Difference between revisions of "Ethical Hacking"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
Line 10: | Line 10: | ||
− | * [[Definisi Ethical Hacking {en}]] | + | * [[Definisi Ethical Hacking {en} ]] |
− | * [[Peran dan Tanggung Jawab Ethical Hacker {en}]] | + | * [[Peran dan Tanggung Jawab Ethical Hacker {en} ]] |
− | * [[Legalitas, Etika, dan Hukum terkait Hacking {en}]] | + | * [[Legalitas, Etika, dan Hukum terkait Hacking {en} ]] |
− | * [[Perangkat Tool dan Lingkungan Kerja (VM, Kali Linux) {en}]] | + | * [[Perangkat Tool dan Lingkungan Kerja (VM, Kali Linux) {en} ]] |
− | * [[Hands-on: Setup Lab dan Lingkungan Testing Aman {en}]] | + | * [[Hands-on: Setup Lab dan Lingkungan Testing Aman {en} ]] |
− | |||
==Metodologi Penetration Testing== | ==Metodologi Penetration Testing== |
Revision as of 07:54, 19 October 2024
Outline kuliah Ethical Hacking untuk 15 modul dengan fokus pada pengetahuan praktis dan skill hacking. Tiap pertemuan menggabungkan teori dan hands-on lab untuk mengembangkan keterampilan secara bertahap:
Pengantar Ethical Hacking
- Definisi Ethical Hacking
- Peran dan Tanggung Jawab Ethical Hacker
- Legalitas, Etika, dan Hukum terkait Hacking
- Perangkat Tool dan Lingkungan Kerja (VM, Kali Linux)
- Hands-on: Setup Lab dan Lingkungan Testing Aman
- [[Definisi Ethical Hacking {en} ]]
- [[Peran dan Tanggung Jawab Ethical Hacker {en} ]]
- [[Legalitas, Etika, dan Hukum terkait Hacking {en} ]]
- [[Perangkat Tool dan Lingkungan Kerja (VM, Kali Linux) {en} ]]
- [[Hands-on: Setup Lab dan Lingkungan Testing Aman {en} ]]
Metodologi Penetration Testing
- Fase Penetration Testing (Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks)
- Standar Penetration Testing (OWASP, NIST)
- Hands-on: Membuat Rencana Penetration Testing
- [[Fase Penetration Testing (Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks) {en}]]
- [[Standar Penetration Testing (OWASP, NIST) {en}]]
- [[Hands-on: Membuat Rencana Penetration Testing {en}]]
Reconnaissance (Information Gathering)
- Teknik Open Source Intelligence (OSINT)
- Passive dan Active Reconnaissance
- Tools: WHOIS, dig, Maltego, Google Dorking
- Hands-on: Pengumpulan Informasi Target secara Pasif
- [[Teknik Open Source Intelligence (OSINT) {en}]]
- [[Passive dan Active Reconnaissance {en}]]
- [[Tools: WHOIS, dig, Maltego, Google Dorking {en}]]
- [[Hands-on: Pengumpulan Informasi Target secara Pasif {en}]]
Scanning dan Enumeration
- Network Scanning: Nmap, Netcat
- Vulnerability Scanning: OpenVAS, Nessus
- Enumeration Services: SMB, SNMP, FTP, HTTP
- Hands-on: Identifikasi Port, Services, dan Vulnerability Target
- [[Network Scanning: Nmap, Netcat {en}]]
- [[Vulnerability Scanning: OpenVAS, Nessus {en}]]
- [[Enumeration Services: SMB, SNMP, FTP, HTTP {en}]]
- [[Hands-on: Identifikasi Port, Services, dan Vulnerability Target {en}]]
Exploitation Basics
- Pengertian Eksploitasi
- Memahami Common Vulnerabilities (CVE)
- Membuat Exploit sederhana berdasarkan CVE
- Memilih dan Memodifikasi Exploit
- Tools: Metasploit Framework
- Hands-on: Menggunakan Metasploit untuk Eksploitasi
- [[Pengertian Eksploitasi {en}]]
- [[Memahami Common Vulnerabilities (CVE) {en}]]
- [[Membuat Exploit sederhana berdasarkan CVE {en}]]
- [[Memilih dan Memodifikasi Exploit {en}]]
- [[Tools: Metasploit Framework {en}]]
- [[Hands-on: Menggunakan Metasploit untuk Eksploitasi {en}]]
Web Application Hacking - Bagian 1
- Konsep HTTP, Session, dan Cookies
- Vulnerabilities umum: SQL Injection, XSS
- Tools: Burp Suite, OWASP ZAP
- Hands-on: Eksploitasi SQL Injection pada Aplikasi Web
- [[Konsep HTTP, Session, dan Cookies {en}]]
- [[Vulnerabilities umum: SQL Injection, XSS {en}]]
- [[Tools: Burp Suite, OWASP ZAP {en}]]
- [[Hands-on: Eksploitasi SQL Injection pada Aplikasi Web {en}]]
Web Application Hacking - Bagian 2
- CSRF (Cross-Site Request Forgery)
- RCE (Remote Code Execution)
- Directory Traversal, File Inclusion
- Hands-on: Menggunakan Burp Suite untuk Menganalisis dan Mengeksploitasi Web App
- [[CSRF (Cross-Site Request Forgery) {en}]]
- [[RCE (Remote Code Execution) {en}]]
- [[Directory Traversal, File Inclusion {en}]]
- [[Hands-on: Menggunakan Burp Suite untuk Menganalisis dan Mengeksploitasi Web App {en}]]
Password Cracking dan Authentication Bypass
- Teknik Password Cracking (Brute Force, Dictionary, Rainbow Table)
- Bypass Authentication: Vulnerable Login Forms
- Tools: John the Ripper, Hydra
- Hands-on: Password Cracking dan Authentication Bypass
- [[Teknik Password Cracking (Brute Force, Dictionary, Rainbow Table) {en}]]
- [[Bypass Authentication: Vulnerable Login Forms {en}]]
- [[Tools: John the Ripper, Hydra {en}]]
- [[Hands-on: Password Cracking dan Authentication Bypass {en}]]
Wireless Network Hacking
- Teknik dan Protokol Wireless (WEP, WPA/WPA2)
- Attacks: Man in The Middle
- Attacks: WEP Cracking, WPA Handshake Capture
- Tools: Aircrack-ng, Wireshark
- Hands-on: Menyerang Wireless Network dan Memecahkan Password WiFi
- [[Teknik dan Protokol Wireless (WEP, WPA/WPA2) {en}]]
- [[Attacks: Man in The Middle {en}]]
- [[Attacks: WEP Cracking, WPA Handshake Capture {en}]]
- [[Tools: Aircrack-ng, Wireshark {en}]]
- [[Hands-on: Menyerang Wireless Network dan Memecahkan Password WiFi {en}]]
Social Engineering
- Teknik Social Engineering: Phishing, Pretexting, Baiting
- Email Spoofing dan Spear Phishing
- Tools: Social Engineering Toolkit (SET)
- Hands-on: Simulasi Phishing Attack
- [[Teknik Social Engineering: Phishing, Pretexting, Baiting {en}]]
- [[Email Spoofing dan Spear Phishing {en}]]
- [[Tools: Social Engineering Toolkit (SET) {en}]]
- [[Hands-on: Simulasi Phishing Attack {en}]]
Privilege Escalation
- Konsep Privilege Escalation
- Local vs Remote Escalation
- Exploiting Misconfigured Services
- Hands-on: Menaikkan Privilege di Sistem Linux dan Windows
- [[Konsep Privilege Escalation {en}]]
- [[Local vs Remote Escalation {en}]]
- [[Exploiting Misconfigured Services {en}]]
- [[Hands-on: Menaikkan Privilege di Sistem Linux dan Windows {en}]]
Post-Exploitation dan Maintaining Access
- Backdoors dan Persistence
- Data Exfiltration
- Cleaning Tracks: Log Deletion, Anti-Forensics
- Hands-on: Menginstal Backdoor dan Teknik Persistensi di Sistem Target
- [[Backdoors dan Persistence {en}]]
- [[Data Exfiltration {en}]]
- [[Cleaning Tracks: Log Deletion, Anti-Forensics {en}]]
- [[Hands-on: Menginstal Backdoor dan Teknik Persistensi di Sistem Target {en}]]
Mobile Hacking
- Arsitektur dan Security Model Android & iOS
- Vulnerabilities di Aplikasi Mobile
- Tools: Drozer, APKTool
- Hands-on: Analisis dan Eksploitasi APK Android
Capture The Flag (CTF) Challenge dan Review
- Penyelesaian Soal-soal CTF untuk Review
- Rekapitulasi Skill dan Pengetahuan
- Simulasi Penetration Testing Lengkap
- Hands-on: CTF Challenge (Individu/Kelompok)
Report Penetration Test
- Report Penetration Test: Outline
- Report Penetration Test: Contoh Temuan Kerentanan
- Report Penetration Test: Contoh Temuan Eksploitasi
- Report Penetration Test: Contoh Temuan Dampak
- Report Penetration Test: Contoh Analisa Resiko
- Report Penetration Test: Contoh Penentuan Prioritas
- Report Penetration Test: Contoh Rekomendasi Perbaikan
- Report Penetration Test: Contoh Rekomendasi Mitigasi
- Report Penetration Test: Contoh Rekomendasi Pencegahan