Certified Ethical Hacker (CEH v12)


This course includes
Hands-On Labs

Prepare for the Certified Ethical Hacker (CEH) certification with the course Certified Ethical Hacker (CEH v12). Gain in-demand skills in security testing, ethical hacking, and vulnerability identification. Interactive lessons, quizzes, and hands-on labs provide a practical learning experience on ethical hacking. This course primarily focuses on ethics, which ensures responsible and professional practices. This course covers concepts through the use of tools, such as Kali Linux.

Here's what you will get

The Certified Ethical Hacker exam is to validate that those holding the certification understand the broad range of subject matter that is required for someone to be an effective ethical hacker. It is a certification that recognizes the importance of identifying security issues to get them remediated. It validates a candidate's knowledge of footprinting and reconnaissance, scanning networks, enumeration, vulnerability analysis, system hacking, malware threats, cryptography, cloud computing, and so on.


16+ Lessons | 588+ Exercises | 225+ Quizzes | 300+ Flashcards | 151+ Glossary of terms


125+ Pre Assessment Questions | 2+ Full Length Tests | 125+ Post Assessment Questions | 250+ Practice Test Questions

Hands-On Labs

47+ LiveLab | 46+ Video tutorials | 01:38+ Hours

Here's what you will learn

Download Course Outline

Lessons 1: Introduction

  • What Is a CEH?
  • About EC‐Council
  • Using This Course
  • Objective Map
  • Let's Get Started!

Lessons 2: Ethical Hacking

  • Overview of Ethics
  • Overview of Ethical Hacking
  • Attack Modeling
  • Methodology of Ethical Hacking
  • Summary

Lessons 3: Networking Foundations

  • Communications Models
  • Topologies
  • Physical Networking
  • IP
  • TCP
  • UDP
  • Internet Control Message Protocol
  • Network Architectures
  • Cloud Computing
  • Summary

Lessons 4: Security Foundations

  • The Triad
  • Information Assurance and Risk
  • Policies, Standards, and Procedures
  • Organizing Your Protections
  • Security Technology
  • Being Prepared
  • Summary

Lessons 5: Footprinting and Reconnaissance

  • Open Source Intelligence
  • Domain Name System
  • Passive Reconnaissance
  • Website Intelligence
  • Technology Intelligence
  • Summary

Lessons 6: Scanning Networks

  • Ping Sweeps
  • Port Scanning
  • Vulnerability Scanning
  • Packet Crafting and Manipulation
  • Evasion Techniques
  • Protecting and Detecting
  • Summary

Lessons 7: Enumeration

  • Service Enumeration
  • Remote Procedure Calls
  • Server Message Block
  • Simple Network Management Protocol
  • Simple Mail Transfer Protocol
  • Web‐Based Enumeration
  • Summary

Lessons 8: System Hacking

  • Searching for Exploits
  • System Compromise
  • Gathering Passwords
  • Password Cracking
  • Client‐Side Vulnerabilities
  • Living Off the Land
  • Fuzzing
  • Post Exploitation
  • Summary

Lessons 9: Malware

  • Malware Types
  • Malware Analysis
  • Creating Malware
  • Malware Infrastructure
  • Antivirus Solutions
  • Persistence
  • Summary

Lessons 10: Sniffing

  • Packet Capture
  • Detecting Sniffers
  • Packet Analysis
  • Spoofing Attacks
  • Summary

Lessons 11: Social Engineering

  • Social Engineering
  • Physical Social Engineering
  • Phishing Attacks
  • Social Engineering for Social Networking
  • Website Attacks
  • Wireless Social Engineering
  • Automating Social Engineering
  • Summary

Lessons 12: Wireless Security

  • Wi‐Fi
  • Bluetooth
  • Mobile Devices
  • Summary

Lessons 13: Attack and Defense

  • Web Application Attacks
  • Denial‐of‐Service Attacks
  • Application Exploitation
  • Lateral Movement
  • Defense in Depth/Defense in Breadth
  • Defensible Network Architecture
  • Summary

Lessons 14: Cryptography

  • Basic Encryption
  • Symmetric Key Cryptography
  • Asymmetric Key Cryptography
  • Certificate Authorities and Key Management
  • Cryptographic Hashing
  • PGP and S/MIME
  • Disk and File Encryption
  • Summary

Lessons 15: Security Architecture and Design

  • Data Classification
  • Security Models
  • Application Architecture
  • Security Architecture
  • Summary

Lessons 16: Cloud Computing and the Internet of Things

  • Cloud Computing Overview
  • Cloud Architectures and Deployment
  • Common Cloud Threats
  • Internet of Things
  • Operational Technology
  • Summary

Hands-on LAB Activities

Networking Foundations

  • Assigning Different Classes of IP Addresses

Security Foundations

  • Creating a Personal Linux Firewall Using iptables
  • Performing IDS Configuration with Snort
  • Viewing Syslog for Monitoring Logs
  • Using Event Viewer
  • Configuring Audit Policies in Windows

Footprinting and Reconnaissance

  • Using Recon-ng to Gather Information
  • Using Maltego to Gather Information
  • Using the theHarvester Tool
  • Using the whois Program
  • Using dnsrecon to Perform Enumeration
  • Performing Zone Transfer Using dig
  • Using ipconfig to Perform Reconnaissance
  • Mirroring Sites with HTTrack
  • Using and Checking Google Hacking Database (GHDB)

Scanning Networks

  • Using the Zenmap Tool
  • Conducting Vulnerability Scanning Using Nessus
  • Performing Vulnerability Scanning Using OpenVAS


  • Enumerating Data Using enum4linux

System Hacking

  • Searching Exploits Using searchsploit
  • Grabbing a Screenshot of a Target Machine Using Metasploit
  • Loading and Using Mimikatz
  • Cracking a Linux Password Using John the Ripper
  • Cracking Windows Passwords
  • Using Rainbow Tables to Crack Passwords
  • Exploiting Windows 7 Using Metasploit


  • Observing an MD5-Generated Hash Value
  • Using the msfvenom Program
  • Scanning Malware Using Antivirus


  • Capturing Packets Using Wireshark
  • Performing ARP Spoofing

Social Engineering

  • Detecting a Phishing Site Using Netcraft
  • Using SET Tool to Plan an Attack

Wireless Security

  • Creating a Network Policy for 802.1X
  • Securing a Wi-Fi Hotspot

Attack and Defense

  • Exploiting a Website Using SQL Injection
  • Attacking a Website Using XSS Injection
  • Simulating a DoS Attack
  • Defending Against a Buffer Overflow Attack
  • Setting up a Honeypot on Kali Linux


  • Performing Symmetric Encryption
  • Examining Asymmetric Encryption
  • Using OpenSSL to Create a Public/Private Key Pair
  • Observing an SHA-Generated Hash Value
  • Creating PGP Certification

Security Architecture and Design

  • Building the Sample Data in MongoDB

Cloud Computing and the Internet of Things

  • Performing Session Hijacking Using Burp Suite

Exam FAQs

To be eligible to apply to sit for the CEH (ANSI) Exam, a candidate must either:

  • (Prior to being ANSI accredited, EC-Council's certifications were named, based on versions - CEHV1, CEHV2 etc. During that time, candidates that attempted the certification exams were vetted for eligibility. In order to avoid "being double bill", the EC-Council Certification department shall issue a waiver of the application fee of any candidate that has a CEH V1- CEH V7 certification and wishes to attempt the CEH ANSI certification.)
  • or Have a minimum of 2 years of work experience in the InfoSec domain (You will need to pay USD100 as a non-refundable application fee);
  • Or Have attended an official EC-Council training (All candidates are required to pay the $100 application fee; however, your training fee shall include this fee)

USD 1414.82


Multiple Choice Question

The exam contains 125 questions.

240 minutes

  • If a candidate is not able to pass the exam on the first attempt, no cooling or waiting period is required to attempt the exam for the second time (1st retake).
  • If a candidate is not able to pass the second attempt (1st retake), a waiting period of 14 days is required prior to attempting the exam for the third time (2nd retake).
  • If a candidate is not able to pass the third attempt (2nd retake), a waiting period of 14 days is required prior to attempting the exam for the fourth time (3rd retake).
  • If a candidate is not able to pass the fourth attempt (3rd retake), a waiting period of 14 days is required prior to attempting the exam for the fifth time (4th retake).
  • A candidate is not allowed to take a given exam more than five times in a 12 month (1 year) period and a waiting period of 12 months will be imposed before being allowed to attempt the exam for the sixth time (5th retake).
  • Candidates who pass the exam are not allowed to attempt the same version of the exam for the second time.