Ethical Hacking: Difference between revisions
From OnnoCenterWiki
Jump to navigationJump to search
No edit summary |
|||
| Line 10: | Line 10: | ||
* [[Definisi Ethical Hacking | * [[Definisi Ethical Hacking <en> ]] | ||
* [[Peran dan Tanggung Jawab Ethical Hacker | * [[Peran dan Tanggung Jawab Ethical Hacker <en> ]] | ||
* [[Legalitas, Etika, dan Hukum terkait Hacking | * [[Legalitas, Etika, dan Hukum terkait Hacking <en> ]] | ||
* [[Perangkat Tool dan Lingkungan Kerja (VM, Kali Linux) | * [[Perangkat Tool dan Lingkungan Kerja (VM, Kali Linux) <en> ]] | ||
* [[Hands-on: Setup Lab dan Lingkungan Testing Aman | * [[Hands-on: Setup Lab dan Lingkungan Testing Aman <en> ]] | ||
==Metodologi Penetration Testing== | ==Metodologi Penetration Testing== | ||
| Line 21: | Line 21: | ||
* [[Hands-on: Membuat Rencana Penetration Testing]] | * [[Hands-on: Membuat Rencana Penetration Testing]] | ||
* [[Fase Penetration Testing (Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks) | * [[Fase Penetration Testing (Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks) <en>]] | ||
* [[Standar Penetration Testing (OWASP, NIST) | * [[Standar Penetration Testing (OWASP, NIST) <en>]] | ||
* [[Hands-on: Membuat Rencana Penetration Testing | * [[Hands-on: Membuat Rencana Penetration Testing <en>]] | ||
==Reconnaissance (Information Gathering)== | ==Reconnaissance (Information Gathering)== | ||
| Line 31: | Line 31: | ||
* [[Hands-on: Pengumpulan Informasi Target secara Pasif]] | * [[Hands-on: Pengumpulan Informasi Target secara Pasif]] | ||
* [[Teknik Open Source Intelligence (OSINT) | * [[Teknik Open Source Intelligence (OSINT) <en>]] | ||
* [[Passive dan Active Reconnaissance | * [[Passive dan Active Reconnaissance <en>]] | ||
* [[Tools: WHOIS, dig, Maltego, Google Dorking | * [[Tools: WHOIS, dig, Maltego, Google Dorking <en>]] | ||
* [[Hands-on: Pengumpulan Informasi Target secara Pasif | * [[Hands-on: Pengumpulan Informasi Target secara Pasif <en>]] | ||
| Line 43: | Line 43: | ||
* [[Hands-on: Identifikasi Port, Services, dan Vulnerability Target]] | * [[Hands-on: Identifikasi Port, Services, dan Vulnerability Target]] | ||
* [[Network Scanning: Nmap, Netcat | * [[Network Scanning: Nmap, Netcat <en>]] | ||
* [[Vulnerability Scanning: OpenVAS, Nessus | * [[Vulnerability Scanning: OpenVAS, Nessus <en>]] | ||
* [[Enumeration Services: SMB, SNMP, FTP, HTTP | * [[Enumeration Services: SMB, SNMP, FTP, HTTP <en>]] | ||
* [[Hands-on: Identifikasi Port, Services, dan Vulnerability Target | * [[Hands-on: Identifikasi Port, Services, dan Vulnerability Target <en>]] | ||
| Line 57: | Line 57: | ||
* [[Hands-on: Menggunakan Metasploit untuk Eksploitasi]] | * [[Hands-on: Menggunakan Metasploit untuk Eksploitasi]] | ||
* [[Pengertian Eksploitasi | * [[Pengertian Eksploitasi <en>]] | ||
* [[Memahami Common Vulnerabilities (CVE) | * [[Memahami Common Vulnerabilities (CVE) <en>]] | ||
* [[Membuat Exploit sederhana berdasarkan CVE | * [[Membuat Exploit sederhana berdasarkan CVE <en>]] | ||
* [[Memilih dan Memodifikasi Exploit | * [[Memilih dan Memodifikasi Exploit <en>]] | ||
* [[Tools: Metasploit Framework | * [[Tools: Metasploit Framework <en>]] | ||
* [[Hands-on: Menggunakan Metasploit untuk Eksploitasi | * [[Hands-on: Menggunakan Metasploit untuk Eksploitasi <en>]] | ||
==Web Application Hacking - Bagian 1== | ==Web Application Hacking - Bagian 1== | ||
| Line 70: | Line 70: | ||
* [[Hands-on: Eksploitasi SQL Injection pada Aplikasi Web]] | * [[Hands-on: Eksploitasi SQL Injection pada Aplikasi Web]] | ||
* [[Konsep HTTP, Session, dan Cookies | * [[Konsep HTTP, Session, dan Cookies <en>]] | ||
* [[Vulnerabilities umum: SQL Injection, XSS | * [[Vulnerabilities umum: SQL Injection, XSS <en>]] | ||
* [[Tools: Burp Suite, OWASP ZAP | * [[Tools: Burp Suite, OWASP ZAP <en>]] | ||
* [[Hands-on: Eksploitasi SQL Injection pada Aplikasi Web | * [[Hands-on: Eksploitasi SQL Injection pada Aplikasi Web <en>]] | ||
==Web Application Hacking - Bagian 2== | ==Web Application Hacking - Bagian 2== | ||
| Line 81: | Line 81: | ||
* [[Hands-on: Menggunakan Burp Suite untuk Menganalisis dan Mengeksploitasi Web App]] | * [[Hands-on: Menggunakan Burp Suite untuk Menganalisis dan Mengeksploitasi Web App]] | ||
* [[CSRF (Cross-Site Request Forgery) | * [[CSRF (Cross-Site Request Forgery) <en>]] | ||
* [[RCE (Remote Code Execution) | * [[RCE (Remote Code Execution) <en>]] | ||
* [[Directory Traversal, File Inclusion | * [[Directory Traversal, File Inclusion <en>]] | ||
* [[Hands-on: Menggunakan Burp Suite untuk Menganalisis dan Mengeksploitasi Web App | * [[Hands-on: Menggunakan Burp Suite untuk Menganalisis dan Mengeksploitasi Web App <en>]] | ||
| Line 93: | Line 93: | ||
* [[Hands-on: Password Cracking dan Authentication Bypass]] | * [[Hands-on: Password Cracking dan Authentication Bypass]] | ||
* [[Teknik Password Cracking (Brute Force, Dictionary, Rainbow Table) | * [[Teknik Password Cracking (Brute Force, Dictionary, Rainbow Table) <en>]] | ||
* [[Bypass Authentication: Vulnerable Login Forms | * [[Bypass Authentication: Vulnerable Login Forms <en>]] | ||
* [[Tools: John the Ripper, Hydra | * [[Tools: John the Ripper, Hydra <en>]] | ||
* [[Hands-on: Password Cracking dan Authentication Bypass | * [[Hands-on: Password Cracking dan Authentication Bypass <en>]] | ||
| Line 106: | Line 106: | ||
* [[Hands-on: Menyerang Wireless Network dan Memecahkan Password WiFi]] | * [[Hands-on: Menyerang Wireless Network dan Memecahkan Password WiFi]] | ||
* [[Teknik dan Protokol Wireless (WEP, WPA/WPA2) | * [[Teknik dan Protokol Wireless (WEP, WPA/WPA2) <en>]] | ||
* [[Attacks: Man in The Middle | * [[Attacks: Man in The Middle <en>]] | ||
* [[Attacks: WEP Cracking, WPA Handshake Capture | * [[Attacks: WEP Cracking, WPA Handshake Capture <en>]] | ||
* [[Tools: Aircrack-ng, Wireshark | * [[Tools: Aircrack-ng, Wireshark <en>]] | ||
* [[Hands-on: Menyerang Wireless Network dan Memecahkan Password WiFi | * [[Hands-on: Menyerang Wireless Network dan Memecahkan Password WiFi <en>]] | ||
| Line 120: | Line 120: | ||
* [[Hands-on: Simulasi Phishing Attack]] | * [[Hands-on: Simulasi Phishing Attack]] | ||
* [[Teknik Social Engineering: Phishing, Pretexting, Baiting | * [[Teknik Social Engineering: Phishing, Pretexting, Baiting <en>]] | ||
* [[Email Spoofing dan Spear Phishing | * [[Email Spoofing dan Spear Phishing <en>]] | ||
* [[Tools: Social Engineering Toolkit (SET) | * [[Tools: Social Engineering Toolkit (SET) <en>]] | ||
* [[Hands-on: Simulasi Phishing Attack | * [[Hands-on: Simulasi Phishing Attack <en>]] | ||
| Line 132: | Line 132: | ||
* [[Hands-on: Menaikkan Privilege di Sistem Linux dan Windows]] | * [[Hands-on: Menaikkan Privilege di Sistem Linux dan Windows]] | ||
* [[Konsep Privilege Escalation | * [[Konsep Privilege Escalation <en>]] | ||
* [[Local vs Remote Escalation | * [[Local vs Remote Escalation <en>]] | ||
* [[Exploiting Misconfigured Services | * [[Exploiting Misconfigured Services <en>]] | ||
* [[Hands-on: Menaikkan Privilege di Sistem Linux dan Windows | * [[Hands-on: Menaikkan Privilege di Sistem Linux dan Windows <en>]] | ||
| Line 144: | Line 144: | ||
* [[Hands-on: Menginstal Backdoor dan Teknik Persistensi di Sistem Target]] | * [[Hands-on: Menginstal Backdoor dan Teknik Persistensi di Sistem Target]] | ||
* [[Backdoors dan Persistence | * [[Backdoors dan Persistence <en>]] | ||
* [[Data Exfiltration | * [[Data Exfiltration <en>]] | ||
* [[Cleaning Tracks: Log Deletion, Anti-Forensics | * [[Cleaning Tracks: Log Deletion, Anti-Forensics <en>]] | ||
* [[Hands-on: Menginstal Backdoor dan Teknik Persistensi di Sistem Target | * [[Hands-on: Menginstal Backdoor dan Teknik Persistensi di Sistem Target <en>]] | ||
Revision as of 00:59, 19 October 2024
Outline kuliah Ethical Hacking untuk 15 modul dengan fokus pada pengetahuan praktis dan skill hacking. Tiap pertemuan menggabungkan teori dan hands-on lab untuk mengembangkan keterampilan secara bertahap:
Pengantar Ethical Hacking
- Definisi Ethical Hacking
- Peran dan Tanggung Jawab Ethical Hacker
- Legalitas, Etika, dan Hukum terkait Hacking
- Perangkat Tool dan Lingkungan Kerja (VM, Kali Linux)
- Hands-on: Setup Lab dan Lingkungan Testing Aman
- [[Definisi Ethical Hacking <en> ]]
- [[Peran dan Tanggung Jawab Ethical Hacker <en> ]]
- [[Legalitas, Etika, dan Hukum terkait Hacking <en> ]]
- [[Perangkat Tool dan Lingkungan Kerja (VM, Kali Linux) <en> ]]
- [[Hands-on: Setup Lab dan Lingkungan Testing Aman <en> ]]
Metodologi Penetration Testing
- Fase Penetration Testing (Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks)
- Standar Penetration Testing (OWASP, NIST)
- Hands-on: Membuat Rencana Penetration Testing
- [[Fase Penetration Testing (Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks) <en>]]
- [[Standar Penetration Testing (OWASP, NIST) <en>]]
- [[Hands-on: Membuat Rencana Penetration Testing <en>]]
Reconnaissance (Information Gathering)
- Teknik Open Source Intelligence (OSINT)
- Passive dan Active Reconnaissance
- Tools: WHOIS, dig, Maltego, Google Dorking
- Hands-on: Pengumpulan Informasi Target secara Pasif
- [[Teknik Open Source Intelligence (OSINT) <en>]]
- [[Passive dan Active Reconnaissance <en>]]
- [[Tools: WHOIS, dig, Maltego, Google Dorking <en>]]
- [[Hands-on: Pengumpulan Informasi Target secara Pasif <en>]]
Scanning dan Enumeration
- Network Scanning: Nmap, Netcat
- Vulnerability Scanning: OpenVAS, Nessus
- Enumeration Services: SMB, SNMP, FTP, HTTP
- Hands-on: Identifikasi Port, Services, dan Vulnerability Target
- [[Network Scanning: Nmap, Netcat <en>]]
- [[Vulnerability Scanning: OpenVAS, Nessus <en>]]
- [[Enumeration Services: SMB, SNMP, FTP, HTTP <en>]]
- [[Hands-on: Identifikasi Port, Services, dan Vulnerability Target <en>]]
Exploitation Basics
- Pengertian Eksploitasi
- Memahami Common Vulnerabilities (CVE)
- Membuat Exploit sederhana berdasarkan CVE
- Memilih dan Memodifikasi Exploit
- Tools: Metasploit Framework
- Hands-on: Menggunakan Metasploit untuk Eksploitasi
- [[Pengertian Eksploitasi <en>]]
- [[Memahami Common Vulnerabilities (CVE) <en>]]
- [[Membuat Exploit sederhana berdasarkan CVE <en>]]
- [[Memilih dan Memodifikasi Exploit <en>]]
- [[Tools: Metasploit Framework <en>]]
- [[Hands-on: Menggunakan Metasploit untuk Eksploitasi <en>]]
Web Application Hacking - Bagian 1
- Konsep HTTP, Session, dan Cookies
- Vulnerabilities umum: SQL Injection, XSS
- Tools: Burp Suite, OWASP ZAP
- Hands-on: Eksploitasi SQL Injection pada Aplikasi Web
- [[Konsep HTTP, Session, dan Cookies <en>]]
- [[Vulnerabilities umum: SQL Injection, XSS <en>]]
- [[Tools: Burp Suite, OWASP ZAP <en>]]
- [[Hands-on: Eksploitasi SQL Injection pada Aplikasi Web <en>]]
Web Application Hacking - Bagian 2
- CSRF (Cross-Site Request Forgery)
- RCE (Remote Code Execution)
- Directory Traversal, File Inclusion
- Hands-on: Menggunakan Burp Suite untuk Menganalisis dan Mengeksploitasi Web App
- [[CSRF (Cross-Site Request Forgery) <en>]]
- [[RCE (Remote Code Execution) <en>]]
- [[Directory Traversal, File Inclusion <en>]]
- [[Hands-on: Menggunakan Burp Suite untuk Menganalisis dan Mengeksploitasi Web App <en>]]
Password Cracking dan Authentication Bypass
- Teknik Password Cracking (Brute Force, Dictionary, Rainbow Table)
- Bypass Authentication: Vulnerable Login Forms
- Tools: John the Ripper, Hydra
- Hands-on: Password Cracking dan Authentication Bypass
- [[Teknik Password Cracking (Brute Force, Dictionary, Rainbow Table) <en>]]
- [[Bypass Authentication: Vulnerable Login Forms <en>]]
- [[Tools: John the Ripper, Hydra <en>]]
- [[Hands-on: Password Cracking dan Authentication Bypass <en>]]
Wireless Network Hacking
- Teknik dan Protokol Wireless (WEP, WPA/WPA2)
- Attacks: Man in The Middle
- Attacks: WEP Cracking, WPA Handshake Capture
- Tools: Aircrack-ng, Wireshark
- Hands-on: Menyerang Wireless Network dan Memecahkan Password WiFi
- [[Teknik dan Protokol Wireless (WEP, WPA/WPA2) <en>]]
- [[Attacks: Man in The Middle <en>]]
- [[Attacks: WEP Cracking, WPA Handshake Capture <en>]]
- [[Tools: Aircrack-ng, Wireshark <en>]]
- [[Hands-on: Menyerang Wireless Network dan Memecahkan Password WiFi <en>]]
Social Engineering
- Teknik Social Engineering: Phishing, Pretexting, Baiting
- Email Spoofing dan Spear Phishing
- Tools: Social Engineering Toolkit (SET)
- Hands-on: Simulasi Phishing Attack
- [[Teknik Social Engineering: Phishing, Pretexting, Baiting <en>]]
- [[Email Spoofing dan Spear Phishing <en>]]
- [[Tools: Social Engineering Toolkit (SET) <en>]]
- [[Hands-on: Simulasi Phishing Attack <en>]]
Privilege Escalation
- Konsep Privilege Escalation
- Local vs Remote Escalation
- Exploiting Misconfigured Services
- Hands-on: Menaikkan Privilege di Sistem Linux dan Windows
- [[Konsep Privilege Escalation <en>]]
- [[Local vs Remote Escalation <en>]]
- [[Exploiting Misconfigured Services <en>]]
- [[Hands-on: Menaikkan Privilege di Sistem Linux dan Windows <en>]]
Post-Exploitation dan Maintaining Access
- Backdoors dan Persistence
- Data Exfiltration
- Cleaning Tracks: Log Deletion, Anti-Forensics
- Hands-on: Menginstal Backdoor dan Teknik Persistensi di Sistem Target
- [[Backdoors dan Persistence <en>]]
- [[Data Exfiltration <en>]]
- [[Cleaning Tracks: Log Deletion, Anti-Forensics <en>]]
- [[Hands-on: Menginstal Backdoor dan Teknik Persistensi di Sistem Target <en>]]
Mobile Hacking
- Arsitektur dan Security Model Android & iOS
- Vulnerabilities di Aplikasi Mobile
- Tools: Drozer, APKTool
- Hands-on: Analisis dan Eksploitasi APK Android
Capture The Flag (CTF) Challenge dan Review
- Penyelesaian Soal-soal CTF untuk Review
- Rekapitulasi Skill dan Pengetahuan
- Simulasi Penetration Testing Lengkap
- Hands-on: CTF Challenge (Individu/Kelompok)
Report Penetration Test
- Report Penetration Test: Outline
- Report Penetration Test: Contoh Temuan Kerentanan
- Report Penetration Test: Contoh Temuan Eksploitasi
- Report Penetration Test: Contoh Temuan Dampak
- Report Penetration Test: Contoh Analisa Resiko
- Report Penetration Test: Contoh Penentuan Prioritas
- Report Penetration Test: Contoh Rekomendasi Perbaikan
- Report Penetration Test: Contoh Rekomendasi Mitigasi
- Report Penetration Test: Contoh Rekomendasi Pencegahan
