Difference between revisions of "Ethical Hacking"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) (Created page with "Outline kuliah Ethical Hacking untuk 14 pertemuan dengan fokus pada pengetahuan praktis dan skill hacking. Tiap pertemuan menggabungkan teori dan hands-on lab untuk mengembang...") |
Onnowpurbo (talk | contribs) |
||
(7 intermediate revisions by the same user not shown) | |||
Line 6: | Line 6: | ||
* [[Peran dan Tanggung Jawab Ethical Hacker]] | * [[Peran dan Tanggung Jawab Ethical Hacker]] | ||
* [[Legalitas, Etika, dan Hukum terkait Hacking]] | * [[Legalitas, Etika, dan Hukum terkait Hacking]] | ||
− | * [[Perangkat dan Lingkungan Kerja (VM, Kali Linux)]] | + | * [[Perangkat Tool dan Lingkungan Kerja (VM, Kali Linux)]] |
* [[Hands-on: Setup Lab dan Lingkungan Testing Aman]] | * [[Hands-on: Setup Lab dan Lingkungan Testing Aman]] | ||
Line 15: | Line 15: | ||
==Reconnaissance (Information Gathering)== | ==Reconnaissance (Information Gathering)== | ||
− | + | * [[Teknik Open Source Intelligence (OSINT)]] | |
− | + | * [[Passive dan Active Reconnaissance]] | |
− | + | * [[Tools: WHOIS, nslookup, Maltego, Google Dorking]] | |
− | + | * [[Hands-on: Pengumpulan Informasi Target secara Pasif]] | |
==Scanning dan Enumeration== | ==Scanning dan Enumeration== | ||
− | + | * [[Network Scanning: Nmap, Netcat]] | |
− | + | * [[Vulnerability Scanning: OpenVAS, Nessus]] | |
− | + | * [[Enumeration Services: SMB, SNMP, FTP, HTTP]] | |
− | + | * [[Hands-on: Identifikasi Port, Services, dan Vulnerability Target]] | |
==Exploitation Basics== | ==Exploitation Basics== | ||
− | + | * [[Pengertian Eksploitasi]] | |
− | + | * [[Memahami Common Vulnerabilities (CVE)]] | |
− | + | * [[Membuat Exploit sederhana berdasarkan CVE]] | |
− | + | * [[Memilih dan Memodifikasi Exploit]] | |
− | + | * [[Tools: Metasploit Framework]] | |
+ | * [[Hands-on: Menggunakan Metasploit untuk Eksploitasi]] | ||
==Web Application Hacking - Bagian 1== | ==Web Application Hacking - Bagian 1== | ||
− | + | * [[Konsep HTTP, Session, dan Cookies]] | |
− | + | * [[Vulnerabilities umum: SQL Injection, XSS]] | |
− | + | * [[Tools: Burp Suite, OWASP ZAP]] | |
− | + | * [[Hands-on: Eksploitasi SQL Injection pada Aplikasi Web]] | |
==Web Application Hacking - Bagian 2== | ==Web Application Hacking - Bagian 2== | ||
− | + | * [[CSRF (Cross-Site Request Forgery)]] | |
− | + | * [[RCE (Remote Code Execution)]] | |
− | + | * [[Directory Traversal, File Inclusion]] | |
− | + | * [[Hands-on: Menggunakan Burp Suite untuk Menganalisis dan Mengeksploitasi Web App]] | |
==Password Cracking dan Authentication Bypass== | ==Password Cracking dan Authentication Bypass== | ||
− | + | * [[Teknik Password Cracking (Brute Force, Dictionary, Rainbow Table)]] | |
− | + | * [[Bypass Authentication: Vulnerable Login Forms]] | |
− | + | * [[Tools: John the Ripper, Hydra]] | |
− | + | * [[Hands-on: Password Cracking dan Authentication Bypass]] | |
==Wireless Network Hacking== | ==Wireless Network Hacking== | ||
− | + | * [[Teknik dan Protokol Wireless (WEP, WPA/WPA2)]] | |
− | + | * [[Attacks: WEP Cracking, WPA Handshake Capture]] | |
− | + | * [[Tools: Aircrack-ng, Wireshark]] | |
− | + | * [[Hands-on: Menyerang Wireless Network dan Memecahkan Password WiFi]] | |
==Social Engineering== | ==Social Engineering== | ||
− | + | * [[Teknik Social Engineering: Phishing, Pretexting, Baiting]] | |
− | + | * [[Email Spoofing dan Spear Phishing]] | |
− | + | * [[Tools: Social Engineering Toolkit (SET)]] | |
− | + | * [[Hands-on: Simulasi Phishing Attack]] | |
==Privilege Escalation== | ==Privilege Escalation== | ||
− | + | * [[Konsep Privilege Escalation]] | |
− | + | * [[Local vs Remote Escalation]] | |
− | + | * [[Exploiting Misconfigured Services]] | |
− | + | * [[Hands-on: Menaikkan Privilege di Sistem Linux dan Windows]] | |
==Post-Exploitation dan Maintaining Access== | ==Post-Exploitation dan Maintaining Access== | ||
− | + | * [[Backdoors dan Persistence]] | |
− | + | * [[Data Exfiltration]] | |
− | + | * [[Cleaning Tracks: Log Deletion, Anti-Forensics]] | |
− | + | * [[Hands-on: Menginstal Backdoor dan Teknik Persistensi di Sistem Target]] | |
==Mobile Hacking== | ==Mobile Hacking== | ||
− | + | * [[Arsitektur dan Security Model Android & iOS]] | |
− | + | * [[Vulnerabilities di Aplikasi Mobile]] | |
− | + | * [[Tools: Drozer, APKTool]] | |
− | + | * [[Hands-on: Analisis dan Eksploitasi APK Android]] | |
==Capture The Flag (CTF) Challenge dan Review== | ==Capture The Flag (CTF) Challenge dan Review== | ||
− | + | * [[Penyelesaian Soal-soal CTF untuk Review]] | |
− | + | * [[Rekapitulasi Skill dan Pengetahuan]] | |
− | + | * [[Simulasi Penetration Testing Lengkap]] | |
− | + | * [[Hands-on: CTF Challenge (Individu/Kelompok)]] | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− |
Latest revision as of 19:52, 15 September 2024
Outline kuliah Ethical Hacking untuk 14 pertemuan dengan fokus pada pengetahuan praktis dan skill hacking. Tiap pertemuan menggabungkan teori dan hands-on lab untuk mengembangkan keterampilan secara bertahap:
Pengantar Ethical Hacking
- Definisi Ethical Hacking
- Peran dan Tanggung Jawab Ethical Hacker
- Legalitas, Etika, dan Hukum terkait Hacking
- Perangkat Tool dan Lingkungan Kerja (VM, Kali Linux)
- Hands-on: Setup Lab dan Lingkungan Testing Aman
Metodologi Penetration Testing
- Fase Penetration Testing (Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks)
- Standar Penetration Testing (OWASP, NIST)
- Hands-on: Membuat Rencana Penetration Testing
Reconnaissance (Information Gathering)
- Teknik Open Source Intelligence (OSINT)
- Passive dan Active Reconnaissance
- Tools: WHOIS, nslookup, Maltego, Google Dorking
- Hands-on: Pengumpulan Informasi Target secara Pasif
Scanning dan Enumeration
- Network Scanning: Nmap, Netcat
- Vulnerability Scanning: OpenVAS, Nessus
- Enumeration Services: SMB, SNMP, FTP, HTTP
- Hands-on: Identifikasi Port, Services, dan Vulnerability Target
Exploitation Basics
- Pengertian Eksploitasi
- Memahami Common Vulnerabilities (CVE)
- Membuat Exploit sederhana berdasarkan CVE
- Memilih dan Memodifikasi Exploit
- Tools: Metasploit Framework
- Hands-on: Menggunakan Metasploit untuk Eksploitasi
Web Application Hacking - Bagian 1
- Konsep HTTP, Session, dan Cookies
- Vulnerabilities umum: SQL Injection, XSS
- Tools: Burp Suite, OWASP ZAP
- Hands-on: Eksploitasi SQL Injection pada Aplikasi Web
Web Application Hacking - Bagian 2
- CSRF (Cross-Site Request Forgery)
- RCE (Remote Code Execution)
- Directory Traversal, File Inclusion
- Hands-on: Menggunakan Burp Suite untuk Menganalisis dan Mengeksploitasi Web App
Password Cracking dan Authentication Bypass
- Teknik Password Cracking (Brute Force, Dictionary, Rainbow Table)
- Bypass Authentication: Vulnerable Login Forms
- Tools: John the Ripper, Hydra
- Hands-on: Password Cracking dan Authentication Bypass
Wireless Network Hacking
- Teknik dan Protokol Wireless (WEP, WPA/WPA2)
- Attacks: WEP Cracking, WPA Handshake Capture
- Tools: Aircrack-ng, Wireshark
- Hands-on: Menyerang Wireless Network dan Memecahkan Password WiFi
Social Engineering
- Teknik Social Engineering: Phishing, Pretexting, Baiting
- Email Spoofing dan Spear Phishing
- Tools: Social Engineering Toolkit (SET)
- Hands-on: Simulasi Phishing Attack
Privilege Escalation
- Konsep Privilege Escalation
- Local vs Remote Escalation
- Exploiting Misconfigured Services
- Hands-on: Menaikkan Privilege di Sistem Linux dan Windows
Post-Exploitation dan Maintaining Access
- Backdoors dan Persistence
- Data Exfiltration
- Cleaning Tracks: Log Deletion, Anti-Forensics
- Hands-on: Menginstal Backdoor dan Teknik Persistensi di Sistem Target
Mobile Hacking
- Arsitektur dan Security Model Android & iOS
- Vulnerabilities di Aplikasi Mobile
- Tools: Drozer, APKTool
- Hands-on: Analisis dan Eksploitasi APK Android