * [[Hands-on: Eksploitasi SQL Injection pada Aplikasi Web (en)]] | ||
==Web Application Hacking - Bagian 2== | ==Web Application Hacking - Bagian 2== | ||
Line 45: | Line 83: | ||
* [[Directory Traversal, File Inclusion]] | * [[Directory Traversal, File Inclusion]] | ||
* [[Hands-on: Menggunakan Burp Suite untuk Menganalisis dan Mengeksploitasi Web App]] | * [[Hands-on: Menggunakan Burp Suite untuk Menganalisis dan Mengeksploitasi Web App]] | ||
+ | |||
+ | |||
+ | * [[CSRF (Cross-Site Request Forgery) (en)]] | ||
+ | * [[RCE (Remote Code Execution) (en)]] | ||
+ | * [[Directory Traversal, File Inclusion (en)]] | ||
+ | * [[Hands-on: Menggunakan Burp Suite untuk Menganalisis dan Mengeksploitasi Web App (en)]] | ||
==Password Cracking dan Authentication Bypass== | ==Password Cracking dan Authentication Bypass== | ||
Line 51: | Line 95: | ||
* [[Tools: John the Ripper, Hydra]] | * [[Tools: John the Ripper, Hydra]] | ||
* [[Hands-on: Password Cracking dan Authentication Bypass]] | * [[Hands-on: Password Cracking dan Authentication Bypass]] | ||
+ | |||
+ | |||
+ | * [[Teknik Password Cracking (Brute Force, Dictionary, Rainbow Table) (en)]] | ||
+ | * [[Bypass Authentication: Vulnerable Login Forms (en)]] | ||
+ | * [[Tools: John the Ripper, Hydra (en)]] | ||
+ | * [[Hands-on: Password Cracking dan Authentication Bypass (en)]] | ||
==Wireless Network Hacking== | ==Wireless Network Hacking== | ||
* [[Teknik dan Protokol Wireless (WEP, WPA/WPA2)]] | * [[Teknik dan Protokol Wireless (WEP, WPA/WPA2)]] | ||
+ | * [[Attacks: Man in The Middle]] | ||
* [[Attacks: WEP Cracking, WPA Handshake Capture]] | * [[Attacks: WEP Cracking, WPA Handshake Capture]] | ||
* [[Tools: Aircrack-ng, Wireshark]] | * [[Tools: Aircrack-ng, Wireshark]] | ||
* [[Hands-on: Menyerang Wireless Network dan Memecahkan Password WiFi]] | * [[Hands-on: Menyerang Wireless Network dan Memecahkan Password WiFi]] | ||
+ | |||
+ | |||
+ | * [[Teknik dan Protokol Wireless (WEP, WPA/WPA2) (en)]] | ||
+ | * [[Attacks: Man in The Middle (en)]] | ||
+ | * [[Attacks: WEP Cracking, WPA Handshake Capture (en)]] | ||
+ | * [[Tools: Aircrack-ng, Wireshark (en)]] | ||
+ | * [[Hands-on: Attack Wireless Network and Cracking WiFi Password (en)]] | ||
==Social Engineering== | ==Social Engineering== | ||
Line 63: | Line 121: | ||
* [[Tools: Social Engineering Toolkit (SET)]] | * [[Tools: Social Engineering Toolkit (SET)]] | ||
* [[Hands-on: Simulasi Phishing Attack]] | * [[Hands-on: Simulasi Phishing Attack]] | ||
+ | |||
+ | |||
+ | * [[Teknik Social Engineering: Phishing, Pretexting, Baiting (en)]] | ||
+ | * [[Email Spoofing dan Spear Phishing (en)]] | ||
+ | * [[Tools: Social Engineering Toolkit (SET) (en)]] | ||
+ | * [[Hands-on: Simulasi Phishing Attack (en)]] | ||
==Privilege Escalation== | ==Privilege Escalation== | ||
Line 69: | Line 133: | ||
* [[Exploiting Misconfigured Services]] | * [[Exploiting Misconfigured Services]] | ||
* [[Hands-on: Menaikkan Privilege di Sistem Linux dan Windows]] | * [[Hands-on: Menaikkan Privilege di Sistem Linux dan Windows]] | ||
+ | |||
+ | |||
+ | * [[Privilege Escalation Concept (en)]] | ||
+ | * [[Local vs Remote Escalation (en)]] | ||
+ | * [[Exploiting Misconfigured Services (en)]] | ||
+ | * [[Hands-on: Gaining Root and Administrator Access in Linux and Windows (en)]] | ||
==Post-Exploitation dan Maintaining Access== | ==Post-Exploitation dan Maintaining Access== | ||
Line 75: | Line 145: | ||
* [[Cleaning Tracks: Log Deletion, Anti-Forensics]] | * [[Cleaning Tracks: Log Deletion, Anti-Forensics]] | ||
* [[Hands-on: Menginstal Backdoor dan Teknik Persistensi di Sistem Target]] | * [[Hands-on: Menginstal Backdoor dan Teknik Persistensi di Sistem Target]] | ||
+ | |||
+ | |||
+ | * [[Backdoors and Persistence (en)]] | ||
+ | * [[Data Exfiltration (en)]] | ||
+ | * [[Cleaning Tracks: Log Deletion, Anti-Forensics (en)]] | ||
+ | * [[Hands-on: Installing a Backdoor and Persistence Techniques on a Target System (en)]] | ||
==Mobile Hacking== | ==Mobile Hacking== | ||
Line 81: | Line 157: | ||
* [[Tools: Drozer, APKTool]] | * [[Tools: Drozer, APKTool]] | ||
* [[Hands-on: Analisis dan Eksploitasi APK Android]] | * [[Hands-on: Analisis dan Eksploitasi APK Android]] | ||
+ | |||
+ | |||
+ | * [[Arsitektur and Security Model Android & iOS (en)]] | ||
+ | * [[Vulnerabilities in Mobile Applications (en)]] | ||
+ | * [[Tools: Drozer, APKTool (en)]] | ||
+ | * [[Hands-on: Android APK Analysis and Exploitation (en)]] | ||
==Capture The Flag (CTF) Challenge dan Review== | ==Capture The Flag (CTF) Challenge dan Review== | ||
Line 89: | Line 171: | ||
− | + | * [[CTF Challenge Solutions for Review (en)]] | |
− | + | * [[Skills and Knowledge Acquired (en)]] | |
− | + | * [[Comprehensive Penetration Testing Simulation (en)]] | |
− | Outline | + | * [[Hands-on: CTF Challenge (Individual/Group) (en)]] |
+ | |||
+ | ==Report Penetration Test== | ||
+ | |||
+ | * [[Report Penetration Test: Outline]] | ||
+ | * [[Report Penetration Test: Contoh Temuan Kerentanan]] | ||
+ | * [[Report Penetration Test: Contoh Temuan Eksploitasi]] | ||
+ | * [[Report Penetration Test: Contoh Temuan Dampak]] | ||
+ | * [[Report Penetration Test: Contoh Analisa Resiko]] | ||
+ | * [[Report Penetration Test: Contoh Penentuan Prioritas]] | ||
+ | * [[Report Penetration Test: Contoh Rekomendasi Perbaikan]] | ||
+ | * [[Report Penetration Test: Contoh Rekomendasi Mitigasi]] | ||
+ | * [[Report Penetration Test: Contoh Rekomendasi Pencegahan]] | ||
+ | |||
+ | |||
+ | * [[Report Penetration Test: Outline (en)]] | ||
+ | * [[Report Penetration Test: Example of Vulnerability Findings (en)]] | ||
+ | * [[Report Penetration Test: Examples of Exploitation Findings (en)]] | ||
+ | * [[Report Penetration Test: Examples of Impact Findings (en)]] | ||
+ | * [[Report Penetration Test: Example of Risk Analysis (en)]] | ||
+ | * [[Report Penetration Test: Example of Prioritizing (en)]] | ||
+ | * [[Report Penetration Test: Example of Improvement Recommendations (en)]] | ||
+ | * [[Report Penetration Test: Example of Mitigation Recommendations (en)]] | ||
+ | * [[Report Penetration Test: Example of Prevention Recommendations (en)]] |
Latest revision as of 07:24, 29 October 2024
Outline kuliah Ethical Hacking untuk 15 modul dengan fokus pada pengetahuan praktis dan skill hacking. Tiap pertemuan menggabungkan teori dan hands-on lab untuk mengembangkan keterampilan secara bertahap:
Pengantar Ethical Hacking
- Definisi Ethical Hacking
- Peran dan Tanggung Jawab Ethical Hacker
- Legalitas, Etika, dan Hukum terkait Hacking
- Perangkat Tool dan Lingkungan Kerja (VM, Kali Linux)
- Hands-on: Setup Lab dan Lingkungan Testing Aman
- Definition of Ethical Hacking (en)
- Roles and Responsibilities of an Ethical Hacker (en)
- Legality, Ethics, and Law Related to Hacking. (en)
- Tools and Work Environment (VM, Kali Linux) (en)
- Hands-on: Setting Up a Secure Lab and Testing Environment (en)
Metodologi Penetration Testing
- Fase Penetration Testing (Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks)
- Standar Penetration Testing (OWASP, NIST)
- Hands-on: Membuat Rencana Penetration Testing
- Penetration Testing Phases (Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks) (en)
- Penetration Testing Standards (OWASP, NIST) (en)
- Hands-on: Hands-on: Creating a Penetration Testing Plan (en)
Reconnaissance (Information Gathering)
- Teknik Open Source Intelligence (OSINT)
- Passive dan Active Reconnaissance
- Tools: WHOIS, dig, Maltego, Google Dorking
- Hands-on: Pengumpulan Informasi Target secara Pasif
- Open Source Intelligence (OSINT) Techniques (en)
- Passive and Active Reconnaissance (en)
- Tools: WHOIS, dig, Maltego, Google Dorking (en)
- Hands-on: Passive Target Information Gathering (en)
Scanning dan Enumeration
- Network Scanning: Nmap, Netcat
- Vulnerability Scanning: OpenVAS, Nessus
- Enumeration Services: SMB, SNMP, FTP, HTTP
- Hands-on: Identifikasi Port, Services, dan Vulnerability Target
- Network Scanning: Nmap, Netcat (en)
- Vulnerability Scanning: OpenVAS, Nessus (en)
- Enumeration Services: SMB, SNMP, FTP, HTTP (en)
- Hands-on: Target Port, Services, and Vulnerability Identification (en)
Exploitation Basics
- Pengertian Eksploitasi
- Memahami Common Vulnerabilities (CVE)
- Membuat Exploit sederhana berdasarkan CVE
- Memilih dan Memodifikasi Exploit
- Tools: Metasploit Framework
- Hands-on: Menggunakan Metasploit untuk Eksploitasi
- Pengertian Eksploitasi (en)
- Memahami Common Vulnerabilities (CVE) (en)
- Membuat Exploit sederhana berdasarkan CVE (en)
- Memilih dan Memodifikasi Exploit (en)
- Tools: Metasploit Framework (en)
- Hands-on: Menggunakan Metasploit untuk Eksploitasi (en)
Web Application Hacking - Bagian 1
- Konsep HTTP, Session, dan Cookies
- Vulnerabilities umum: SQL Injection, XSS
- Tools: Burp Suite, OWASP ZAP
- Hands-on: Eksploitasi SQL Injection pada Aplikasi Web
- Konsep HTTP, Session, dan Cookies (en)
- Vulnerabilities umum: SQL Injection, XSS (en)
- Tools: Burp Suite, OWASP ZAP (en)
- Hands-on: Eksploitasi SQL Injection pada Aplikasi Web (en)
Web Application Hacking - Bagian 2
- CSRF (Cross-Site Request Forgery)
- RCE (Remote Code Execution)
- Directory Traversal, File Inclusion
- Hands-on: Menggunakan Burp Suite untuk Menganalisis dan Mengeksploitasi Web App
- CSRF (Cross-Site Request Forgery) (en)
- RCE (Remote Code Execution) (en)
- Directory Traversal, File Inclusion (en)
- Hands-on: Menggunakan Burp Suite untuk Menganalisis dan Mengeksploitasi Web App (en)
Password Cracking dan Authentication Bypass
- Teknik Password Cracking (Brute Force, Dictionary, Rainbow Table)
- Bypass Authentication: Vulnerable Login Forms
- Tools: John the Ripper, Hydra
- Hands-on: Password Cracking dan Authentication Bypass
- Teknik Password Cracking (Brute Force, Dictionary, Rainbow Table) (en)
- Bypass Authentication: Vulnerable Login Forms (en)
- Tools: John the Ripper, Hydra (en)
- Hands-on: Password Cracking dan Authentication Bypass (en)
Wireless Network Hacking
- Teknik dan Protokol Wireless (WEP, WPA/WPA2)
- Attacks: Man in The Middle
- Attacks: WEP Cracking, WPA Handshake Capture
- Tools: Aircrack-ng, Wireshark
- Hands-on: Menyerang Wireless Network dan Memecahkan Password WiFi
- Teknik dan Protokol Wireless (WEP, WPA/WPA2) (en)
- Attacks: Man in The Middle (en)
- Attacks: WEP Cracking, WPA Handshake Capture (en)
- Tools: Aircrack-ng, Wireshark (en)
- Hands-on: Attack Wireless Network and Cracking WiFi Password (en)
Social Engineering
- Teknik Social Engineering: Phishing, Pretexting, Baiting
- Email Spoofing dan Spear Phishing
- Tools: Social Engineering Toolkit (SET)
- Hands-on: Simulasi Phishing Attack
- Teknik Social Engineering: Phishing, Pretexting, Baiting (en)
- Email Spoofing dan Spear Phishing (en)
- Tools: Social Engineering Toolkit (SET) (en)
- Hands-on: Simulasi Phishing Attack (en)
Privilege Escalation
- Konsep Privilege Escalation
- Local vs Remote Escalation
- Exploiting Misconfigured Services
- Hands-on: Menaikkan Privilege di Sistem Linux dan Windows
- Privilege Escalation Concept (en)
- Local vs Remote Escalation (en)
- Exploiting Misconfigured Services (en)
- Hands-on: Gaining Root and Administrator Access in Linux and Windows (en)
Post-Exploitation dan Maintaining Access
- Backdoors dan Persistence
- Data Exfiltration
- Cleaning Tracks: Log Deletion, Anti-Forensics
- Hands-on: Menginstal Backdoor dan Teknik Persistensi di Sistem Target
- Backdoors and Persistence (en)
- Data Exfiltration (en)
- Cleaning Tracks: Log Deletion, Anti-Forensics (en)
- Hands-on: Installing a Backdoor and Persistence Techniques on a Target System (en)
Mobile Hacking
- Arsitektur dan Security Model Android & iOS
- Vulnerabilities di Aplikasi Mobile
- Tools: Drozer, APKTool
- Hands-on: Analisis dan Eksploitasi APK Android
- Arsitektur and Security Model Android & iOS (en)
- Vulnerabilities in Mobile Applications (en)
- Tools: Drozer, APKTool (en)
- Hands-on: Android APK Analysis and Exploitation (en)
Capture The Flag (CTF) Challenge dan Review
- Penyelesaian Soal-soal CTF untuk Review
- Rekapitulasi Skill dan Pengetahuan
- Simulasi Penetration Testing Lengkap
- Hands-on: CTF Challenge (Individu/Kelompok)
- CTF Challenge Solutions for Review (en)
- Skills and Knowledge Acquired (en)
- Comprehensive Penetration Testing Simulation (en)
- Hands-on: CTF Challenge (Individual/Group) (en)
Report Penetration Test
- Report Penetration Test: Outline
- Report Penetration Test: Contoh Temuan Kerentanan
- Report Penetration Test: Contoh Temuan Eksploitasi
- Report Penetration Test: Contoh Temuan Dampak
- Report Penetration Test: Contoh Analisa Resiko
- Report Penetration Test: Contoh Penentuan Prioritas
- Report Penetration Test: Contoh Rekomendasi Perbaikan
- Report Penetration Test: Contoh Rekomendasi Mitigasi
- Report Penetration Test: Contoh Rekomendasi Pencegahan
- Report Penetration Test: Outline (en)
- Report Penetration Test: Example of Vulnerability Findings (en)
- Report Penetration Test: Examples of Exploitation Findings (en)
- Report Penetration Test: Examples of Impact Findings (en)
- Report Penetration Test: Example of Risk Analysis (en)
- Report Penetration Test: Example of Prioritizing (en)
- Report Penetration Test: Example of Improvement Recommendations (en)
- Report Penetration Test: Example of Mitigation Recommendations (en)
- Report Penetration Test: Example of Prevention Recommendations (en)