Difference between revisions of "Ethical Hacking"

From OnnoWiki
Jump to navigation Jump to search
 
(28 intermediate revisions by the same user not shown)
Line 10: Line 10:
  
  
* [[Definisi Ethical Hacking {en}]]
+
* [[Definition of Ethical Hacking (en) ]]
* [[Peran dan Tanggung Jawab Ethical Hacker {en}]]
+
* [[Roles and Responsibilities of an Ethical Hacker (en) ]]
* [[Legalitas, Etika, dan Hukum terkait Hacking {en}]]
+
* [[Legality, Ethics, and Law Related to Hacking. (en) ]]
* [[Perangkat Tool dan Lingkungan Kerja (VM, Kali Linux) {en}]]
+
* [[Tools and Work Environment (VM, Kali Linux) (en) ]]
* [[Hands-on: Setup Lab dan Lingkungan Testing Aman {en}]]
+
* [[Hands-on: Setting Up a Secure Lab and Testing Environment (en) ]]
 
 
  
 
==Metodologi Penetration Testing==
 
==Metodologi Penetration Testing==
Line 22: Line 21:
 
* [[Hands-on: Membuat Rencana Penetration Testing]]
 
* [[Hands-on: Membuat Rencana Penetration Testing]]
  
* [[Fase Penetration Testing (Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks) {en}]]
+
 
* [[Standar Penetration Testing (OWASP, NIST) {en}]]
+
* [[Penetration Testing Phases (Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks) (en)]]
* [[Hands-on: Membuat Rencana Penetration Testing {en}]]
+
* [[Penetration Testing Standards (OWASP, NIST) (en)]]
 +
* [[Hands-on: Hands-on: Creating a Penetration Testing Plan (en)]]
  
 
==Reconnaissance (Information Gathering)==
 
==Reconnaissance (Information Gathering)==
Line 32: Line 32:
 
* [[Hands-on: Pengumpulan Informasi Target secara Pasif]]
 
* [[Hands-on: Pengumpulan Informasi Target secara Pasif]]
  
* [[Teknik Open Source Intelligence (OSINT) {en}]]
 
* [[Passive dan Active Reconnaissance {en}]]
 
* [[Tools: WHOIS, dig, Maltego, Google Dorking {en}]]
 
* [[Hands-on: Pengumpulan Informasi Target secara Pasif {en}]]
 
  
 +
* [[Open Source Intelligence (OSINT) Techniques (en)]]
 +
* [[Passive and Active Reconnaissance (en)]]
 +
* [[Tools: WHOIS, dig, Maltego, Google Dorking (en)]]
 +
* [[Hands-on: Passive Target Information Gathering (en)]]
  
 
==Scanning dan Enumeration==
 
==Scanning dan Enumeration==
Line 44: Line 44:
 
* [[Hands-on: Identifikasi Port, Services, dan Vulnerability Target]]
 
* [[Hands-on: Identifikasi Port, Services, dan Vulnerability Target]]
  
* [[Network Scanning: Nmap, Netcat {en}]]
 
* [[Vulnerability Scanning: OpenVAS, Nessus {en}]]
 
* [[Enumeration Services: SMB, SNMP, FTP, HTTP {en}]]
 
* [[Hands-on: Identifikasi Port, Services, dan Vulnerability Target {en}]]
 
  
 +
* [[Network Scanning: Nmap, Netcat (en)]]
 +
* [[Vulnerability Scanning: OpenVAS, Nessus (en)]]
 +
* [[Enumeration Services: SMB, SNMP, FTP, HTTP (en)]]
 +
* [[Hands-on: Target Port, Services, and Vulnerability Identification (en)]]
  
 
==Exploitation Basics==
 
==Exploitation Basics==
Line 58: Line 58:
 
* [[Hands-on: Menggunakan Metasploit untuk Eksploitasi]]
 
* [[Hands-on: Menggunakan Metasploit untuk Eksploitasi]]
  
* [[Pengertian Eksploitasi {en}]]
+
 
* [[Memahami Common Vulnerabilities (CVE) {en}]]
+
* [[Pengertian Eksploitasi (en)]]
* [[Membuat Exploit sederhana berdasarkan CVE {en}]]
+
* [[Memahami Common Vulnerabilities (CVE) (en)]]
* [[Memilih dan Memodifikasi Exploit {en}]]
+
* [[Membuat Exploit sederhana berdasarkan CVE (en)]]
* [[Tools: Metasploit Framework {en}]]
+
* [[Memilih dan Memodifikasi Exploit (en)]]
* [[Hands-on: Menggunakan Metasploit untuk Eksploitasi {en}]]
+
* [[Tools: Metasploit Framework (en)]]
 +
* [[Hands-on: Menggunakan Metasploit untuk Eksploitasi (en)]]
  
 
==Web Application Hacking - Bagian 1==
 
==Web Application Hacking - Bagian 1==
Line 71: Line 72:
 
* [[Hands-on: Eksploitasi SQL Injection pada Aplikasi Web]]
 
* [[Hands-on: Eksploitasi SQL Injection pada Aplikasi Web]]
  
* [[Konsep HTTP, Session, dan Cookies {en}]]
+
 
* [[Vulnerabilities umum: SQL Injection, XSS {en}]]
+
* [[Konsep HTTP, Session, dan Cookies (en)]]
* [[Tools: Burp Suite, OWASP ZAP {en}]]
+
* [[Vulnerabilities umum: SQL Injection, XSS (en)]]
* [[Hands-on: Eksploitasi SQL Injection pada Aplikasi Web {en}]]
+
* [[Tools: Burp Suite, OWASP ZAP (en)]]
 +
* [[Hands-on: Eksploitasi SQL Injection pada Aplikasi Web (en)]]
  
 
==Web Application Hacking - Bagian 2==
 
==Web Application Hacking - Bagian 2==
Line 82: Line 84:
 
* [[Hands-on: Menggunakan Burp Suite untuk Menganalisis dan Mengeksploitasi Web App]]
 
* [[Hands-on: Menggunakan Burp Suite untuk Menganalisis dan Mengeksploitasi Web App]]
  
* [[CSRF (Cross-Site Request Forgery) {en}]]
 
* [[RCE (Remote Code Execution) {en}]]
 
* [[Directory Traversal, File Inclusion {en}]]
 
* [[Hands-on: Menggunakan Burp Suite untuk Menganalisis dan Mengeksploitasi Web App {en}]]
 
  
 +
* [[CSRF (Cross-Site Request Forgery) (en)]]
 +
* [[RCE (Remote Code Execution) (en)]]
 +
* [[Directory Traversal, File Inclusion (en)]]
 +
* [[Hands-on: Menggunakan Burp Suite untuk Menganalisis dan Mengeksploitasi Web App (en)]]
  
 
==Password Cracking dan Authentication Bypass==
 
==Password Cracking dan Authentication Bypass==
Line 94: Line 96:
 
* [[Hands-on: Password Cracking dan Authentication Bypass]]
 
* [[Hands-on: Password Cracking dan Authentication Bypass]]
  
* [[Teknik Password Cracking (Brute Force, Dictionary, Rainbow Table) {en}]]
 
* [[Bypass Authentication: Vulnerable Login Forms {en}]]
 
* [[Tools: John the Ripper, Hydra {en}]]
 
* [[Hands-on: Password Cracking dan Authentication Bypass {en}]]
 
  
 +
* [[Teknik Password Cracking (Brute Force, Dictionary, Rainbow Table) (en)]]
 +
* [[Bypass Authentication: Vulnerable Login Forms (en)]]
 +
* [[Tools: John the Ripper, Hydra (en)]]
 +
* [[Hands-on: Password Cracking dan Authentication Bypass (en)]]
  
 
==Wireless Network Hacking==
 
==Wireless Network Hacking==
Line 106: Line 108:
 
* [[Tools: Aircrack-ng, Wireshark]]
 
* [[Tools: Aircrack-ng, Wireshark]]
 
* [[Hands-on: Menyerang Wireless Network dan Memecahkan Password WiFi]]
 
* [[Hands-on: Menyerang Wireless Network dan Memecahkan Password WiFi]]
 
* [[Teknik dan Protokol Wireless (WEP, WPA/WPA2) {en}]]
 
* [[Attacks: Man in The Middle {en}]]
 
* [[Attacks: WEP Cracking, WPA Handshake Capture {en}]]
 
* [[Tools: Aircrack-ng, Wireshark {en}]]
 
* [[Hands-on: Menyerang Wireless Network dan Memecahkan Password WiFi {en}]]
 
  
  
 +
* [[Teknik dan Protokol Wireless (WEP, WPA/WPA2) (en)]]
 +
* [[Attacks: Man in The Middle (en)]]
 +
* [[Attacks: WEP Cracking, WPA Handshake Capture (en)]]
 +
* [[Tools: Aircrack-ng, Wireshark (en)]]
 +
* [[Hands-on: Attack Wireless Network and Cracking WiFi Password (en)]]
  
 
==Social Engineering==
 
==Social Engineering==
Line 121: Line 122:
 
* [[Hands-on: Simulasi Phishing Attack]]
 
* [[Hands-on: Simulasi Phishing Attack]]
  
* [[Teknik Social Engineering: Phishing, Pretexting, Baiting {en}]]
 
* [[Email Spoofing dan Spear Phishing {en}]]
 
* [[Tools: Social Engineering Toolkit (SET) {en}]]
 
* [[Hands-on: Simulasi Phishing Attack {en}]]
 
  
 +
* [[Teknik Social Engineering: Phishing, Pretexting, Baiting (en)]]
 +
* [[Email Spoofing dan Spear Phishing (en)]]
 +
* [[Tools: Social Engineering Toolkit (SET) (en)]]
 +
* [[Hands-on: Simulasi Phishing Attack (en)]]
  
 
==Privilege Escalation==
 
==Privilege Escalation==
Line 133: Line 134:
 
* [[Hands-on: Menaikkan Privilege di Sistem Linux dan Windows]]
 
* [[Hands-on: Menaikkan Privilege di Sistem Linux dan Windows]]
  
* [[Konsep Privilege Escalation {en}]]
 
* [[Local vs Remote Escalation {en}]]
 
* [[Exploiting Misconfigured Services {en}]]
 
* [[Hands-on: Menaikkan Privilege di Sistem Linux dan Windows {en}]]
 
  
 +
* [[Privilege Escalation Concept (en)]]
 +
* [[Local vs Remote Escalation (en)]]
 +
* [[Exploiting Misconfigured Services (en)]]
 +
* [[Hands-on: Gaining Root and Administrator Access in Linux and Windows (en)]]
  
 
==Post-Exploitation dan Maintaining Access==
 
==Post-Exploitation dan Maintaining Access==
Line 144: Line 145:
 
* [[Cleaning Tracks: Log Deletion, Anti-Forensics]]
 
* [[Cleaning Tracks: Log Deletion, Anti-Forensics]]
 
* [[Hands-on: Menginstal Backdoor dan Teknik Persistensi di Sistem Target]]
 
* [[Hands-on: Menginstal Backdoor dan Teknik Persistensi di Sistem Target]]
 
* [[Backdoors dan Persistence {en}]]
 
* [[Data Exfiltration {en}]]
 
* [[Cleaning Tracks: Log Deletion, Anti-Forensics {en}]]
 
* [[Hands-on: Menginstal Backdoor dan Teknik Persistensi di Sistem Target {en}]]
 
 
  
  
 +
* [[Backdoors and Persistence (en)]]
 +
* [[Data Exfiltration (en)]]
 +
* [[Cleaning Tracks: Log Deletion, Anti-Forensics (en)]]
 +
* [[Hands-on: Installing a Backdoor and Persistence Techniques on a Target System (en)]]
  
 
==Mobile Hacking==
 
==Mobile Hacking==
Line 158: Line 157:
 
* [[Tools: Drozer, APKTool]]
 
* [[Tools: Drozer, APKTool]]
 
* [[Hands-on: Analisis dan Eksploitasi APK Android]]
 
* [[Hands-on: Analisis dan Eksploitasi APK Android]]
 +
 +
 +
* [[Arsitektur and Security Model Android & iOS (en)]]
 +
* [[Vulnerabilities in Mobile Applications (en)]]
 +
* [[Tools: Drozer, APKTool (en)]]
 +
* [[Hands-on: Android APK Analysis and Exploitation (en)]]
  
 
==Capture The Flag (CTF) Challenge dan Review==
 
==Capture The Flag (CTF) Challenge dan Review==
Line 164: Line 169:
 
* [[Simulasi Penetration Testing Lengkap]]
 
* [[Simulasi Penetration Testing Lengkap]]
 
* [[Hands-on: CTF Challenge (Individu/Kelompok)]]
 
* [[Hands-on: CTF Challenge (Individu/Kelompok)]]
 +
 +
 +
* [[CTF Challenge Solutions for Review (en)]]
 +
* [[Skills and Knowledge Acquired (en)]]
 +
* [[Comprehensive Penetration Testing Simulation (en)]]
 +
* [[Hands-on: CTF Challenge (Individual/Group) (en)]]
  
 
==Report Penetration Test==
 
==Report Penetration Test==
Line 176: Line 187:
 
* [[Report Penetration Test: Contoh Rekomendasi Mitigasi]]
 
* [[Report Penetration Test: Contoh Rekomendasi Mitigasi]]
 
* [[Report Penetration Test: Contoh Rekomendasi Pencegahan]]
 
* [[Report Penetration Test: Contoh Rekomendasi Pencegahan]]
 +
 +
 +
* [[Report Penetration Test: Outline (en)]]
 +
* [[Report Penetration Test: Example of Vulnerability Findings (en)]]
 +
* [[Report Penetration Test: Examples of Exploitation Findings (en)]]
 +
* [[Report Penetration Test: Examples of Impact Findings (en)]]
 +
* [[Report Penetration Test: Example of Risk Analysis (en)]]
 +
* [[Report Penetration Test: Example of Prioritizing (en)]]
 +
* [[Report Penetration Test: Example of Improvement Recommendations (en)]]
 +
* [[Report Penetration Test: Example of Mitigation Recommendations (en)]]
 +
* [[Report Penetration Test: Example of Prevention Recommendations (en)]]

Latest revision as of 07:24, 29 October 2024

Outline kuliah Ethical Hacking untuk 15 modul dengan fokus pada pengetahuan praktis dan skill hacking. Tiap pertemuan menggabungkan teori dan hands-on lab untuk mengembangkan keterampilan secara bertahap:

Pengantar Ethical Hacking


Metodologi Penetration Testing


Reconnaissance (Information Gathering)


Scanning dan Enumeration


Exploitation Basics


Web Application Hacking - Bagian 1


Web Application Hacking - Bagian 2


Password Cracking dan Authentication Bypass


Wireless Network Hacking


Social Engineering


Privilege Escalation


Post-Exploitation dan Maintaining Access


Mobile Hacking


Capture The Flag (CTF) Challenge dan Review


Report Penetration Test