Certified Ethical Hacking
What You Will Learn
C|EH is divided into 20 modules and delivered through a carefully curated training plan. As you progress through your training, each module offers extensive hands-on lab components that allow you to practice the techniques and procedures taught in the program in real-time on live machines.
Ethical Hacking Labs
With over 220 hands-on labs, conducted in our cyber range environment, you will have the opportunity to practice every learning objective in the course on live machines and vulnerable targets. Pre-loaded with over 3,500 hacking tools and a variety of operating systems, you will gain unprecedented exposure to and hands-on experience with the most common security tools, latest vulnerabilities, and widely used operating systems on the market. Our range is web accessible, allowing you to study and practice from anywhere with a connection.
How You Will Engage
The C|EH v12 program helps you develop real-world experience in ethical hacking through the hands-on C|EH practice environment. C|EH Engage equips you with the skills to prove that you have what it takes to be a great ethical hacker.
Your security assessment objectives will be presented as a series of flags (questions you must answer in the Cyber Range by performing ethical hacking activities on the target organization).
New to C|EH v12, students will embark on their first emulated ethical hacking engagement. This 4-phase engagement requires students to think critically and test the knowledge and skills gained by capturing a series of flags in each phase, demonstrating the live application of skills and abilities in a consequence-free environment through EC-Council’s new Cyber Range.
As you complete your training and hands-on labs, C|EH Engage lets you apply everything you have learned in a mock ethical hacking engagement. This 4-part security engagement gives you a real ethical hacking engagement experience from start to finish against an emulated organization. Using our capture-the-flag-style range, you will complete your engagement by answering “flag” questions as you progress.
Where You Will Compete
The C|EH Global Challenges occur every month, providing capture-the-flag style competitions that expose students to various new technologies and platforms, from web applications, OT, IoT, SCADA, and ICS systems to cloud and hybrid environments. Our Compete structure lets ethical hackers fight their way to the top of the leader board each month in these 4-hour curated CTFs. Objective-based flags are designed around the ethical hacking process, keeping skills current, testing critical thinking abilities, and covering the latest vulnerabilities and exploits as they are discovered. Hosted 100% online in SB Computer’s Cyber Range, candidates race the clock in scenario-based engagements against fully developed network and application environments with real operating systems, real networks, tools, and vulnerabilities to practice, engage, compete, build, and hone their cyber skills against various new target organizations.
New Challenges Every Month
- OWASP Top 10 Web Application Threat Vectors
- Ransomware/Malware Analysis
- System Hacking and Privilege Escalation
- Web Application Hacking and Pen Testing
- Cloud Attack/Hacking
- Social Engineering/Phishing attacks
- IoT Attack/Hacking
- Wi-Fi Network Attack/Hacking
- DOS/DDoS Attack
- Mobile Attack/Hacking
- Supply Chain Cyber Attacks
Module 01: Introduction to Ethical Hacking
Cover the fundamentals of key issues in the information security world, including the basics of ethical hacking, information security controls, relevant laws, and standard procedures.Key topics covered: Elements of Information Security, Cyber Kill Chain Methodology, MITRE ATT&CK Framework, Hacker Classes, Ethical Hacking, Information Assurance (IA), Risk Management, Incident Management, PCI DSS, HIPPA, SOX, GDPR
Module 02: Foot Printing and Reconnaissance
Learn how to use the latest techniques and tools to perform foot printing and reconnaissance, a critical pre-attack phase of the ethical hacking process.
Hands-on Lab Exercises: Over 30 hands-on exercises with real-life simulated targets to build skills on how to:
- Perform footprinting on the target network using search engines, web services, and social networking sites
- Perform website, email, whois, DNS, and network footprinting on the target network
Key topics covered: Footprinting, Advanced Google Hacking Techniques, Deep and Dark Web Footprinting, Competitive Intelligence Gathering, Website Footprinting, Website Mirroring, Email Footprinting, Whois Lookup, DNS Footprinting, Traceroute Analysis, Footprinting Tools
Module 03: Scanning Networks
Cover the fundamentals of key issues in the information security world, including the basics of ethical hacking, information security controls, relevant laws, and standard procedures.
Hands-on Lab Exercises: Over 10 hands-on exercises with real-life simulated targets to build skills on how to:
- Perform host, port, service, and OS discovery on the target network
- Perform scanning on the target network beyond IDS and Firewall
Key topics covered:
Network Scanning, Host Discovery Techniques, Port Scanning Techniques, Service Version Discovery, OS Discovery, Banner Grabbing, OS Fingerprinting, Packet Fragmentation, Source Routing, IP Address Spoofing, Scanning Tools
Module 04: Enumeration
Learn various enumeration techniques, such as Border Gateway Protocol (BGP) and Network File Sharing (NFS) exploits, and associated countermeasures.
Hands-on Lab Exercises: Over 20 hands-on exercises with real-life simulated targets to build skills on how to:
- Perform NetBIOS, SNMP, LDAP, NFS, DNS, SMTP, RPC, SMB, and FTP Enumeration
Key topics covered:
Enumeration, NetBIOS Enumeration, SNMP Enumeration, LDAP Enumeration, NTP Enumeration, NFS Enumeration, SMTP Enumeration, DNS Cache Snooping, DNSSEC Zone Walking, IPsec Enumeration, VoIP Enumeration, RPC Enumeration, Unix/Linux User Enumeration, Enumeration Tools
Module 05: Vulnerability Analysis
Learn how to identify security loopholes in a target organization’s network, communication infrastructure, and end systems Hands-on Lab Exercises: Over 5 hands-on exercises with real-life simulated targets to build skills on how to:
- Perform Vulnerability Research using Vulnerability Scoring Systems and Databases
- Perform Vulnerability Assessment using Various Vulnerability Assessment Tools
Key topics covered: Vulnerability, Vulnerability Research, Vulnerability Assessment, Vulnerability-Management Life Cycle, Vulnerability Classification, Vulnerability-Management Life Cycle, Vulnerability Assessment Tools, Vulnerability Assessment Reports
Module 06: System Hacking
Learn about the various system hacking methodologies—including steganography, steganalysis attacks, and covering tracks—used to discover system and network vulnerabilities. Hands-on Lab Exercises: Over 25 hands-on exercises with real-life simulated targets to build skills on how to li>Perform an Active Online Attack to Crack the System’s Password
- Perform Buffer Overflow Attack to Gain Access to a Remote System
- Escalate Privileges using Privilege Escalation Tools
- Escalate Privileges in Linux Machine
- Hide Data using Steganography
- Clear Windows and Linux Machine Logs using Various Utilities
- Hiding Artifacts in Windows and Linux Machines
Key topics covered: Password Cracking, Password Attacks, Wire Sniffing, Password-Cracking Tools, Vulnerability Exploitation, Buffer Overflow, Privilege Escalation, Privilege Escalation Tools, Keylogger, Spyware, Anti-Keyloggers, Anti-Spyware, Rootkits, Anti-Rootkits, Steganography, Steganography Tools, Steganalysis, Steganography Detection Tools, Maintaining Persistence, Post Exploitation, Clearing Logs, Covering Tracks, Track-Covering Tools
Module 07: Malware Threats
Get an introduction to the different types of malware, such as Trojans, viruses, and worms, as well as system auditing for malware attacks, malware analysis, and countermeasures. Hands-on Lab Exercises: Over 20 hands-on exercises with real-life simulated targets to build skills on how to:
- Gain Control over a Victim Machine using Trojan
- Infect the Target System using a Virus
- Perform Static and Dynamic Malware Analysis
Key topics covered: Malware, Components of Malware, APT, Trojan, Types of Trojans, Exploit Kits, Virus, Virus Lifecycle, Types of Viruses, Ransomware, Computer Worms, Fileless Malware, Malware Analysis, Static Malware Analysis, Dynamic Malware Analysis, Virus Detection Methods, Trojan Analysis, Virus Analysis, Fileless Malware Analysis, Anti-Trojan Software, Antivirus Software, Fileless Malware Detection Tools
Module 08: Sniffing
Learn about packet-sniffing techniques and how to use them to discover network vulnerabilities, as well as countermeasures to defend against sniffing attacks. Hands-on Lab Exercises: Over 10 hands-on exercises with real-life simulated targets to build skills on how to:
- Perform MAC Flooding, ARP Poisoning, MITM and DHCP Starvation Attack
- Spoof a MAC Address of Linux Machine
- Perform Network Sniffing using Various Sniffing Tools
- Detect ARP Poisoning in a Switch-Based Network
Key topics covered: Network Sniffing, Wiretapping, MAC Flooding, DHCP Starvation Attack, ARP Spoofing Attack, ARP Poisoning, ARP Poisoning Tools, MAC Spoofing, STP Attack, DNS Poisoning, DNS Poisoning Tools, Sniffing Tools, Sniffer Detection Techniques, Promiscuous Detection Tools.
Module 09: Social Engineering
Learn social engineering concepts and techniques, including how to identify theft attempts, audit human-level vulnerabilities, and suggest social engineering countermeasures. Hands-on Lab Exercises: Over 4 hands-on exercises with real-life simulated targets to build skills on how to:
- Perform Social Engineering using Various Techniques
- Spoof a MAC Address of Linux Machine
- Detect a Phishing Attack
- Audit Organization’s Security for Phishing Attacks
Key topics covered: Social Engineering, Types of Social Engineering, Phishing, Phishing Tools, Insider Threats/Insider Attacks, Identity Theft
Module 10: Denial-of-Service
Learn about different Denial of Service (DoS) and Distributed DoS (DDoS) attack techniques, as well as the tools used to audit a target and devise DoS and DDoS countermeasures and protections. Hands-on Lab Exercises: Over 5 hands-on exercises with real-life simulated targets to build skills on how to:
- Perform a DoS and DDoS attack on a Target Host
- Detect and Protect Against DoS and DDoS Attacks
Key topics covered: DoS Attack, DDoS Attack, Botnets, DoS/DDoS Attack Techniques, DoS/DDoS Attack Tools, DoS/DDoS Attack Detection Techniques, DoS/DDoS Protection Tools
Module 11: Session Hijacking
Understand the various session hijacking techniques used to discover network-level session management, authentication, authorization, and cryptographic weaknesses and associated countermeasures. Hands-on Lab Exercises: Over 4 hands-on exercises with real-life simulated targets to build skills on how to:
- Perform Session Hijacking using various Tools
- Detect Session Hijacking
Key topics covered: Session Hijacking, Types of Session Hijacking, Spoofing, Application-Level Session Hijacking, Man-in-the-Browser Attack, Client-side Attacks, Session Replay Attacks, Session Fixation Attack, CRIME Attack, Network Level Session Hijacking, TCP/IP Hijacking, Session Hijacking Tools, Session Hijacking Detection Methods, Session Hijacking Prevention Tools
Module 12: Evading IDS, Firewalls, and Honeypots
Get introduced to firewall, intrusion detection system, and honeypot evasion techniques; the tools used to audit a network perimeter for weaknesses; and countermeasures. Hands-on Lab Exercises: Over 7 hands-on exercises with real-life simulated targets to build skills on how to:
- Bypass Windows Firewall
- Bypass Firewall Rules using Tunneling
- Bypass Antivirus
Key topics covered: Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Firewall, Types of Firewalls, Honeypot, Intrusion Detection Tools, Intrusion Prevention Tools, IDS Evasion Techniques, Firewall Evasion Techniques, Evading NAC and Endpoint Security, IDS/Firewall Evading Tools, Honeypot Detection Tools
Module 13: Hacking Web Servers
Learn about web server attacks, including a comprehensive attack methodology used to audit vulnerabilities in web server infrastructures and countermeasures. Hands-on Lab Exercises: Over 8 hands-on exercises with real-life simulated targets to build skills on how to:
- Perform Web Server Reconnaissance using Various Tools
- Enumerate Web Server Information
- Crack FTP Credentials using a Dictionary Attack
Key topics covered: Web Server Operations, Web Server Attacks, DNS Server Hijacking, Website Defacement, Web Cache Poisoning Attack, Web Server Attack Methodology, Web Server Attack Tools, Web Server Security Tools, Patch Management, Patch Management Tools.
Module 14: Hacking Web Applications
Learn about web application attacks, including a comprehensive web application hacking methodology used to audit vulnerabilities in web applications and countermeasures. Hands-on Lab Exercises: Over 15 hands-on exercises with real-life simulated targets to build skills on how to: Perform Web Application Reconnaissance using Various Tools Perform Web Spidering Perform Web Application Vulnerability Scanning Perform a Brute-force Attack Perform Cross-site Request Forgery (CSRF) Attack Identify XSS Vulnerabilities in Web Applications Detect Web Application Vulnerabilities using Various Web Application Security Tools Key Topics Covered: Web Application Architecture, Web Application Threats, OWASP Top 10 Application Security Risks, Web Application Hacking Methodology, Web API, Webhooks, and Web Shell, Web API Hacking Methodology, Web Application Security.
Module 15: SQL Injection
Learn about SQL injection attack techniques, injection detection tools, and countermeasures to detect and defend against SQL injection attempts. Hands-on Lab Exercises: Over 4 hands-on exercises with real-life simulated targets to build skills on how to:
- Perform an SQL Injection Attack Against MSSQL to Extract Databases
- Detect SQL Injection Vulnerabilities using Various SQL Injection Detection Tools
Key topics covered: SQL Injection, Types of SQL injection, Blind SQL Injection, SQL Injection Methodology, SQL Injection Tools, Signature Evasion Techniques, SQL Injection Detection Tools
Module 16: Hacking Wireless Networks
Learn about wireless encryption, wireless hacking methodologies and tools, and Wi-Fi security tools. Hands-on Lab Exercises: Over 3 hands-on exercises with real-life simulated targets to build skills on how to:
- Footprint a Wireless Network
- Perform Wireless Traffic Analysis
- Crack a WEP, WPA, and WPA2 Networks
- Create a Rogue Access Point to Capture Data Packets
Key topics covered: Wireless Terminology, Wireless Networks, Wireless Encryption, Wireless Threats, Wireless Hacking Methodology, Wi-Fi Encryption Cracking, WEP/WPA/WPA2 Cracking Tools, Bluetooth Hacking, Bluetooth Threats, Wi-Fi Security Auditing Tools, Bluetooth Security Tools
Module 17: Hacking Mobile Platforms
Learn about mobile platform attack vectors, Android vulnerability exploits, and mobile security guidelines and tools. Hands-on Lab Exercises: Over 5 hands-on exercises with real-life simulated targets to build skills on how to:
- Hack an Android Device by Creating Binary Payloads
- Exploit the Android Platform through ADB
- Hack an Android Device by Creating APK File
- Secure Android Devices using Various Android Security Tools
Key topics covered: Mobile Platform Attack Vectors, OWASP Top 10 Mobile Risks, App Sandboxing, SMS Phishing Attack (SMiShing), Android Rooting, Hacking Android Devices, Android Security Tools, Jailbreaking iOS, Hacking iOS Devices, iOS Device Security Tools, Mobile Device Management (MDM), OWASP Top 10 Mobile Controls, Mobile Security Tools
Module 18: IoT and OT Hacking
Learn about packet-sniffing techniques and how to use them to discover network vulnerabilities, as well as countermeasures to defend against sniffing attacks Hands-on Lab Exercises: Over 2 hands-on exercises with real-life simulated targets to build skills on how to:
- Gather Information using Online Footprinting Tools
- Capture and Analyze IoT Device Traffic
Key topics covered: IoT Architecture, IoT Communication Models, OWASP Top 10 IoT Threats, IoT Vulnerabilities, IoT Hacking Methodology, IoT Hacking Tools, IoT Security Tools, IT/OT Convergence (IIOT), ICS/SCADA, OT Vulnerabilities, OT Attacks, OT Hacking Methodology, OT Hacking Tools, OT Security Tools.
Module 19: Cloud Computing
Learn different cloud computing concepts, such as container technologies and server less computing, various cloud-based threats and attacks, and cloud security techniques and tools. Hands-on Lab Exercises: Over 5 hands-on exercises with real-life simulated targets to build skills on how to:
- Perform S3 Bucket Enumeration using Various S3 Bucket Enumeration Tools
- Exploit Open S3 Buckets
- Escalate IAM User Privileges by Exploiting Misconfigured User Policy
Key topics covered: </strong Cloud Computing, Types of Cloud Computing Services, Cloud Deployment Models, Fog and Edge Computing, Cloud Service Providers, Container, Docker, Kubernetes, Serverless Computing, OWASP Top 10 Cloud Security Risks, Container and Kubernetes Vulnerabilities, Cloud Attacks, Cloud Hacking, Cloud Network Security, Cloud Security Controls, Cloud Security Tools
Module 20: Cryptography
In the final module, learn about cryptography and ciphers, public-key infrastructure, cryptography attacks, and cryptanalysis tools. Hands-on Lab Exercises: Over 10 hands-on exercises with real-life simulated targets to build skills on how to:
- Calculate MD5 Hashes
- Perform File and Text Message Encryption
- Create and Use Self-signed Certificates
- Perform Email and Disk Encryption
- Perform Cryptanalysis using Various Cryptanalysis Tools
Key topics covered: Cryptography, Encryption Algorithms, MD5 and MD6 Hash Calculators, Cryptography Tools, Public Key Infrastructure (PKI), Email Encryption, Disk Encryption, Cryptanalysis, Cryptography Attacks, Key Stretching
Who Is It For?
Target Audience
- Information Security Analyst / Administrator
- Information Assurance (IA) Security Officer
- Information Security Manager / Specialist
- Information Systems Security Engineer / Manager
- Information Security Professionals / Officers
- Information Security / IT Auditors
- Risk / Threat / Vulnerability Analyst
- System Administrators
- Network Administrators and Engineers
The Certified Ethical Hacker (CEH) is the most trusted ethical hacking certification that employers worldwide value.
The comprehensive curriculum covers the fundamentals of ethical hacking, footprinting and reconnaissance, scanning, enumeration, vulnerability threats, social engineering, SQL injection, and much more.
When you successfully achieve the CEH certification, you will be equipped with every skill you need to uncover vulnerabilities and secure the systems, networks, applications, databases, and critical data from malicious hackers.
Build Your Career with the Most in-Demand Ethical Hacking Certification Program Certified Ethical Hacker (CEH)
How C|EH v12 Empowers You
Unique Learn, Certify, Engage and Compete Methodology for Aspiring Cyber Professionals
Learn Ethical Hacking in a Structured Setting Across 20 Domains
Learn Commercial-Grade Hacking Tools and Techniques
Engage: “Ethically Hack” a Real Organization With C|EH® Elite to Get Experience – You will provide with our customer’s real projects
Gain Experience With over 500 Unique Attack Techniques
Attain the Most Recognized Credential in the Ethical Hacking Industry :C|EH®
Build Skills With over 220 Challenge-Based, Hands-on Labs with CyberQ™ Labs
Compete With Hackers Around the World as Part of the C|EH ® Elite Program