25 Modul Kursus “Secret Offensive Security Indonesia”
Deskripsi Program
Secret Offensive Security Indonesia adalah program pembelajaran offensive security tingkat intermediate hingga advanced yang dirancang untuk membangun pola pikir attacker simulation, penetration testing modern, dan offensive operation secara profesional.
Program difokuskan pada:
Offensive Security Methodology
Adversary Simulation
Web & Network Pentesting
Active Directory Security
Red Team Workflow
Exploit Research
Threat Emulation
OPSEC Awareness
Professional Reporting
Program ini menekankan:
Lab terisolasi dan legal
Simulasi realistis
Dokumentasi profesional
Praktik hands-on
Workflow industri offensive security
Struktur Pembelajaran
Setiap modul terdiri dari:
Tujuan pembelajaran
Materi utama
Tools utama
Praktik lab
Mini project
Target skill
LEVEL 1 — OFFENSIVE SECURITY FUNDAMENTALS
Modul 1 — Introduction to Offensive Security
Materi:
Pengertian offensive security
Red Team vs Pentester
Threat landscape
Cyber Kill Chain
MITRE ATT&CK
Rules of Engagement
Legal & ethics
Tools:
Kali Linux
VirtualBox
VMware
Praktik:
Setup offensive lab
Membuat topologi lab
Target Skill:
Memahami dasar offensive security.
Modul 2 — Linux Offensive Environment
Materi:
Linux command line
File permission
Bash scripting
SSH
Networking command
Environment setup
Tools:
Kali Linux
tmux
zsh
Praktik:
Setup attacker workstation
Target Skill:
Menguasai Linux untuk offensive operation.
Modul 3 — Networking for Offensive Security
Materi:
TCP/IP
DNS
Routing
Port & protocol
Packet flow
VPN & tunneling
Tools:
Wireshark
tcpdump
Nmap
Praktik:
Analisa packet jaringan
Target Skill:
Memahami komunikasi jaringan.
Modul 4 — Programming & Automation
Materi:
Python dasar
Bash scripting
Regex
Automation workflow
API interaction
Tools:
Python
VSCode
Git
Praktik:
Membuat automation recon
Target Skill:
Mampu membuat automation sederhana.
Modul 5 — Operational Security (OPSEC)
Materi:
OPSEC fundamentals
Identity separation
Secure communication
Infrastructure awareness
Log awareness
Tools:
Tails
VPN
Secure browser
Praktik:
Simulasi OPSEC workflow
Target Skill:
Memahami OPSEC offensive security.
LEVEL 2 — RECON & ENUMERATION
Modul 6 — Information Gathering
Materi:
Passive recon
Active recon
WHOIS
DNS enumeration
Technology fingerprinting
Tools:
theHarvester
Whois
Wappalyzer
Praktik:
Recon target lab
Target Skill:
Mampu melakukan reconnaissance.
Modul 7 — OSINT & Attack Surface Mapping
Materi:
OSINT workflow
Metadata analysis
Public asset discovery
Attack surface mapping
Infrastructure profiling
Tools:
Amass
Subfinder
Shodan
Praktik:
Mapping attack surface
Target Skill:
Memahami attack surface analysis.
Modul 8 — Network Scanning & Enumeration
Materi:
Port scanning
Service enumeration
Banner grabbing
SMB enumeration
SNMP basics
Tools:
Nmap
Rustscan
Enum4linux
Praktik:
Enumerasi target internal
Target Skill:
Mampu menemukan service dan exposure.
Modul 9 — Web Reconnaissance
Materi:
Subdomain enumeration
Directory discovery
Parameter discovery
JavaScript analysis
API discovery
Tools:
ffuf
httpx
katana
waybackurls
Praktik:
Recon aplikasi web lab
Target Skill:
Memahami web reconnaissance.
LEVEL 3 — WEB & NETWORK EXPLOITATION
Modul 10 — Web Application Pentesting
Materi:
OWASP Top 10
Authentication flaw
Session management
Business logic issue
API security
Tools:
Burp Suite
OWASP ZAP
Praktik:
Audit aplikasi vulnerable
Target Skill:
Memahami web application pentest.
Modul 11 — SQL Injection & Database Attack Surface
Materi:
SQL basics
Error-based SQLi
Blind SQLi
Time-based SQLi
Database enumeration
Tools:
SQLMap
Burp Suite
Praktik:
SQL Injection lab
Target Skill:
Memahami database attack surface.
Modul 12 — Cross Site Scripting & Client Attack Surface
Materi:
Reflected XSS
Stored XSS
DOM XSS
CSP basics
Browser security
Tools:
Dalfox
XSStrike
Praktik:
XSS testing lab
Target Skill:
Memahami client-side vulnerability.
Modul 13 — File Upload, LFI & RCE
Materi:
Upload validation
File inclusion
Command injection
RCE overview
Filter bypass basics
Tools:
Burp Suite
Metasploit
Praktik:
Upload testing di lab aman
Target Skill:
Memahami server-side vulnerability.
Modul 14 — Vulnerability Assessment
Materi:
Vulnerability lifecycle
CVSS
Risk prioritization
Validation workflow
Tools:
Nessus
OpenVAS
Praktik:
Vulnerability scanning
Target Skill:
Mampu melakukan assessment.
Modul 15 — Exploitation Workflow
Materi:
Exploit basics
Payload overview
Reverse shell concept
Post exploitation basics
Tools:
Metasploit
Netcat
Praktik:
Exploit vulnerable lab
Target Skill:
Memahami exploitation workflow.
LEVEL 4 — ADVANCED OFFENSIVE SECURITY
Modul 16 — Password Security & Credential Attack
Materi:
Password audit
Hash analysis
Brute force awareness
Password spraying
Credential exposure
Tools:
Hashcat
Hydra
John the Ripper
Praktik:
Password audit lab
Target Skill:
Memahami credential security.
Modul 17 — Active Directory Offensive Security
Materi:
Kerberos
NTLM
AD enumeration
Trust relationship
Lateral movement awareness
Tools:
BloodHound
PowerView
CrackMapExec
Praktik:
Active Directory lab
Target Skill:
Memahami keamanan AD.
Modul 18 — Privilege Escalation
Materi:
Linux privilege escalation
Windows privilege escalation
Misconfiguration analysis
Service abuse overview
Tools:
LinPEAS
WinPEAS
Praktik:
Privilege escalation lab
Target Skill:
Memahami escalation workflow.
Modul 19 — Wireless Security & Network Attack Awareness
Materi:
WiFi security
WPA/WPA2/WPA3
Rogue AP awareness
MITM overview
Tools:
Aircrack-ng
Bettercap
Praktik:
Audit wireless pribadi
Target Skill:
Memahami keamanan wireless.
Modul 20 — Evasion & Defense Awareness
Materi:
Antivirus basics
Detection awareness
Logging overview
EDR basics
Detection surface
Tools:
Sysmon
Wazuh
Praktik:
Analisa detection log
Target Skill:
Memahami defensive visibility.
LEVEL 5 — PROFESSIONAL OFFENSIVE OPERATION
Modul 21 — Red Team Methodology
Materi:
Adversary simulation
Engagement planning
Objective-based operation
Threat emulation
Tools:
MITRE ATT&CK
Caldera
Praktik:
Simulasi red team workflow
Target Skill:
Memahami red team methodology.
Modul 22 — Command & Control Fundamentals
Materi:
C2 basics
Beacon concept
Infrastructure awareness
Secure communication channel
Tools:
Sliver
Covenant
Praktik:
Simulasi C2 pada lab terisolasi
Target Skill:
Memahami command & control.
Modul 23 — Threat Hunting & Blue Team Perspective
Materi:
IOC
TTP
SIEM overview
Threat hunting basics
Detection engineering overview
Tools:
Splunk
ELK Stack
Sigma
Praktik:
Investigasi alert sederhana
Target Skill:
Memahami perspektif defender.
Modul 24 — Professional Reporting & Documentation
Materi:
Executive summary
Technical report
Risk rating
Evidence collection
Remediation guidance
Tools:
Dradis
Obsidian
Markdown
Praktik:
Membuat laporan pentest profesional
Target Skill:
Mampu membuat reporting profesional.
Modul 25 — Final Offensive Security Operation
Materi:
Full offensive workflow
Recon hingga reporting
Attack surface analysis
Threat emulation
Presentation
Tools:
Full Offensive Toolkit
Praktik:
Final lab assessment
Presentasi hasil operation
Target Skill:
Siap menjadi Offensive Security Specialist.
BONUS SECTION
Tools Penting Offensive Security
Kali Linux
Burp Suite
Metasploit
Nmap
Wireshark
BloodHound
SQLMap
ffuf
Sliver
Nessus
Hashcat
Sertifikasi Direkomendasikan
eJPT
PNPT
OSCP
OSWE
CRTO
CEH
CPTS
Platform Praktik
Hack The Box
TryHackMe
PortSwigger Web Security Academy
VulnHub
PicoCTF
OverTheWire
Roadmap Karier
Beginner:
Junior Pentester
Security Analyst
Intermediate:
Penetration Tester
Security Engineer
Red Team Operator
Advanced:
Offensive Security Specialist
Security Researcher
Red Team Lead
Adversary Simulation Operator
PENUTUP
Program Secret Offensive Security Indonesia dirancang untuk membangun kemampuan offensive security secara bertahap dari fundamental hingga advanced operation.
Fokus utama program adalah membangun pola pikir analitis, metodologi pentesting profesional, pemahaman attack surface modern, serta kemampuan dokumentasi dan simulasi adversary secara legal dan terstruktur.