Difference between revisions of "Ethical Hacking"

From OnnoWiki
Jump to navigation Jump to search
Line 8: Line 8:
 
* [[Perangkat Tool dan Lingkungan Kerja (VM, Kali Linux)]]
 
* [[Perangkat Tool dan Lingkungan Kerja (VM, Kali Linux)]]
 
* [[Hands-on: Setup Lab dan Lingkungan Testing Aman]]
 
* [[Hands-on: Setup Lab dan Lingkungan Testing Aman]]
 +
 +
 +
* [[Definisi Ethical Hacking {en}]]
 +
* [[Peran dan Tanggung Jawab Ethical Hacker {en}]]
 +
* [[Legalitas, Etika, dan Hukum terkait Hacking {en}]]
 +
* [[Perangkat Tool dan Lingkungan Kerja (VM, Kali Linux) {en}]]
 +
* [[Hands-on: Setup Lab dan Lingkungan Testing Aman {en}]]
 +
  
 
==Metodologi Penetration Testing==
 
==Metodologi Penetration Testing==
Line 13: Line 21:
 
* [[Standar Penetration Testing (OWASP, NIST)]]
 
* [[Standar Penetration Testing (OWASP, NIST)]]
 
* [[Hands-on: Membuat Rencana Penetration Testing]]
 
* [[Hands-on: Membuat Rencana Penetration Testing]]
 +
 +
* [[Fase Penetration Testing (Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks) {en}]]
 +
* [[Standar Penetration Testing (OWASP, NIST) {en}]]
 +
* [[Hands-on: Membuat Rencana Penetration Testing {en}]]
  
 
==Reconnaissance (Information Gathering)==
 
==Reconnaissance (Information Gathering)==
Line 19: Line 31:
 
* [[Tools: WHOIS, dig, Maltego, Google Dorking]]
 
* [[Tools: WHOIS, dig, Maltego, Google Dorking]]
 
* [[Hands-on: Pengumpulan Informasi Target secara Pasif]]
 
* [[Hands-on: Pengumpulan Informasi Target secara Pasif]]
 +
 +
* [[Teknik Open Source Intelligence (OSINT) {en}]]
 +
* [[Passive dan Active Reconnaissance {en}]]
 +
* [[Tools: WHOIS, dig, Maltego, Google Dorking {en}]]
 +
* [[Hands-on: Pengumpulan Informasi Target secara Pasif {en}]]
 +
  
 
==Scanning dan Enumeration==
 
==Scanning dan Enumeration==
Line 25: Line 43:
 
* [[Enumeration Services: SMB, SNMP, FTP, HTTP]]
 
* [[Enumeration Services: SMB, SNMP, FTP, HTTP]]
 
* [[Hands-on: Identifikasi Port, Services, dan Vulnerability Target]]
 
* [[Hands-on: Identifikasi Port, Services, dan Vulnerability Target]]
 +
 +
* [[Network Scanning: Nmap, Netcat {en}]]
 +
* [[Vulnerability Scanning: OpenVAS, Nessus {en}]]
 +
* [[Enumeration Services: SMB, SNMP, FTP, HTTP {en}]]
 +
* [[Hands-on: Identifikasi Port, Services, dan Vulnerability Target {en}]]
 +
  
 
==Exploitation Basics==
 
==Exploitation Basics==
Line 33: Line 57:
 
* [[Tools: Metasploit Framework]]
 
* [[Tools: Metasploit Framework]]
 
* [[Hands-on: Menggunakan Metasploit untuk Eksploitasi]]
 
* [[Hands-on: Menggunakan Metasploit untuk Eksploitasi]]
 +
 +
* [[Pengertian Eksploitasi {en}]]
 +
* [[Memahami Common Vulnerabilities (CVE) {en}]]
 +
* [[Membuat Exploit sederhana berdasarkan CVE {en}]]
 +
* [[Memilih dan Memodifikasi Exploit {en}]]
 +
* [[Tools: Metasploit Framework {en}]]
 +
* [[Hands-on: Menggunakan Metasploit untuk Eksploitasi {en}]]
  
 
==Web Application Hacking - Bagian 1==
 
==Web Application Hacking - Bagian 1==
Line 39: Line 70:
 
* [[Tools: Burp Suite, OWASP ZAP]]
 
* [[Tools: Burp Suite, OWASP ZAP]]
 
* [[Hands-on: Eksploitasi SQL Injection pada Aplikasi Web]]
 
* [[Hands-on: Eksploitasi SQL Injection pada Aplikasi Web]]
 +
 +
* [[Konsep HTTP, Session, dan Cookies {en}]]
 +
* [[Vulnerabilities umum: SQL Injection, XSS {en}]]
 +
* [[Tools: Burp Suite, OWASP ZAP {en}]]
 +
* [[Hands-on: Eksploitasi SQL Injection pada Aplikasi Web {en}]]
  
 
==Web Application Hacking - Bagian 2==
 
==Web Application Hacking - Bagian 2==
Line 45: Line 81:
 
* [[Directory Traversal, File Inclusion]]
 
* [[Directory Traversal, File Inclusion]]
 
* [[Hands-on: Menggunakan Burp Suite untuk Menganalisis dan Mengeksploitasi Web App]]
 
* [[Hands-on: Menggunakan Burp Suite untuk Menganalisis dan Mengeksploitasi Web App]]
 +
 +
* [[CSRF (Cross-Site Request Forgery) {en}]]
 +
* [[RCE (Remote Code Execution) {en}]]
 +
* [[Directory Traversal, File Inclusion {en}]]
 +
* [[Hands-on: Menggunakan Burp Suite untuk Menganalisis dan Mengeksploitasi Web App {en}]]
 +
  
 
==Password Cracking dan Authentication Bypass==
 
==Password Cracking dan Authentication Bypass==
Line 51: Line 93:
 
* [[Tools: John the Ripper, Hydra]]
 
* [[Tools: John the Ripper, Hydra]]
 
* [[Hands-on: Password Cracking dan Authentication Bypass]]
 
* [[Hands-on: Password Cracking dan Authentication Bypass]]
 +
 +
* [[Teknik Password Cracking (Brute Force, Dictionary, Rainbow Table) {en}]]
 +
* [[Bypass Authentication: Vulnerable Login Forms {en}]]
 +
* [[Tools: John the Ripper, Hydra {en}]]
 +
* [[Hands-on: Password Cracking dan Authentication Bypass {en}]]
 +
  
 
==Wireless Network Hacking==
 
==Wireless Network Hacking==
Line 58: Line 106:
 
* [[Tools: Aircrack-ng, Wireshark]]
 
* [[Tools: Aircrack-ng, Wireshark]]
 
* [[Hands-on: Menyerang Wireless Network dan Memecahkan Password WiFi]]
 
* [[Hands-on: Menyerang Wireless Network dan Memecahkan Password WiFi]]
 +
 +
* [[Teknik dan Protokol Wireless (WEP, WPA/WPA2) {en}]]
 +
* [[Attacks: Man in The Middle {en}]]
 +
* [[Attacks: WEP Cracking, WPA Handshake Capture {en}]]
 +
* [[Tools: Aircrack-ng, Wireshark {en}]]
 +
* [[Hands-on: Menyerang Wireless Network dan Memecahkan Password WiFi {en}]]
 +
 +
  
 
==Social Engineering==
 
==Social Engineering==
Line 64: Line 120:
 
* [[Tools: Social Engineering Toolkit (SET)]]
 
* [[Tools: Social Engineering Toolkit (SET)]]
 
* [[Hands-on: Simulasi Phishing Attack]]
 
* [[Hands-on: Simulasi Phishing Attack]]
 +
 +
* [[Teknik Social Engineering: Phishing, Pretexting, Baiting {en}]]
 +
* [[Email Spoofing dan Spear Phishing {en}]]
 +
* [[Tools: Social Engineering Toolkit (SET) {en}]]
 +
* [[Hands-on: Simulasi Phishing Attack {en}]]
 +
  
 
==Privilege Escalation==
 
==Privilege Escalation==
Line 70: Line 132:
 
* [[Exploiting Misconfigured Services]]
 
* [[Exploiting Misconfigured Services]]
 
* [[Hands-on: Menaikkan Privilege di Sistem Linux dan Windows]]
 
* [[Hands-on: Menaikkan Privilege di Sistem Linux dan Windows]]
 +
 +
* [[Konsep Privilege Escalation {en}]]
 +
* [[Local vs Remote Escalation {en}]]
 +
* [[Exploiting Misconfigured Services {en}]]
 +
* [[Hands-on: Menaikkan Privilege di Sistem Linux dan Windows {en}]]
 +
  
 
==Post-Exploitation dan Maintaining Access==
 
==Post-Exploitation dan Maintaining Access==
Line 76: Line 144:
 
* [[Cleaning Tracks: Log Deletion, Anti-Forensics]]
 
* [[Cleaning Tracks: Log Deletion, Anti-Forensics]]
 
* [[Hands-on: Menginstal Backdoor dan Teknik Persistensi di Sistem Target]]
 
* [[Hands-on: Menginstal Backdoor dan Teknik Persistensi di Sistem Target]]
 +
 +
* [[Backdoors dan Persistence {en}]]
 +
* [[Data Exfiltration {en}]]
 +
* [[Cleaning Tracks: Log Deletion, Anti-Forensics {en}]]
 +
* [[Hands-on: Menginstal Backdoor dan Teknik Persistensi di Sistem Target {en}]]
 +
 +
 +
  
 
==Mobile Hacking==
 
==Mobile Hacking==

Revision as of 07:54, 19 October 2024

Outline kuliah Ethical Hacking untuk 15 modul dengan fokus pada pengetahuan praktis dan skill hacking. Tiap pertemuan menggabungkan teori dan hands-on lab untuk mengembangkan keterampilan secara bertahap:

Pengantar Ethical Hacking


  • [[Definisi Ethical Hacking {en}]]
  • [[Peran dan Tanggung Jawab Ethical Hacker {en}]]
  • [[Legalitas, Etika, dan Hukum terkait Hacking {en}]]
  • [[Perangkat Tool dan Lingkungan Kerja (VM, Kali Linux) {en}]]
  • [[Hands-on: Setup Lab dan Lingkungan Testing Aman {en}]]


Metodologi Penetration Testing

  • [[Fase Penetration Testing (Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks) {en}]]
  • [[Standar Penetration Testing (OWASP, NIST) {en}]]
  • [[Hands-on: Membuat Rencana Penetration Testing {en}]]

Reconnaissance (Information Gathering)

  • [[Teknik Open Source Intelligence (OSINT) {en}]]
  • [[Passive dan Active Reconnaissance {en}]]
  • [[Tools: WHOIS, dig, Maltego, Google Dorking {en}]]
  • [[Hands-on: Pengumpulan Informasi Target secara Pasif {en}]]


Scanning dan Enumeration

  • [[Network Scanning: Nmap, Netcat {en}]]
  • [[Vulnerability Scanning: OpenVAS, Nessus {en}]]
  • [[Enumeration Services: SMB, SNMP, FTP, HTTP {en}]]
  • [[Hands-on: Identifikasi Port, Services, dan Vulnerability Target {en}]]


Exploitation Basics

  • [[Pengertian Eksploitasi {en}]]
  • [[Memahami Common Vulnerabilities (CVE) {en}]]
  • [[Membuat Exploit sederhana berdasarkan CVE {en}]]
  • [[Memilih dan Memodifikasi Exploit {en}]]
  • [[Tools: Metasploit Framework {en}]]
  • [[Hands-on: Menggunakan Metasploit untuk Eksploitasi {en}]]

Web Application Hacking - Bagian 1

  • [[Konsep HTTP, Session, dan Cookies {en}]]
  • [[Vulnerabilities umum: SQL Injection, XSS {en}]]
  • [[Tools: Burp Suite, OWASP ZAP {en}]]
  • [[Hands-on: Eksploitasi SQL Injection pada Aplikasi Web {en}]]

Web Application Hacking - Bagian 2

  • [[CSRF (Cross-Site Request Forgery) {en}]]
  • [[RCE (Remote Code Execution) {en}]]
  • [[Directory Traversal, File Inclusion {en}]]
  • [[Hands-on: Menggunakan Burp Suite untuk Menganalisis dan Mengeksploitasi Web App {en}]]


Password Cracking dan Authentication Bypass

  • [[Teknik Password Cracking (Brute Force, Dictionary, Rainbow Table) {en}]]
  • [[Bypass Authentication: Vulnerable Login Forms {en}]]
  • [[Tools: John the Ripper, Hydra {en}]]
  • [[Hands-on: Password Cracking dan Authentication Bypass {en}]]


Wireless Network Hacking

  • [[Teknik dan Protokol Wireless (WEP, WPA/WPA2) {en}]]
  • [[Attacks: Man in The Middle {en}]]
  • [[Attacks: WEP Cracking, WPA Handshake Capture {en}]]
  • [[Tools: Aircrack-ng, Wireshark {en}]]
  • [[Hands-on: Menyerang Wireless Network dan Memecahkan Password WiFi {en}]]


Social Engineering

  • [[Teknik Social Engineering: Phishing, Pretexting, Baiting {en}]]
  • [[Email Spoofing dan Spear Phishing {en}]]
  • [[Tools: Social Engineering Toolkit (SET) {en}]]
  • [[Hands-on: Simulasi Phishing Attack {en}]]


Privilege Escalation

  • [[Konsep Privilege Escalation {en}]]
  • [[Local vs Remote Escalation {en}]]
  • [[Exploiting Misconfigured Services {en}]]
  • [[Hands-on: Menaikkan Privilege di Sistem Linux dan Windows {en}]]


Post-Exploitation dan Maintaining Access

  • [[Backdoors dan Persistence {en}]]
  • [[Data Exfiltration {en}]]
  • [[Cleaning Tracks: Log Deletion, Anti-Forensics {en}]]
  • [[Hands-on: Menginstal Backdoor dan Teknik Persistensi di Sistem Target {en}]]



Mobile Hacking

Capture The Flag (CTF) Challenge dan Review

Report Penetration Test