Difference between revisions of "Ethical Hacking"

Outline kuliah Ethical Hacking untuk 15 modul dengan fokus pada pengetahuan praktis dan skill hacking. Tiap pertemuan menggabungkan teori dan hands-on lab untuk mengembangkan keterampilan secara bertahap:

Pengantar Ethical Hacking

Definisi Ethical Hacking
Peran dan Tanggung Jawab Ethical Hacker
Legalitas, Etika, dan Hukum terkait Hacking
Perangkat Tool dan Lingkungan Kerja (VM, Kali Linux)
Hands-on: Setup Lab dan Lingkungan Testing Aman

Definition of Ethical Hacking (en)
Roles and Responsibilities of an Ethical Hacker (en)
Legality, Ethics, and Law Related to Hacking. (en)
Tools and Work Environment (VM, Kali Linux) (en)
Hands-on: Setting Up a Secure Lab and Testing Environment (en)

Metodologi Penetration Testing

Fase Penetration Testing (Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks)
Standar Penetration Testing (OWASP, NIST)
Hands-on: Membuat Rencana Penetration Testing

Penetration Testing Phases (Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks) (en)
Penetration Testing Standards (OWASP, NIST) (en)
Hands-on: Hands-on: Creating a Penetration Testing Plan (en)

Reconnaissance (Information Gathering)

Teknik Open Source Intelligence (OSINT)
Passive dan Active Reconnaissance
Tools: WHOIS, dig, Maltego, Google Dorking
Hands-on: Pengumpulan Informasi Target secara Pasif

Open Source Intelligence (OSINT) Techniques (en)
Passive and Active Reconnaissance (en)
Tools: WHOIS, dig, Maltego, Google Dorking (en)
Hands-on: Passive Target Information Gathering (en)

Scanning dan Enumeration

Network Scanning: Nmap, Netcat
Vulnerability Scanning: OpenVAS, Nessus
Enumeration Services: SMB, SNMP, FTP, HTTP
Hands-on: Identifikasi Port, Services, dan Vulnerability Target

Network Scanning: Nmap, Netcat (en)
Vulnerability Scanning: OpenVAS, Nessus (en)
Enumeration Services: SMB, SNMP, FTP, HTTP (en)
Hands-on: Target Port, Services, and Vulnerability Identification (en)

Exploitation Basics

Pengertian Eksploitasi
Memahami Common Vulnerabilities (CVE)
Membuat Exploit sederhana berdasarkan CVE
Memilih dan Memodifikasi Exploit
Tools: Metasploit Framework
Hands-on: Menggunakan Metasploit untuk Eksploitasi

Pengertian Eksploitasi (en)
Memahami Common Vulnerabilities (CVE) (en)
Membuat Exploit sederhana berdasarkan CVE (en)
Memilih dan Memodifikasi Exploit (en)
Tools: Metasploit Framework (en)
Hands-on: Menggunakan Metasploit untuk Eksploitasi (en)

Web Application Hacking - Bagian 1

Konsep HTTP, Session, dan Cookies
Vulnerabilities umum: SQL Injection, XSS
Tools: Burp Suite, OWASP ZAP
Hands-on: Eksploitasi SQL Injection pada Aplikasi Web

Konsep HTTP, Session, dan Cookies (en)
Vulnerabilities umum: SQL Injection, XSS (en)
Tools: Burp Suite, OWASP ZAP (en)
Hands-on: Eksploitasi SQL Injection pada Aplikasi Web (en)

Web Application Hacking - Bagian 2

CSRF (Cross-Site Request Forgery)
RCE (Remote Code Execution)
Directory Traversal, File Inclusion
Hands-on: Menggunakan Burp Suite untuk Menganalisis dan Mengeksploitasi Web App

CSRF (Cross-Site Request Forgery) (en)
RCE (Remote Code Execution) (en)
Directory Traversal, File Inclusion (en)
Hands-on: Menggunakan Burp Suite untuk Menganalisis dan Mengeksploitasi Web App (en)

Password Cracking dan Authentication Bypass

Teknik Password Cracking (Brute Force, Dictionary, Rainbow Table)
Bypass Authentication: Vulnerable Login Forms
Tools: John the Ripper, Hydra
Hands-on: Password Cracking dan Authentication Bypass

Teknik Password Cracking (Brute Force, Dictionary, Rainbow Table) (en)
Bypass Authentication: Vulnerable Login Forms (en)
Tools: John the Ripper, Hydra (en)
Hands-on: Password Cracking dan Authentication Bypass (en)

Wireless Network Hacking

Teknik dan Protokol Wireless (WEP, WPA/WPA2)
Attacks: Man in The Middle
Attacks: WEP Cracking, WPA Handshake Capture
Tools: Aircrack-ng, Wireshark
Hands-on: Menyerang Wireless Network dan Memecahkan Password WiFi

Teknik dan Protokol Wireless (WEP, WPA/WPA2) (en)
Attacks: Man in The Middle (en)
Attacks: WEP Cracking, WPA Handshake Capture (en)
Tools: Aircrack-ng, Wireshark (en)
Hands-on: Attack Wireless Network and Cracking WiFi Password (en)

Social Engineering

Teknik Social Engineering: Phishing, Pretexting, Baiting
Email Spoofing dan Spear Phishing
Tools: Social Engineering Toolkit (SET)
Hands-on: Simulasi Phishing Attack

Teknik Social Engineering: Phishing, Pretexting, Baiting (en)
Email Spoofing dan Spear Phishing (en)
Tools: Social Engineering Toolkit (SET) (en)
Hands-on: Simulasi Phishing Attack (en)

Privilege Escalation

Konsep Privilege Escalation
Local vs Remote Escalation
Exploiting Misconfigured Services
Hands-on: Menaikkan Privilege di Sistem Linux dan Windows

Privilege Escalation Concept (en)
Local vs Remote Escalation (en)
Exploiting Misconfigured Services (en)
Hands-on: Gaining Root and Administrator Access in Linux and Windows (en)

Post-Exploitation dan Maintaining Access

Backdoors dan Persistence
Data Exfiltration
Cleaning Tracks: Log Deletion, Anti-Forensics
Hands-on: Menginstal Backdoor dan Teknik Persistensi di Sistem Target

Backdoors and Persistence (en)
Data Exfiltration (en)
Cleaning Tracks: Log Deletion, Anti-Forensics (en)
Hands-on: Installing a Backdoor and Persistence Techniques on a Target System (en)

Mobile Hacking

Arsitektur dan Security Model Android & iOS
Vulnerabilities di Aplikasi Mobile
Tools: Drozer, APKTool
Hands-on: Analisis dan Eksploitasi APK Android

Arsitektur and Security Model Android & iOS (en)
Vulnerabilities in Mobile Applications (en)
Tools: Drozer, APKTool (en)
Hands-on: Android APK Analysis and Exploitation (en)

Capture The Flag (CTF) Challenge dan Review

Penyelesaian Soal-soal CTF untuk Review
Rekapitulasi Skill dan Pengetahuan
Simulasi Penetration Testing Lengkap
Hands-on: CTF Challenge (Individu/Kelompok)

CTF Challenge Solutions for Review (en)
Skills and Knowledge Acquired (en)
Comprehensive Penetration Testing Simulation (en)
Hands-on: CTF Challenge (Individual/Group) (en)

Report Penetration Test

Report Penetration Test: Outline
Report Penetration Test: Contoh Temuan Kerentanan
Report Penetration Test: Contoh Temuan Eksploitasi
Report Penetration Test: Contoh Temuan Dampak
Report Penetration Test: Contoh Analisa Resiko
Report Penetration Test: Contoh Penentuan Prioritas
Report Penetration Test: Contoh Rekomendasi Perbaikan
Report Penetration Test: Contoh Rekomendasi Mitigasi
Report Penetration Test: Contoh Rekomendasi Pencegahan

Report Penetration Test: Outline (en)
Report Penetration Test: Example of Vulnerability Findings (en)
Report Penetration Test: Examples of Exploitation Findings (en)
Report Penetration Test: Examples of Impact Findings (en)
Report Penetration Test: Example of Risk Analysis (en)
Report Penetration Test: Example of Prioritizing (en)
Report Penetration Test: Example of Improvement Recommendations (en)
Report Penetration Test: Example of Mitigation Recommendations (en)
Report Penetration Test: Example of Prevention Recommendations (en)

@@ Line 10: / Line 10: @@
-* [[Definisi Ethical Hacking (en) ]]
+* [[Definition of Ethical Hacking (en) ]]
-* [[Peran dan Tanggung Jawab Ethical Hacker (en) ]]
+* [[Roles and Responsibilities of an Ethical Hacker (en) ]]
-* [[Legalitas, Etika, dan Hukum terkait Hacking (en) ]]
+* [[Legality, Ethics, and Law Related to Hacking. (en) ]]
-* [[Perangkat Tool dan Lingkungan Kerja (VM, Kali Linux) (en) ]]
+* [[Tools and Work Environment (VM, Kali Linux) (en) ]]
-* [[Hands-on: Setup Lab dan Lingkungan Testing Aman (en) ]]
+* [[Hands-on: Setting Up a Secure Lab and Testing Environment (en) ]]
 ==Metodologi Penetration Testing==
@@ Line 22: / Line 22: @@
-* [[Fase Penetration Testing (Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks) (en)]]
+* [[Penetration Testing Phases (Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks) (en)]]
-* [[Standar Penetration Testing (OWASP, NIST) (en)]]
+* [[Penetration Testing Standards (OWASP, NIST) (en)]]
-* [[Hands-on: Membuat Rencana Penetration Testing (en)]]
+* [[Hands-on: Hands-on: Creating a Penetration Testing Plan (en)]]
 ==Reconnaissance (Information Gathering)==
@@ Line 33: / Line 33: @@
-* [[Teknik Open Source Intelligence (OSINT) (en)]]
+* [[Open Source Intelligence (OSINT) Techniques (en)]]
-* [[Passive dan Active Reconnaissance (en)]]
+* [[Passive and Active Reconnaissance (en)]]
 * [[Tools: WHOIS, dig, Maltego, Google Dorking (en)]]
-* [[Hands-on: Pengumpulan Informasi Target secara Pasif (en)]]
+* [[Hands-on: Passive Target Information Gathering (en)]]
 ==Scanning dan Enumeration==
@@ Line 48: / Line 48: @@
 * [[Vulnerability Scanning: OpenVAS, Nessus (en)]]
 * [[Enumeration Services: SMB, SNMP, FTP, HTTP (en)]]
-* [[Hands-on: Identifikasi Port, Services, dan Vulnerability Target (en)]]
+* [[Hands-on: Target Port, Services, and Vulnerability Identification (en)]]
 ==Exploitation Basics==
@@ Line 114: / Line 114: @@
 * [[Attacks: WEP Cracking, WPA Handshake Capture (en)]]
 * [[Tools: Aircrack-ng, Wireshark (en)]]
-* [[Hands-on: Menyerang Wireless Network dan Memecahkan Password WiFi (en)]]
+* [[Hands-on: Attack Wireless Network and Cracking WiFi Password (en)]]
 ==Social Engineering==
@@ Line 134: / Line 134: @@
 * [[Hands-on: Menaikkan Privilege di Sistem Linux dan Windows]]
-* [[Konsep Privilege Escalation (en)]]
+* [[Privilege Escalation Concept (en)]]
 * [[Local vs Remote Escalation (en)]]
 * [[Exploiting Misconfigured Services (en)]]
-* [[Hands-on: Menaikkan Privilege di Sistem Linux dan Windows (en)]]
+* [[Hands-on: Gaining Root and Administrator Access in Linux and Windows (en)]]
 ==Post-Exploitation dan Maintaining Access==
@@ Line 169: / Line 169: @@
 * [[Simulasi Penetration Testing Lengkap]]
 * [[Hands-on: CTF Challenge (Individu/Kelompok)]]
 * [[CTF Challenge Solutions for Review (en)]]