Program Advanced Ethical Hacker ini dirancang untuk membentuk ethical hacker tingkat advanced dengan kemampuan offensive security, penetration testing, exploit analysis, web exploitation, Active Directory attack, cloud attack simulation, hingga red teaming.
Program difokuskan pada:
Penetration Testing Methodology
Advanced Exploitation
Red Team Simulation
Web & Network Attacks
Privilege Escalation
Evasion Techniques
Security Research
Reporting Profesional
Setiap modul terdiri dari:
Tujuan pembelajaran
Materi utama
Tools yang dipelajari
Praktik lab
Target skill
LEVEL 1 — ADVANCED HACKING FUNDAMENTALS
Modul 1 — Advanced Cyber Security Mindset
Materi:
Hacker methodology
Offensive security workflow
Attack chain
MITRE ATT&CK
OPSEC fundamentals
Threat modeling
Tools:
Kali Linux
Parrot OS
Praktik:
Setup advanced hacking lab
Target Skill:
Memahami mindset offensive security professional.
Modul 2 — Advanced Networking for Hackers
Materi:
Deep TCP/IP
Packet crafting
VLAN hopping
ARP spoofing
Network pivoting
Tunneling
Tools:
Wireshark
Scapy
Bettercap
Praktik:
Analisa packet attack
Target Skill:
Menguasai komunikasi jaringan tingkat advanced.
Modul 3 — Linux Exploitation Environment
Materi:
Linux internals
Bash automation
Linux hardening bypass
Process injection basics
SSH tunneling
Tools:
Kali Linux
tmux
Zsh
Praktik:
Build offensive Linux environment
Target Skill:
Menguasai Linux untuk offensive operation.
Modul 4 — Python for Ethical Hackers
Materi:
Socket programming
HTTP requests
Threading
Automation scripting
Exploit automation
API interaction
Tools:
Python
VSCode
Praktik:
Membuat custom scanner
Membuat automation recon
Target Skill:
Mampu membuat tools offensive sederhana.
Modul 5 — Reconnaissance & OSINT
Materi:
Passive recon
Active recon
Google dorking
Metadata analysis
DNS intelligence
Attack surface mapping
Tools:
Amass
Subfinder
Shodan
theHarvester
Praktik:
Full recon target lab
Target Skill:
Mampu melakukan reconnaissance profesional.
LEVEL 2 — ADVANCED WEB APPLICATION HACKING
Modul 6 — Web Application Internals
Materi:
HTTP deep dive
Authentication flow
JWT
Session management
API architecture
WebSocket
Tools:
Burp Suite
Postman
Praktik:
Mapping web application
Target Skill:
Memahami arsitektur web modern.
Modul 7 — Advanced SQL Injection
Materi:
Blind SQLi
Time-based SQLi
Out-of-band SQLi
WAF bypass
Filter bypass
Tools:
SQLMap
Burp Suite
Praktik:
Exploit SQLi di lab aman
Target Skill:
Memahami teknik SQL Injection tingkat lanjut.
Modul 8 — Advanced XSS Exploitation
Materi:
DOM XSS
Mutation XSS
CSP bypass
Polyglot payload
Cookie/session abuse
Tools:
Dalfox
XSStrike
Praktik:
XSS exploitation lab
Target Skill:
Memahami teknik XSS advanced.
Modul 9 — SSRF, XXE & Deserialization
Materi:
SSRF attack flow
Cloud metadata exposure
XXE exploitation
Insecure deserialization
Tools:
Burp Suite
Collaborator
Praktik:
SSRF lab
XXE lab
Target Skill:
Memahami server-side attack.
Modul 10 — File Upload & RCE
Materi:
Upload bypass
MIME bypass
Race condition
Command injection
Remote Code Execution
Tools:
Burp Suite
Metasploit
Praktik:
Upload exploitation lab
Target Skill:
Memahami eksploitasi RCE.
Modul 11 — API Security Testing
Materi:
REST API attack
GraphQL testing
JWT weakness
Broken object level authorization
API fuzzing
Tools:
Postman
Burp Suite
ffuf
Praktik:
API pentest lab
Target Skill:
Mampu melakukan pengujian API.
Modul 12 — Web Cache & Business Logic Attack
Materi:
Cache poisoning
Business logic flaw
Race condition
Abuse workflow
Tools:
Burp Suite
Praktik:
Business logic exploitation
Target Skill:
Memahami eksploitasi logic flaw.
LEVEL 3 — NETWORK & SYSTEM EXPLOITATION
Modul 13 — Advanced Scanning & Enumeration
Materi:
Banner grabbing
Service fingerprinting
SMB enumeration
LDAP enumeration
SNMP enumeration
Tools:
Nmap
Rustscan
Enum4linux
Praktik:
Enumeration target enterprise
Target Skill:
Mampu menemukan attack surface.
Modul 14 — Exploitation Frameworks
Materi:
Payload generation
Meterpreter
Post exploitation
Session handling
Pivoting
Tools:
Metasploit
Sliver
Praktik:
Controlled exploitation di lab
Target Skill:
Menguasai framework exploitation.
Modul 15 — Password & Authentication Attacks
Materi:
Password spraying
Kerberoasting
NTLM abuse
Hash cracking concepts
MFA weakness
Tools:
Hashcat
John the Ripper
CrackMapExec
Praktik:
Audit password policy lab
Target Skill:
Memahami kelemahan autentikasi.
Modul 16 — Wireless & Rogue Network Attack
Materi:
WPA/WPA2 attack overview
Evil twin concept
Rogue AP simulation
Captive portal attack awareness
Tools:
Aircrack-ng
Bettercap
Praktik:
Wireless audit di lab sendiri
Target Skill:
Memahami keamanan wireless.
Modul 17 — Linux Privilege Escalation
Materi:
SUID abuse
Cronjob abuse
Capability abuse
PATH hijacking
Kernel weakness overview
Tools:
LinPEAS
Linux Exploit Suggester
Praktik:
Privilege escalation lab
Target Skill:
Mampu menemukan misconfiguration Linux.
Modul 18 — Windows Privilege Escalation
Materi:
UAC bypass overview
Service misconfiguration
Token privilege
Registry abuse
DLL hijacking
Tools:
WinPEAS
PowerUp
Praktik:
Windows escalation lab
Target Skill:
Mampu memahami privilege escalation Windows.
LEVEL 4 — ACTIVE DIRECTORY & ENTERPRISE ATTACK
Modul 19 — Active Directory Fundamentals
Materi:
Domain structure
Kerberos
NTLM
Trust relationship
Group Policy
Tools:
BloodHound
PowerView
Praktik:
Mapping Active Directory
Target Skill:
Memahami arsitektur AD.
Modul 20 — Active Directory Exploitation
Materi:
Kerberoasting
AS-REP roasting
Pass the hash overview
Lateral movement concept
Delegation abuse
Tools:
Rubeus
CrackMapExec
BloodHound
Praktik:
Simulasi AD attack di lab terisolasi
Target Skill:
Memahami eksploitasi enterprise.
Modul 21 — Pivoting & Internal Network Movement
Materi:
SOCKS proxy
SSH tunneling
Port forwarding
Network pivoting
Segmentation bypass concepts
Tools:
Chisel
Ligolo-ng
SSH
Praktik:
Pivoting di internal lab
Target Skill:
Mampu melakukan movement antar jaringan.
Modul 22 — Evasion & OPSEC
Materi:
AV evasion concepts
Obfuscation basics
Payload encoding
OPSEC discipline
Logging awareness
Tools:
Veil
Shellter
Praktik:
Simulasi evasion pada lingkungan aman
Target Skill:
Memahami konsep stealth operation.
Modul 23 — Cloud Attack Surface
Materi:
AWS IAM weakness
S3 exposure
Cloud enumeration
Metadata abuse overview
Container misconfiguration
Tools:
ScoutSuite
Trivy
Praktik:
Cloud audit lab
Target Skill:
Memahami keamanan cloud.
Modul 24 — Container & Kubernetes Security
Materi:
Docker attack surface
Container escape overview
Kubernetes security
Secret exposure
Tools:
Docker
kube-hunter
kubectl
Praktik:
Audit container lab
Target Skill:
Memahami container security.
LEVEL 5 — ADVANCED OFFENSIVE SECURITY
Modul 25 — Reverse Engineering Fundamentals
Materi:
Assembly basics
Binary analysis
Function analysis
Static analysis
Tools:
Ghidra
IDA Free
x64dbg
Praktik:
Reverse engineering binary sederhana
Target Skill:
Memahami struktur executable.
Modul 26 — Malware Analysis Fundamentals
Materi:
Static analysis
Dynamic analysis
Sandbox analysis
Obfuscation awareness
Tools:
REMnux
Procmon
PEStudio
Praktik:
Analisa malware sample aman
Target Skill:
Memahami malware behavior.
Modul 27 — Exploit Development Basics
Materi:
Buffer overflow
Memory corruption
Shellcode concept
DEP & ASLR overview
Tools:
GDB
pwntools
Immunity Debugger
Praktik:
Simulasi exploit sederhana di lab aman
Target Skill:
Memahami dasar exploit development.
Modul 28 — Red Team Operations
Materi:
Adversary simulation
Initial access methodology
Persistence overview
Credential access
Reporting
Tools:
Sliver
Covenant
Praktik:
Simulasi red team internal
Target Skill:
Memahami operasi red team.
Modul 29 — Bug Bounty Professional Workflow
Materi:
Scope analysis
Recon automation
Finding validation
Responsible disclosure
Report writing
Tools:
Burp Suite
Nuclei
httpx
katana
Praktik:
Simulasi bug bounty workflow
Target Skill:
Mampu melakukan workflow bug bounty profesional.
Modul 30 — Professional Ethical Hacker Capstone
Materi:
Full penetration testing workflow
Multi-stage attack simulation
Reporting professional
Presentation skill
Career preparation
Tools:
Dradis
Obsidian
GitHub
Praktik:
Final project advanced pentest
Presentasi technical report
Target Skill:
Siap menjadi Advanced Ethical Hacker profesional.
BONUS SECTION
Sertifikasi Direkomendasikan
CEH
eJPT
PNPT
OSCP
OSWE
CRTO
CPTS
CRTP
OSEP
Platform Praktik
Hack The Box
TryHackMe
PortSwigger Web Security Academy
OverTheWire
PicoCTF
VulnHub
Roadmap Karier
Beginner:
Junior Pentester
SOC Analyst
IT Security Staff
Intermediate:
Penetration Tester
Security Engineer
Bug Bounty Hunter
Advanced:
Red Team Operator
Security Researcher
Exploit Developer
Security Consultant
PENUTUP
Program Advanced Ethical Hacker ini dirancang untuk memberikan pemahaman offensive security modern secara bertahap dan terstruktur.
Fokus utama program adalah kemampuan berpikir seperti attacker profesional namun tetap dalam koridor ethical hacking dan keamanan defensif.