Ultimate CEH Certified Ethical Hacker Cert Guide
Comprehensive CEH training with hands-on labs, practice tests, and full coverage of CEH exam domains to prepare you for certification and practical skills.
Comprehensive CEH training with hands-on labs, practice tests, and full coverage of CEH exam domains to prepare you for certification and practical skills.
A complete, hands-on CEH training and exam-prep course that teaches commercial-grade hacking tools, methodologies, and countermeasures. Covers reconnaissance, scanning, system & web app hacking, wireless, IoT, cloud and cryptography, plus lab exercises and practice exams to prepare you for the CEH certification (v12/v13) and CEH Practical.
- An Introduction to Ethical Hacking
- Security Fundamentals
- Goals of Security
- Confidentiality
- Integrity
- Availability
- Risk, Assets, Threats, and Vulnerabilities
- Risk
- Asset
- Threat
- Vulnerability
- Backing Up Data to Reduce Risk
- Defining an Exploit
- Risk Assessment
- Security Testing
- No-Knowledge Tests (Black Box)
- Full-Knowledge Testing (White Box)
- Partial-Knowledge Testing (Gray Box)
- Partial-Knowledge Testing (Gray Box)
- Types of Security Tests
- Incident Response
- Hacking Methodologies and Frameworks
- Hacking Concepts: Hacker and Cracker Descriptions
- Who Attackers Are
- Ethical Hacking Concepts: Ethical Hackers
- Required Skills of an Ethical Hacker
- Modes of Ethical Hacking
- Ethical Hacking Limitations
- Test Plans—Keeping It Legal
- Test Phases
- Establishing Goals
- Getting Approval
- Ethical Hacking Report
- Vulnerability Research and Bug Bounties—Keeping Up with Changes
- Ethics and Legality
- Overview of U.S. Federal Laws
- The Evolution of Hacking Laws
- Compliance Regulations
- Payment Card Industry Data Security Standard (PCI-DSS)
- Summary
- Mini-Project: Planning Your First Ethical Hack
- Lesson 1 CEH: Quiz
0:20:0- Introduction
- The Hacking Process
- Performing Reconnaissance and Footprinting
- Scanning and Enumeration
- Gaining Access
- Escalating Privilege
- Maintaining Access
- Covering Tracks and Planting Backdoors
- The Ethical Hacker’s Process
- NIST SP 800-115
- Operationally Critical Threat, Asset, and Vulnerability Evaluation
- Open Source Security Testing Methodology Manual
- Information System Security Assessment Framework
- Penetration Testing Execution Standard
- MITRE ATT&CK Framework
- Information Security Systems and the Stack
- The OSI Model
- Anatomy of TCP/IP Protocols
- The Application Layer
- The Transport Layer
- Transmission Control Protocol
- User Datagram Protocol
- The Internet Layer
- Source Routing: The Hacker’s Friend
- Traceroute
- The Network Access Layer
- Summary
- Mini-Project: Planning an Ethical Hacking Engagement
- Lesson 2 CEH: Quiz
0:20:0- Introduction
- Footprinting
- Footprinting and Reconnaissance Methodology
- Documentation
- Footprinting Through Search Engines
- Footprinting Through Social Networking Sites
- The Dangers of Social Networks
- Footprinting Through Web Services and Websites
- Email Footprinting
- Whois Footprinting
- DNS Footprinting
- Network Footprinting
- Subnetting’s Role in Mapping Networks
- Traceroute
- Footprinting Through Social Engineering
- Footprinting Countermeasures
- Scanning
- Host Discovery
- Port and Service Discovery
- Nmap
- SuperScan
- THC-Amap
- Hping
- Port Knocking
- OS Discovery (Banner Grabbing/OS Fingerprinting) and Scanning Beyond IDS and Firewall
- Active Fingerprinting Tools
- Fingerprinting Services
- Default Ports and Services
- Finding Open Services
- Network Scanning Countermeasures
- Network Scanning Countermeasure Techniques
- Summary
- Mini-Project: Reconnaissance Plan for a Target Company
- Lesson 3 CEH: Quiz
0:20:0- Introduction
- Enumeration
- Windows Enumeration
- Windows Security
- NetBIOS and LDAP Enumeration
- NetBIOS Enumeration Tools
- SNMP Enumeration
- Linux/UNIX Enumeration
- NTP Enumeration
- SMTP Enumeration
- Other Enumeration Techniques
- DNS Enumeration
- Enumeration Countermeasures
- System Hacking Phases and Attack Techniques
- Password Cracking
- Nontechnical Password Attacks
- Technical Password Attacks
- Password Guessing
- Automated Password Guessing
- Password Sniffing
- Keylogging
- Escalating Privilege and Exploiting Vulnerabilities
- Exploiting an Application
- Exploiting a Buffer Overflow
- Owning the Box
- Windows Authentication Types
- Cracking Windows Passwords
- Linux Authentication and Passwords
- Cracking Linux Passwords
- Hiding Files and Covering Tracks
- Rootkits
- Hackers Are Not the Only Ones to Use Rootkits
- File Hiding
- Establishing Persistence
- Summary
- Mini-Project: Planning an Attack Chain
- Lesson 4 CEH: Quiz
0:20:0- Introduction
- Social Engineering
- Phishing
- Pharming
- Spear Phishing
- Voice Phishing
- Whaling
- Elicitation, Interrogation, and Impersonation (Pretexting)
- Social Engineering Motivation Techniques
- Shoulder Surfing and USB Baiting
- Malware Threats
- Viruses and Worms
- Types and Transmission Methods of Viruses and Malware
- Virus Payloads
- History of Viruses
- Well-Known Viruses and Worms
- Virus Creation Tools
- Trojans
- Trojan Types
- Trojan Ports and Communication Methods
- Trojan Goals
- Trojan Infection Mechanisms
- Effects of Trojans
- Trojan Tools
- Distributing Trojans
- Wrappers
- Packers
- Droppers
- Crypters
- Ransomware
- Covert Communications
- Tunneling via the Transport Layer
- Tunneling via the Application Layer
- Port Redirection
- Keystroke Logging and Spyware
- Hardware Keyloggers
- Software Keyloggers
- Spyware
- Malware Countermeasures
- Detecting Malware
- Antivirus
- Analyzing Malware
- Static Analysis
- Dynamic Analysis
- Vulnerability Analysis
- Tree-Based vs. Inference-Based Assessments
- Vulnerability Scoring Systems
- Vulnerability Scanning Tools
- Use of Artificial Intelligence (AI)
- Summary
- Mini-Project: Identifying Threats and Analysis Techniques
- Lesson 5 CEH: Quiz
0:20:0- Introduction
- Sniffers
- Passive Sniffing
- Active Sniffing
- Address Resolution Protocol
- ARP Poisoning and MAC Flooding
- Tools for Sniffing and Packet Capturing
- Wireshark
- Other Sniffing Tools
- Sniffing and Spoofing Countermeasures
- Session Hijacking
- Transport Layer Hijacking
- Identify and Find an Active Session
- Take One of the Parties Offline
- Take Control of the Session
- Application Layer Hijacking
- Session Sniffing
- Predictable Session Token ID
- On-Path Attacks
- Client-Side Attacks
- Browser-Based On-Path Attacks
- Session Replay Attacks
- Session Fixation Attacks
- Session Hijacking Tools
- Preventing Session Hijacking
- Denial of Service (DoS) and Distributed Denial of Service (DDoS)
- DoS/DDoS Attack Techniques
- Volumetric Attacks
- SYN Flood Attacks
- ICMP Attacks
- Peer-to-Peer Attacks
- Application-Level Attacks
- Permanent DoS Attacks
- Distributed Denial of Service
- DDoS Tools
- DoS and DDoS Countermeasures
- DoS/DDoS Protection Tools
- Summary
- Mini-Project: Identifying Network and Session Attacks
- Lesson 6 CEH: Quiz
0:20:0- Introduction
- Web Server Hacking
- The HTTP Protocol
- Scanning Web Servers
- Banner Grabbing and Enumeration
- Web Server Vulnerability Identification
- Web Server Attack Methodology
- DoS/DDoS Attacks
- DNS Server Hijacking and DNS Amplification Attacks
- Directory Traversal
- On-Path Attacks
- Website Defacement
- Web Server Misconfiguration
- HTTP Response Splitting
- Understanding Cookie Manipulation Attacks
- Web Server Password Cracking
- Web Server–Specific Vulnerabilities
- Comments in Source Code
- Lack of Error Handling and Overly Verbose Error Handling
- Hard-Coded Credentials
- Race Conditions
- Unprotected APIs
- Hidden Elements
- Lack of Code Signing
- Automated Exploit Tools
- Web Server Attack Countermeasures
- Harden Before Deploying
- Patch Management
- Disable Unneeded Services and Close All Unused Ports
- Lock Down the File System
- Log and Audit
- Provide Ongoing Vulnerability Scans
- Web Application Hacking
- Unvalidated Input
- Parameter/Form Tampering
- Injection Flaws
- Cross-Site Scripting (XSS) Vulnerabilities
- Reflected XSS Attacks
- Stored XSS Attacks
- DOM-Based XSS Attacks
- XSS Evasion Techniques
- XSS Mitigations
- Understanding Cross-Site Request Forgery Vulnerabilities and Related Attacks
- Other Web Application Attacks
- Exploiting Web-Based Cryptographic Vulnerabilities and Insecure Configurations
- Web-Based Password Cracking and Authentication Attacks
- Understanding What Cookies Are and Their Use
- URL Obfuscation
- Intercepting Web Traffic
- Securing Web Applications
- Lack of Code Signing
- Database Hacking
- A Brief Introduction to SQL and SQL Injection
- SQL Injection Categories
- Fingerprinting the Database
- Surveying the UNION Exploitation Technique
- Using Boolean in SQL Injection Attacks
- Understanding Out-of-Band Exploitation
- Exploring the Time-Delay SQL Injection Technique
- Surveying Stored Procedure SQL Injection
- Understanding SQL Injection Countermeasures
- SQL Injection Hacking Tools
- Summary
- Mini-Project: Analyzing Web Infrastructure Vulnerabilities
- Lesson 7 CEH: Quiz
0:20:0- Introduction
- Wireless and Mobile Device Technologies
- Mobile Device Concerns
- Mobile Device Platforms
- Android
- IOS
- Windows Mobile Operating System
- BlackBerry
- Mobile Device Management and Protection
- Bluetooth
- Radio Frequency Identification (RFID) Attacks
- Wi-Fi
- Wireless LAN Basics
- Wireless LAN Frequencies and Signaling
- Wireless LAN Security
- Installing Rogue Access Points
- Evil Twin Attacks
- Attacking the Preferred Network Lists
- Jamming Wireless Signals and Causing Interference
- War Driving
- Attacking WEP
- Attacking WPA
- Wireless Networks Configured with Open Authentication
- KRACK Attacks
- Attacks Against WPA3
- Attacking Wi-Fi Protected Setup (WPS)
- KARMA Attack
- Fragmentation Attacks
- Additional Wireless Hacking Tools
- Crack and Compromise the Wi-Fi Network
- Wireless Attack Countermeasures
- Site Survey
- Misuse Detection
- Summary
- Mini-Project: Identifying Wireless Attacks
- Lesson 8 CEH: Quiz
0:20:0- Introduction
- Intrusion Detection and Prevention Systems
- IDS Types and Components
- Pattern Matching
- Protocol Analysis
- Heuristic-Based Analysis
- Anomaly-Based Analysis
- Global Threat Correlation Capabilities
- Snort
- IDS Evasion Techniques
- Other IDS Evasion Techniques
- IDS Evasion Tools
- Firewalls
- Firewall Types
- Network Address Translation
- Packet Filters
- Application and Circuit-Level Gateways
- Stateful Inspection
- Identifying Firewalls
- Bypassing Firewalls
- Evading NAC and Endpoint Security
- Mitigation for NAC Evasion
- IDS and Firewall Evasion Countermeasures
- Honeypots
- Types of Honeypots
- Detecting Honeypots
- Summary
- Mini-Project: Planning Defense Evasion Tactics
- Lesson 9 CEH: Quiz
0:20:0Basic computer and networking knowledge (TCP/IP, OS fundamentals).
Recommended: 1–2 years IT or security experience if you plan to sit the CEH exam without attending official training. (Attending official training often waives the work-experience requirement.)
A laptop capable of running virtual machines (8 GB+ RAM recommended, SSD preferred).
Willingness to practice in lab environments and follow ethical & legal rules (CEH code of ethics).
Think like a hacker — perform structured reconnaissance and footprinting to discover attack surfaces.
Perform scanning & enumeration using tools like Nmap, Nessus, and others to identify vulnerabilities.
Exploit and secure systems and applications — understand system hacking, web app attacks, and countermeasures to harden infrastructure.
Run hands-on penetration tests in lab environments (network, web, wireless, mobile/IoT).
Pass CEH certification — be prepared for the CEH multiple-choice exam and understand next steps for CEH Practical or other advanced certs.
Buy Now
Last Updated
Nov 14, 2025
Students
99+
language
English
Duration
10h++Level
beginner
Expiry period
Lifetime
Certificate
Yes
bigoss
English
Certificate Course
99+ Students
10h++
32 Courses
0 Review