"24/7 one-on-one support via chat group for 3 months. Receive exam preparation knowledge and to increase your chances of passing the certification. Our expert has guided hundreds of CEH Masters and provided cybersecurity training for the Ministry of Defense. And specially designed video course !"
CEH (ANSI) Exam insurance included !
Course Outline
20 Modules that help you master the foundations of
Ethical Hacking and prepare to challenge the CEH certification exam.
Cover the fundamentals of key issues in the information security world, including the basics of ethical hacking, information security controls, relevant laws, and standard procedures.
Key topics covered:
Elements of Information Security, Cyber Kill Chain Methodology, MITRE ATT&CK Framework, Hacker Classes, Ethical Hacking, Information Assurance (IA), Risk Management, Incident Management, PCI DSS, HIPPA, SOX, GDPR
Learn how to use the latest techniques and tools to perform foot printing and reconnaissance, a critical pre-attack phase of the ethical hacking process.
Hands-on Lab Exercises:
Over 30 hands-on exercises with real-life simulated targets to build skills on how to:
- Perform footprinting on the target network using search engines, web services, and social networking sites
- Perform website, email, whois, DNS, and network footprinting on the target network
Key Topics Covered:
Footprinting, Advanced Google Hacking Techniques, Deep and Dark Web Footprinting, Competitive Intelligence Gathering, Website Footprinting, Website Mirroring, Email Footprinting, Whois Lookup, DNS Footprinting, Traceroute Analysis, Footprinting Tools
Cover the fundamentals of key issues in the information security world, including the basics of ethical hacking, information security controls, relevant laws, and standard procedures.
Hands-on Lab Exercises:
Over 10 hands-on exercises with real-life simulated targets to build skills on how to:
- Perform host, port, service, and OS discovery on the target network
- Perform scanning on the target network beyond IDS and Firewall
Key Topics Covered:
Network Scanning, Host Discovery Techniques, Port Scanning Techniques, Service Version Discovery, OS Discovery, Banner Grabbing, OS Fingerprinting, Packet Fragmentation, Source Routing, IP Address Spoofing, Scanning Tools
Learn various enumeration techniques, such as Border Gateway Protocol (BGP) and Network File Sharing (NFS) exploits, and associated countermeasures
Hands-on Lab Exercises:
Over 20 hands-on exercises with real-life simulated targets to build skills on how to:
- Perform NetBIOS, SNMP, LDAP, NFS, DNS, SMTP, RPC, SMB, and FTP Enumeration
Key Topics Covered:
Enumeration, NetBIOS Enumeration, SNMP Enumeration, LDAP Enumeration, NTP Enumeration, NFS Enumeration, SMTP Enumeration, DNS Cache Snooping, DNSSEC Zone Walking, IPsec Enumeration, VoIP Enumeration, RPC Enumeration, Unix/Linux User Enumeration, Enumeration Tools
Learn various enumeration techniques, such as Border Gateway Protocol (BGP) and Network File Sharing (NFS) exploits, and associated countermeasures
Hands-on Lab Exercises:
Over 20 hands-on exercises with real-life simulated targets to build skills on how to:
- Perform NetBIOS, SNMP, LDAP, NFS, DNS, SMTP, RPC, SMB, and FTP Enumeration
Key Topics Covered:
Enumeration, NetBIOS Enumeration, SNMP Enumeration, LDAP Enumeration, NTP Enumeration, NFS Enumeration, SMTP Enumeration, DNS Cache Snooping, DNSSEC Zone Walking, IPsec Enumeration, VoIP Enumeration, RPC Enumeration, Unix/Linux User Enumeration, Enumeration Tools
Learn about the various system hacking methodologies—including steganography, steganalysis attacks, and covering tracks—used to discover system and network vulnerabilities.
Hands-on Lab Exercises:
Over 25 hands-on exercises with real-life simulated targets to build skills on how to:
- Perform an Active Online Attack to Crack the System’s Password
- Perform Buffer Overflow Attack to Gain Access to a Remote System
- Escalate Privileges using Privilege Escalation Tools
- Escalate Privileges in Linux Machine
- Hide Data using Steganography
- Clear Windows and Linux Machine Logs using Various Utilities
- Hiding Artifacts in Windows and Linux Machines
Key Topics Covered:
Password Cracking, Password Attacks, Wire Sniffing, Password-Cracking Tools, Vulnerability Exploitation, Buffer Overflow, Privilege Escalation, Privilege Escalation Tools, Keylogger, Spyware, Anti-Keyloggers, Anti-Spyware, Rootkits, Anti-Rootkits, Steganography, Steganography Tools, Steganalysis, Steganography Detection Tools, Maintaining Persistence, Post Exploitation, Clearing Logs, Covering Tracks, Track-Covering Tools
Get an introduction to the different types of malware, such as Trojans, viruses, and worms, as well as system auditing for malware attacks, malware analysis, and countermeasures.
Hands-on Lab Exercises:
Over 20 hands-on exercises with real-life simulated targets to build skills on how to:
- Gain Control over a Victim Machine using Trojan
- Infect the Target System using a Virus
- Perform Static and Dynamic Malware Analysis
Key topics covered:
Malware, Components of Malware, APT, Trojan, Types of Trojans, Exploit Kits, Virus, Virus Lifecycle, Types of Viruses, Ransomware, Computer Worms, Fileless Malware, Malware Analysis, Static Malware Analysis, Dynamic Malware Analysis, Virus Detection Methods, Trojan Analysis, Virus Analysis, Fileless Malware Analysis, Anti-Trojan Software, Antivirus Software, Fileless Malware Detection Tools
Learn about packet-sniffing techniques and how to use them to discover network vulnerabilities, as well as countermeasures to defend against sniffing attacks
Hands-on Lab Exercises:
Over 10 hands-on exercises with real-life simulated targets to build skills on how to:
- Perform MAC Flooding, ARP Poisoning, MITM and DHCP Starvation Attack
- Spoof a MAC Address of Linux Machine
- Perform Network Sniffing using Various Sniffing Tools
- Detect ARP Poisoning in a Switch-Based Network
Key Topics Covered:
Network Sniffing, Wiretapping, MAC Flooding, DHCP Starvation Attack, ARP Spoofing Attack, ARP Poisoning, ARP Poisoning Tools, MAC Spoofing, STP Attack, DNS Poisoning, DNS Poisoning Tools, Sniffing Tools, Sniffer Detection Techniques, Promiscuous Detection Tools
Learn social engineering concepts and techniques, including how to identify theft attempts, audit human-level vulnerabilities, and suggest social engineering countermeasures.
Hands-on Lab Exercises:
Over 4 hands-on exercises with real-life simulated targets to build skills on how to:
- Perform Social Engineering using Various Techniques
- Spoof a MAC Address of Linux Machine
- Detect a Phishing Attack
- Audit Organization’s Security for Phishing Attacks
Key Topics Covered:
Social Engineering, Types of Social Engineering, Phishing, Phishing Tools, Insider Threats/Insider Attacks, Identity Theft
Learn about different Denial of Service (DoS) and Distributed DoS (DDoS) attack techniques, as well as the tools used to audit a target and devise DoS and DDoS countermeasures and protections.
Hands-on Lab Exercises:
Over 5 hands-on exercises with real-life simulated targets to build skills on how to:
- Perform a DoS and DDoS attack on a Target Host
- Detect and Protect Against DoS and DDoS Attacks
Key Topics Covered:
DoS Attack, DDoS Attack, Botnets, DoS/DDoS Attack Techniques, DoS/DDoS Attack Tools, DoS/DDoS Attack Detection Techniques, DoS/DDoS Protection Tools
Understand the various session hijacking techniques used to discover network-level session management, authentication, authorization, and cryptographic weaknesses and associated countermeasures.
Hands-on Lab Exercises:
Over 4 hands-on exercises with real-life simulated targets to build skills on how to:
- Perform Session Hijacking using various Tools
- Detect Session Hijacking
Key Topics Covered:
Session Hijacking, Types of Session Hijacking, Spoofing, Application-Level Session Hijacking, Man-in-the-Browser Attack, Client-side Attacks, Session Replay Attacks, Session Fixation Attack, CRIME Attack, Network Level Session Hijacking, TCP/IP Hijacking, Session Hijacking Tools, Session Hijacking Detection Methods, Session Hijacking Prevention Tools
Get introduced to firewall, intrusion detection system, and honeypot evasion techniques; the tools used to audit a network perimeter for weaknesses; and countermeasures.
Hands-on Lab Exercises:
Over 7 hands-on exercises with real-life simulated targets to build skills on how to:
- Bypass Windows Firewall
- Bypass Firewall Rules using Tunneling
- Bypass Antivirus
Key Topics Covered:
Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Firewall, Types of Firewalls, Honeypot, Intrusion Detection Tools, Intrusion Prevention Tools, IDS Evasion Techniques, Firewall Evasion Techniques, Evading NAC and Endpoint Security, IDS/Firewall Evading Tools, Honeypot Detection Tools
Learn about web server attacks, including a comprehensive attack methodology used to audit vulnerabilities in web server infrastructures and countermeasures.
Hands-on Lab Exercises:
Over 8 hands-on exercises with real-life simulated targets to build skills on how to:
- Perform Web Server Reconnaissance using Various Tools
- Enumerate Web Server Information
- Crack FTP Credentials using a Dictionary Attack
Key topics covered:
Web Server Operations, Web Server Attacks, DNS Server Hijacking, Website Defacement, Web Cache Poisoning Attack, Web Server Attack Methodology, Web Server Attack Tools, Web Server Security Tools, Patch Management, Patch Management Tools
Learn about web application attacks, including a comprehensive web application hacking methodology used to audit vulnerabilities in web applications and countermeasures.
Hands-on Lab Exercises:
Over 15 hands-on exercises with real-life simulated targets to build skills on how to:
- Perform Web Application Reconnaissance using Various Tools
- Perform Web Spidering
- Perform Web Application Vulnerability Scanning
- Perform a Brute-force Attack
- Perform Cross-site Request Forgery (CSRF) Attack
- Identify XSS Vulnerabilities in Web Applications
- Detect Web Application Vulnerabilities using Various Web Application Security Tools
Key Topics Covered:
Web Application Architecture, Web Application Threats, OWASP Top 10 Application Security Risks – 2021, Web Application Hacking Methodology, Web API, Webhooks, and Web Shell, Web API Hacking Methodology, Web Application Security
Learn about SQL injection attack techniques, injection detection tools, and countermeasures to detect and defend against SQL injection attempts.
Hands-on Lab Exercises:
Over 4 hands-on exercises with real-life simulated targets to build skills on how to:
- Perform an SQL Injection Attack Against MSSQL to Extract Databases
- Detect SQL Injection Vulnerabilities using Various SQL Injection Detection Tools
Key Topics Covered:
SQL Injection, Types of SQL injection, Blind SQL Injection, SQL Injection Methodology, SQL Injection Tools, Signature Evasion Techniques, SQL Injection Detection Tools
Learn about wireless encryption, wireless hacking methodologies and tools, and Wi-Fi security tools.
Hands-on Lab Exercises:
Over 3 hands-on exercises with real-life simulated targets to build skills on how to:
- Footprint a Wireless Network
- Perform Wireless Traffic Analysis
- Crack a WEP, WPA, and WPA2 Networks
- Create a Rogue Access Point to Capture Data Packets
Key Topics Covered:
Wireless Terminology, Wireless Networks, Wireless Encryption, Wireless Threats, Wireless Hacking Methodology, Wi-Fi Encryption Cracking, WEP/WPA/WPA2 Cracking Tools, Bluetooth Hacking, Bluetooth Threats, Wi-Fi Security Auditing Tools, Bluetooth Security Tools
Learn about mobile platform attack vectors, Android vulnerability exploits, and mobile security guidelines and tools.
Hands-on Lab Exercises:
Over 5 hands-on exercises with real-life simulated targets to build skills on how to:
- Hack an Android Device by Creating Binary Payloads
- Exploit the Android Platform through ADB
- Hack an Android Device by Creating APK File
- Secure Android Devices using Various Android Security Tools
Key Topics Covered:
Mobile Platform Attack Vectors, OWASP Top 10 Mobile Risks, App Sandboxing, SMS Phishing Attack (SMiShing), Android Rooting, Hacking Android Devices, Android Security Tools, Jailbreaking iOS, Hacking iOS Devices, iOS Device Security Tools, Mobile Device Management (MDM), OWASP Top 10 Mobile Controls, Mobile Security Tools
Learn about packet-sniffing techniques and how to use them to discover network vulnerabilities, as well as countermeasures to defend against sniffing attacks
Hands-on Lab Exercises:
Over 2 hands-on exercises with real-life simulated targets to build skills on how to:
- Gather Information using Online Footprinting Tools
- Capture and Analyze IoT Device Traffic
Key Topics Covered:
IoT Architecture, IoT Communication Models, OWASP Top 10 IoT Threats, IoT Vulnerabilities, IoT Hacking Methodology, IoT Hacking Tools, IoT Security Tools, IT/OT Convergence (IIOT), ICS/SCADA, OT Vulnerabilities, OT Attacks, OT Hacking Methodology, OT Hacking Tools, OT Security Tools
Learn different cloud computing concepts, such as container technologies and server less computing, various cloud-based threats and attacks, and cloud security techniques and tools.
Hands-on Lab Exercises:
Over 5 hands-on exercises with real-life simulated targets to build skills on how to:
- Perform S3 Bucket Enumeration using Various S3 Bucket Enumeration Tools
- Exploit Open S3 Buckets
- Escalate IAM User Privileges by Exploiting Misconfigured User Policy
Key Topics Covered:
Cloud Computing, Types of Cloud Computing Services, Cloud Deployment Models, Fog and Edge Computing, Cloud Service Providers, Container, Docker, Kubernetes, Serverless Computing, OWASP Top 10 Cloud Security Risks, Container and Kubernetes Vulnerabilities, Cloud Attacks, Cloud Hacking, Cloud Network Security, Cloud Security Controls, Cloud Security Tools
Achieving the CEH Certification Credential
After taking an authorized course, candidates can attempt the CEH exam. Candidates that successfully pass the exam will receive their CEH certificate and membership privileges. After proving knowledge by achieving the CEH credential, candidates have the added option to proceed to attempt the CEH (Practical) exam to prove their skills and abilities. The CEH (Practical) is a 6-hour practical exam created by subject matter experts in the ethical hacking industry. The exam tests skills and abilities in a timed environment across major operating systems, databases, and networks. Candidates with both the CEH and CEH (Practical) certifications are designated as CEH Masters, having validated the full scope of their abilities.
CEH (ANSI) EXAM
Exam Title: Certified Ethical Hacker (ANSI)
Exam Code: 312-50 (ECC EXAM), 312-50 (VUE)
Number of Questions: 125
Test Format: Multiple Choice
Duration: 4 Hours
Availability: ECC EXAM* / VUE
- Local proctor for Private and in-person courses.
- Live remote proctor for online ECC Exam option.
Passing Score: Please refer to
https://cert.eccouncil.org/faq.html
CEH Certification Exam earned College Credit Recommendations from the American Council on Education (ACE) For more info, click here.
About the Certified Ethical Hacker Master EXAM
To earn the CEH Master certification, you must pass the CEH Practical exam. The CEH Practical Exam was designed to give students a chance to prove they can execute the principals taught in the CEH course. The practical exam requires you to demonstrate the application of ethical hacking techniques such as threat vector identification, network scanning, OS detection, vulnerability analysis, system hacking, and more.
The CEH Practical does not contain simulations. Rather, you will be challenging a live range which was designed to mimic a corporate network through the use of live virtual machines, networks, and applications.
Successfully navigating and completing the challenges found in the CEH (Practical) Exam is the next step after attaining the Certified Ethical Hacker (CEH) certification. Successfully passing both the CEH exam and the CEH Practical will earn you the additional certification of CEH Master.
CEH Master Credential Holders are proven to be able to:
- Demonstrate the understanding of attack vectors
- Perform network scanning to identify live and vulnerable machines in a network.
- Perform OS banner grabbing, service, and user enumeration.
- Perform system hacking, steganography, steganalysis attacks, and cover tracks.
- Identify and use viruses, computer worms, and malware to exploit systems.
- Perform packet sniffing.
- Conduct a variety of web server and web application attacks including directory traversal, parameter tampering, XSS, etc.
- Perform SQL injection attacks.
- Perform different types of cryptography attacks.
- Perform vulnerability analysis to identify security loopholes in the target organization’s network, communication infrastructure, and end systems etc.
About the Exam
- Exam Title: Certified Ethical Hacker (Practical)
- Number of Practical Challenges: 20
- Duration: 6 hours
- Availability: Aspen – iLabs
- Test Format: iLabs Cyber Range
- Passing Score: 70%
How to Prepare for CEH (Practical)
While we strongly recommend that candidates take the CEH and pass the CEH exam, there are no predefined eligibility criteria for those interested in attempting the CEH (Practical) exam.
Exam Proctoring:
We know that traveling to an exam center can be difficult for many. We are pleased to announce that you can take the CEH (Practical) exam from the comfort of your home, but you need to be prepared to be proctored by a dedicated EC-Council Proctor certification team under strict supervision.
The exam dashboard code is valid for 3 months from the date of receipt. Should you require the exam dashboard code validity to be extended, kindly contact practicals@eccouncil.org before the expiry date. Only valid/ active codes can be extended. The exam needs to be scheduled a min 3 days prior to the desired exam date. Exam slots are subject to availability.
Exam Validity
The trust that the industry places in our credentials is very important to us. We see it as our duty to ensure that the holders of this credential are proven hands-on, ethical hackers who are able to perform in the real world to solve real-world challenges. As such, the CEH (Master) is designed as a hands-on exam that will test the skills of the ethical hacker BEYOND just their knowledge. This exam is a proctored, practical exam that can last up to 6 hours.
We know that traveling to an exam center can be difficult for many. We are pleased to announce that you can take the CEH (Practical) exam from the comfort of your home, but you need to be prepared to be proctored by a dedicated EC-Council Proctor certification team under strict supervision.
- E-Courseware
- Exam Voucher
- Exam Retakes*
- Next Version eCourseware
- 6 Months Official Labs
- CEH Practice
- Global CEH Challenge
- Exam Preparation
- CEH Practical Exam Voucher
CEH Master Credential Holders are proven to be able to:
- Demonstrate the understanding of attack vectors
- Perform network scanning to identify live and vulnerable machines in a network.
- Perform OS banner grabbing, service, and user enumeration.
- Perform system hacking, steganography, steganalysis attacks, and cover tracks.
- Identify and use viruses, computer worms, and malware to exploit systems.
- Perform packet sniffing.
- Conduct a variety of web server and web application attacks including directory traversal, parameter tampering, XSS, etc.
- Perform SQL injection attacks.
- Perform different types of cryptography attacks.
- Perform vulnerability analysis to identify security loopholes in the target organization’s network, communication infrastructure, and end systems etc.
About the Exam
- Exam Title: Certified Ethical Hacker (Practical)
- Number of Practical Challenges: 20
- Duration: 6 hours
- Availability: Aspen – iLabs
- Test Format: iLabs Cyber Range
- Passing Score: 70%
How to Prepare for CEH (Practical)
While we strongly recommend that candidates take the CEH and pass the CEH exam, there are no predefined eligibility criteria for those interested in attempting the CEH (Practical) exam.
Exam Proctoring:
We know that traveling to an exam center can be difficult for many. We are pleased to announce that you can take the CEH (Practical) exam from the comfort of your home, but you need to be prepared to be proctored by a dedicated EC-Council Proctor certification team under strict supervision.
The exam dashboard code is valid for 3 months from the date of receipt. Should you require the exam dashboard code validity to be extended, kindly contact practicals@eccouncil.org before the expiry date. Only valid/ active codes can be extended. The exam needs to be scheduled a min 3 days prior to the desired exam date. Exam slots are subject to availability.
Exam Validity
The trust that the industry places in our credentials is very important to us. We see it as our duty to ensure that the holders of this credential are proven hands-on, ethical hackers who are able to perform in the real world to solve real-world challenges. As such, the CEH (Master) is designed as a hands-on exam that will test the skills of the ethical hacker BEYOND just their knowledge. This exam is a proctored, practical exam that can last up to 6 hours.
We know that traveling to an exam center can be difficult for many. We are pleased to announce that you can take the CEH (Practical) exam from the comfort of your home, but you need to be prepared to be proctored by a dedicated EC-Council Proctor certification team under strict supervision.
Job Roles
-
- Cyber Security Forensic Analyst
- Cyber Security Analyst
- CND Security Specialist
- CND Fusion Analyst
- Cyberspace Network Defense (CND) Technician
- Cyber Red Team Operator
- Cyber Network Defense (CND) Analyst
- Cyber Security Forensic Analyst
- Computer Network Defense Intrusion Analyst
- Cyber Security Engineer
- Information Security Engineer
- CND Cyber Analyst
- Network Security Engineer
- Cyber Threat Analyst
- SOC Security Analyst
- Information Security Analyst
- IT Security Compliance Specialist
- Global Security Assurance Analyst
- Security Analyst Tier 3
- Security Operations Analyst
- Security Incident Response Analyst
- Penetration Tester
- Vulnerability Analyst
- Sr. Security Threat Analyst
- Tier 3 NSOC Analyst
- Security Information Assurance Analyst
- Technical Security Analyst
- Information Security Manager
- Risk and Remediation Manager
- Systems Administrator
- Cybersecurity Network Analyst
- Cyber Security Vulnerability Analyst
- Risk Assessment- Security Consultant
- Information Security Associate – Insider Threat Analyst
- Security Architect, Manager
- Application Security Analyst
- Cyber Security System Engineer
- Software Security Analyst
- Network Analyst
- Information System Security Officer
- SOC Security Analyst
- Cyber Security Engineer II
- Senior Cyber Security Monitoring Analyst
- Cyber Security Incident Response, Incident Analyst
- Cyber Security Incident Response Engineer
- L2 Security Analyst
- Senior Information Assurance/ Security Specialist
- Technical Operations Network Engineer
- IT Security Administrator