Difference between revisions of "Ethical Hacking"

Outline kuliah Ethical Hacking untuk 15 modul dengan fokus pada pengetahuan praktis dan skill hacking. Tiap pertemuan menggabungkan teori dan hands-on lab untuk mengembangkan keterampilan secara bertahap:

Pengantar Ethical Hacking

• Definisi Ethical Hacking
• Peran dan Tanggung Jawab Ethical Hacker
• Legalitas, Etika, dan Hukum terkait Hacking
• Perangkat Tool dan Lingkungan Kerja (VM, Kali Linux)
• Hands-on: Setup Lab dan Lingkungan Testing Aman

• Definition of Ethical Hacking (en)
• Roles and Responsibilities of an Ethical Hacker (en)
• Legality, Ethics, and Law Related to Hacking. (en)
• Tools and Work Environment (VM, Kali Linux) (en)
• Hands-on: Setting Up a Secure Lab and Testing Environment (en)

Metodologi Penetration Testing

• Fase Penetration Testing (Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks)
• Standar Penetration Testing (OWASP, NIST)
• Hands-on: Membuat Rencana Penetration Testing

• Penetration Testing Phases (Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks) (en)
• Penetration Testing Standards (OWASP, NIST) (en)
• Hands-on: Hands-on: Creating a Penetration Testing Plan (en)

Reconnaissance (Information Gathering)

• Teknik Open Source Intelligence (OSINT)
• Passive dan Active Reconnaissance
• Tools: WHOIS, dig, Maltego, Google Dorking
• Hands-on: Pengumpulan Informasi Target secara Pasif

• Open Source Intelligence (OSINT) Techniques (en)
• Passive and Active Reconnaissance (en)
• Tools: WHOIS, dig, Maltego, Google Dorking (en)
• Hands-on: Passive Target Information Gathering (en)

Scanning dan Enumeration

• Network Scanning: Nmap, Netcat
• Vulnerability Scanning: OpenVAS, Nessus
• Enumeration Services: SMB, SNMP, FTP, HTTP
• Hands-on: Identifikasi Port, Services, dan Vulnerability Target

• Network Scanning: Nmap, Netcat (en)
• Vulnerability Scanning: OpenVAS, Nessus (en)
• Enumeration Services: SMB, SNMP, FTP, HTTP (en)
• Hands-on: Target Port, Services, and Vulnerability Identification (en)

Exploitation Basics

• Pengertian Eksploitasi
• Memahami Common Vulnerabilities (CVE)
• Membuat Exploit sederhana berdasarkan CVE
• Memilih dan Memodifikasi Exploit
• Tools: Metasploit Framework
• Hands-on: Menggunakan Metasploit untuk Eksploitasi

• Pengertian Eksploitasi (en)
• Memahami Common Vulnerabilities (CVE) (en)
• Membuat Exploit sederhana berdasarkan CVE (en)
• Memilih dan Memodifikasi Exploit (en)
• Tools: Metasploit Framework (en)
• Hands-on: Menggunakan Metasploit untuk Eksploitasi (en)

Web Application Hacking - Bagian 1

• Konsep HTTP, Session, dan Cookies
• Vulnerabilities umum: SQL Injection, XSS
• Tools: Burp Suite, OWASP ZAP
• Hands-on: Eksploitasi SQL Injection pada Aplikasi Web

• Konsep HTTP, Session, dan Cookies (en)
• Vulnerabilities umum: SQL Injection, XSS (en)
• Tools: Burp Suite, OWASP ZAP (en)
• Hands-on: Eksploitasi SQL Injection pada Aplikasi Web (en)

Web Application Hacking - Bagian 2

• CSRF (Cross-Site Request Forgery)
• RCE (Remote Code Execution)
• Directory Traversal, File Inclusion
• Hands-on: Menggunakan Burp Suite untuk Menganalisis dan Mengeksploitasi Web App

• CSRF (Cross-Site Request Forgery) (en)
• RCE (Remote Code Execution) (en)
• Directory Traversal, File Inclusion (en)
• Hands-on: Menggunakan Burp Suite untuk Menganalisis dan Mengeksploitasi Web App (en)

Password Cracking dan Authentication Bypass

• Teknik Password Cracking (Brute Force, Dictionary, Rainbow Table)
• Bypass Authentication: Vulnerable Login Forms
• Tools: John the Ripper, Hydra
• Hands-on: Password Cracking dan Authentication Bypass

• Teknik Password Cracking (Brute Force, Dictionary, Rainbow Table) (en)
• Bypass Authentication: Vulnerable Login Forms (en)
• Tools: John the Ripper, Hydra (en)
• Hands-on: Password Cracking dan Authentication Bypass (en)

Wireless Network Hacking

• Teknik dan Protokol Wireless (WEP, WPA/WPA2)
• Attacks: Man in The Middle
• Attacks: WEP Cracking, WPA Handshake Capture
• Tools: Aircrack-ng, Wireshark
• Hands-on: Menyerang Wireless Network dan Memecahkan Password WiFi

• Teknik dan Protokol Wireless (WEP, WPA/WPA2) (en)
• Attacks: Man in The Middle (en)
• Attacks: WEP Cracking, WPA Handshake Capture (en)
• Tools: Aircrack-ng, Wireshark (en)
• Hands-on: Attack Wireless Network and Cracking WiFi Password (en)

Social Engineering

• Teknik Social Engineering: Phishing, Pretexting, Baiting
• Email Spoofing dan Spear Phishing
• Tools: Social Engineering Toolkit (SET)
• Hands-on: Simulasi Phishing Attack

• Teknik Social Engineering: Phishing, Pretexting, Baiting (en)
• Email Spoofing dan Spear Phishing (en)
• Tools: Social Engineering Toolkit (SET) (en)
• Hands-on: Simulasi Phishing Attack (en)

Privilege Escalation

• Konsep Privilege Escalation
• Local vs Remote Escalation
• Exploiting Misconfigured Services
• Hands-on: Menaikkan Privilege di Sistem Linux dan Windows

• Privilege Escalation Concept (en)
• Local vs Remote Escalation (en)
• Exploiting Misconfigured Services (en)
• Hands-on: Gaining Root and Administrator Access in Linux and Windows (en)

Post-Exploitation dan Maintaining Access

• Backdoors dan Persistence
• Data Exfiltration
• Cleaning Tracks: Log Deletion, Anti-Forensics
• Hands-on: Menginstal Backdoor dan Teknik Persistensi di Sistem Target

• Backdoors and Persistence (en)
• Data Exfiltration (en)
• Cleaning Tracks: Log Deletion, Anti-Forensics (en)
• Hands-on: Installing a Backdoor and Persistence Techniques on a Target System (en)

Mobile Hacking

• Arsitektur dan Security Model Android & iOS
• Vulnerabilities di Aplikasi Mobile
• Tools: Drozer, APKTool
• Hands-on: Analisis dan Eksploitasi APK Android

• Arsitektur and Security Model Android & iOS (en)
• Vulnerabilities in Mobile Applications (en)
• Tools: Drozer, APKTool (en)
• Hands-on: Android APK Analysis and Exploitation (en)

Capture The Flag (CTF) Challenge dan Review

• Penyelesaian Soal-soal CTF untuk Review
• Rekapitulasi Skill dan Pengetahuan
• Simulasi Penetration Testing Lengkap
• Hands-on: CTF Challenge (Individu/Kelompok)

• CTF Challenge Solutions for Review (en)
• Skills and Knowledge Acquired (en)
• Comprehensive Penetration Testing Simulation (en)
• Hands-on: CTF Challenge (Individual/Group) (en)

Report Penetration Test

• Report Penetration Test: Outline
• Report Penetration Test: Contoh Temuan Kerentanan
• Report Penetration Test: Contoh Temuan Eksploitasi
• Report Penetration Test: Contoh Temuan Dampak
• Report Penetration Test: Contoh Analisa Resiko
• Report Penetration Test: Contoh Penentuan Prioritas
• Report Penetration Test: Contoh Rekomendasi Perbaikan
• Report Penetration Test: Contoh Rekomendasi Mitigasi
• Report Penetration Test: Contoh Rekomendasi Pencegahan

• Report Penetration Test: Outline (en)
• Report Penetration Test: Example of Vulnerability Findings (en)
• Report Penetration Test: Examples of Exploitation Findings (en)
• Report Penetration Test: Examples of Impact Findings (en)
• Report Penetration Test: Example of Risk Analysis (en)
• Report Penetration Test: Example of Prioritizing (en)
• Report Penetration Test: Example of Improvement Recommendations (en)
• Report Penetration Test: Example of Mitigation Recommendations (en)
• Report Penetration Test: Example of Prevention Recommendations (en)