cloud EC-Council

CEH: Certified Ethical Hacker v12 Complete Guide

Master ethical hacking and penetration testing. Network attacks, web application security, malware analysis, social engineering, and hands-on hacking methodologies.

calendar_today December 29, 2025 schedule 19 min read person CertPractice Team

Certified Ethical Hacker Overview

The Certified Ethical Hacker (CEH) certification from EC-Council is the world's most recognized credential for offensive security professionals. CEH v12 (latest version) validates your ability to think like a malicious attacker while maintaining ethical standards and legal boundaries. This comprehensive certification covers 20 modules encompassing reconnaissance, scanning, exploitation, post-exploitation, and defensive countermeasures.

Unlike defensive security certifications like Security+ or CISSP that focus on building security controls, CEH trains you to actively test those controls by simulating real-world cyberattacks. You'll learn to identify vulnerabilities before malicious hackers do, using the same tools and techniques employed in actual breaches.

CEH certification is highly valued in penetration testing, red team operations, security consulting, and compliance roles. Many organizations specifically require CEH for penetration testing positions, and it's recognized by the U.S. Department of Defense (DoD 8140) for Information Assurance Technical (IAT) Level III positions.

CEH v12 updates include:

  • Enhanced cloud security testing (AWS, Azure, GCP)
  • Container security and Kubernetes penetration testing
  • IoT and OT (operational technology) hacking techniques
  • Advanced web application testing methodologies
  • Mobile platform security assessments
  • Cryptojacking and cryptomining attack vectors
  • Darknet marketplace investigations
lightbulb
Ideal Candidates
  • Penetration testers conducting authorized security assessments
  • Security analysts identifying and validating vulnerabilities
  • Network and systems administrators proactively securing infrastructure
  • IT auditors assessing security controls and compliance
  • Security consultants providing offensive security services
  • Red team operators simulating advanced persistent threats
  • Anyone pursuing offensive security careers in ethical hacking

Exam Format

schedule
Duration
4 hours
quiz
Questions
125 multiple choice
check_circle
Passing Score
Variable (scaled scoring)
payments
Exam Fee
$1,199 (includes training) or $550 (exam only)

Exam Versions

ANSI Version: Available worldwide Practical Version (CEH Practical): Optional hands-on exam demonstrating actual hacking skills

CEH v12 Modules

Module 01: Introduction to Ethical Hacking

  • Essential terminologies and concepts
  • Hacking phases (reconnaissance, scanning, gaining access, maintaining access, covering tracks)
  • Types of hackers (white hat, black hat, gray hat)
  • Cyber kill chain and security frameworks

Module 02: Footprinting and Reconnaissance

  • Passive vs active reconnaissance
  • Search engine techniques (Google dorking)
  • WHOIS and DNS enumeration
  • Social media reconnaissance
  • Website footprinting
  • Network footprinting

Module 03: Scanning Networks

  • Host discovery techniques
  • Port scanning with Nmap
  • OS fingerprinting
  • Vulnerability scanning
  • Network sniffing
  • Firewall and IDS evasion

Module 04: Enumeration

  • NetBIOS enumeration
  • SNMP enumeration
  • LDAP and DNS enumeration
  • SMB and NFS enumeration
  • Null session attacks

Module 05: Vulnerability Analysis

  • Vulnerability assessment methodologies
  • CVE and vulnerability databases
  • Scanning tools (Nessus, OpenVAS, Qualys)
  • Prioritizing vulnerabilities
  • Reporting findings

Module 06: System Hacking

  • Password cracking techniques
  • Privilege escalation methods
  • Maintaining access (backdoors, rootkits)
  • Covering tracks and clearing logs
  • Keyloggers and spyware

Module 07: Malware Threats

  • Malware types (viruses, worms, Trojans, ransomware)
  • Advanced persistent threats (APTs)
  • Malware analysis (static and dynamic)
  • Antivirus evasion techniques
  • Fileless malware

Module 08: Sniffing

  • Packet sniffing fundamentals
  • ARP poisoning and MAC flooding
  • DNS spoofing
  • Wireshark and tcpdump
  • Detecting sniffing attacks

Module 09: Social Engineering

  • Social engineering techniques
  • Phishing and spear phishing
  • Pretexting and baiting
  • Physical social engineering
  • Countermeasures and awareness training

Module 10: Denial of Service

  • DoS vs DDoS attacks
  • Volumetric, protocol, and application layer attacks
  • Botnets and DDoS tools
  • DDoS mitigation techniques

Module 11: Session Hijacking

  • Session hijacking techniques
  • Session tokens and cookies
  • Man-in-the-middle (MITM) attacks
  • SSL/TLS attacks
  • Countermeasures

Module 12: Evading IDS, Firewalls, and Honeypots

  • IDS/IPS evasion techniques
  • Firewall bypassing methods
  • Detecting honeypots and honeynets
  • Tunneling and covert channels

Module 13: Hacking Web Servers

  • Web server architecture
  • Web server attacks (directory traversal, server misconfiguration)
  • Web server hardening
  • Web shell deployment

Module 14: Hacking Web Applications

  • OWASP Top 10 vulnerabilities
  • SQL injection attacks
  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF)
  • Web application security testing

Module 15: SQL Injection

  • In-depth SQL injection techniques
  • Blind SQL injection
  • Database fingerprinting
  • SQLMap and automated tools
  • NoSQL injection

Module 16: Hacking Wireless Networks

  • Wireless encryption (WEP, WPA, WPA2, WPA3)
  • Wireless attacks (deauthentication, evil twin, rogue AP)
  • Cracking wireless passwords
  • Bluetooth and RFID attacks

Module 17: Hacking Mobile Platforms

  • Mobile platform vulnerabilities (Android, iOS)
  • Mobile malware and spyware
  • Mobile device management (MDM)
  • Mobile application security testing

Module 18: IoT and OT Hacking

  • IoT architecture and protocols
  • IoT vulnerabilities and attacks
  • Operational technology (OT) security
  • SCADA and industrial control systems

Module 19: Cloud Computing

  • Cloud deployment models and security
  • Cloud-specific attacks
  • Container security (Docker, Kubernetes)
  • Cloud security tools and best practices

Module 20: Cryptography

  • Encryption algorithms (symmetric, asymmetric)
  • Hashing and digital signatures
  • PKI and certificate management
  • Cryptographic attacks
  • Cryptanalysis techniques

Study Resources

Official EC-Council Resources

  • 📘 CEH v12 Official Courseware - Comprehensive official materials
  • link
    EC-Council iLabs - Hands-on virtual labs
    open_in_new
  • school
    Official CEH Training - Instructor-led courses
    open_in_new
  • 📘 Matt Walker's CEH All-in-One Exam Guide - Comprehensive study guide
  • school
    INE CEH Course - Video training with labs
    open_in_new
  • school
    Cybrary CEH Course - Free alternative
    open_in_new

Hands-On Practice

  • 🔬 HackTheBox - Practical hacking labs
  • 🔬 TryHackMe - Guided penetration testing labs
  • 🔬 VulnHub - Vulnerable VMs for practice
  • 🔬 Kali Linux - Essential penetration testing distribution

Practice Exams

  • quiz
    Boson CEH Practice Exams - Realistic practice questions
    open_in_new
  • 📝 uCertify CEH Practice Tests - Included with some training packages

Study Strategy

Phase 1: Fundamentals (Weeks 1-4)

  • Complete modules 1-5 (introduction through vulnerability analysis)
  • Set up Kali Linux virtual lab
  • Practice footprinting and scanning techniques
  • Learn Nmap and basic reconnaissance tools

Phase 2: Attack Techniques (Weeks 5-8)

  • Study modules 6-12 (system hacking through session hijacking)
  • Practice password cracking and privilege escalation
  • Experiment with malware analysis tools
  • Learn social engineering principles

Phase 3: Web and Wireless (Weeks 9-12)

  • Master modules 13-16 (web servers, web apps, SQL injection, wireless)
  • Practice with OWASP WebGoat and DVWA
  • Learn SQLMap and Burp Suite
  • Crack wireless networks in lab environment

Phase 4: Specialized Topics (Weeks 13-15)

  • Complete modules 17-20 (mobile, IoT, cloud, cryptography)
  • Practice with mobile app security testing
  • Explore container security
  • Understand cryptographic implementations

Phase 5: Practice and Review (Week 16)

  • Take full-length practice exams
  • Review weak areas
  • Practice with HackTheBox and TryHackMe
  • Memorize key tools and techniques

Essential Tools to Master

Reconnaissance: Nmap, Recon-ng, theHarvester, Maltego Scanning: Nessus, OpenVAS, Nikto Exploitation: Metasploit, SQLMap, Burp Suite Sniffing: Wireshark, tcpdump, Ettercap Password Cracking: John the Ripper, Hashcat, Hydra Wireless: Aircrack-ng, Kismet, Wifite Web: OWASP ZAP, Burp Suite, Nikto

Practice Questions

FAQ

quizFrequently Asked Questions
Q
Do I need hacking experience before CEH?

No, but basic networking and operating system knowledge is recommended. CEH teaches from fundamentals to advanced.

Q
Is CEH practical or theoretical?

CEH exam is multiple choice, but covers practical tools and techniques. CEH Practical is a separate hands-on exam.

Q
CEH vs OSCP - which is better?

CEH is broader and more foundational. OSCP is purely practical and more challenging. Many get CEH first, then OSCP.

Q
Do I need to take official training?

You can self-study and purchase exam voucher separately ($550), or take official training ($1,199 includes exam).

Q
Is CEH recognized by employers?

Yes, CEH is one of the most recognized ethical hacking certifications, often required for penetration testing roles.

Q
How long to prepare?

With networking background: 2-3 months. Complete beginners: 4-6 months with consistent hands-on practice.

Q
What after CEH?

Consider: CEH Practical (hands-on), OSCP (advanced), or specialize in web (GWAPT) or wireless (OSWP).

group

CertPractice Team

Expert certification guides and study tips

Ready to Get EC-Council Certified?

Start practicing with our CEH question bank. Get instant feedback and track your progress.