Certified ethical hacker
The Certified Ethical Hacker (CEH) is a globally recognized cybersecurity certification offered by the EC-Council, designed to equip professionals with the knowledge and skills to identify, assess, and mitigate vulnerabilities in computer systems by simulating the techniques used by malicious hackers.[1] Introduced in 2003, the CEH program has become a foundational credential in the field of ethical hacking, emphasizing a proactive approach to cybersecurity defense through authorized penetration testing and vulnerability analysis.[2] The certification targets a wide range of roles, including penetration testers, cybersecurity analysts, ethical hackers, and AI security engineers, with over 49 job functions aligned to its curriculum.[1] To qualify, candidates can follow one of two paths: attending an official EC-Council training course, which requires no prior experience, or demonstrating at least two years of verified information security experience in areas such as reconnaissance, system hacking, network hacking, web application hacking, wireless hacking, mobile/IoT/OT hacking, cloud computing, and cryptography.[3] The CEH v13 curriculum, the latest version as of 2025, spans 20 modules covering more than 550 attack techniques, 221 hands-on labs, and over 4,000 tools, incorporating AI-driven methods to address evolving threats like generative AI in cybersecurity.[1] The core certification exam consists of 125 multiple-choice questions over four hours, while the optional CEH Practical exam—a six-hour hands-on assessment—leads to the CEH Master designation for those demonstrating applied skills in real-world scenarios.[4] The certification is valid for three years, after which holders must recertify by earning 120 EC-Council Continuing Education (ECE) credits through activities like training, webinars, or contributions to the field.[5] Key benefits of the CEH include its alignment with industry standards, such as those from the U.S. Department of Defense, and high employer demand, with 92% of organizations preferring certified professionals and a 95% reported career advancement rate for holders.[1] By fostering a mindset of "hacking to defend," the certification plays a critical role in building resilient digital infrastructures against sophisticated cyber threats.[6]Introduction
Definition and Purpose
The Certified Ethical Hacker (CEH) is a professional qualification issued by the EC-Council since 2003, designed for individuals who legally assess and test the security of computer systems, networks, and applications by employing techniques commonly used by malicious hackers.[7] This certification validates the holder's ability to think and act like an attacker in a controlled, authorized environment to uncover potential weaknesses before they can be exploited.[1] The primary purpose of the CEH is to equip cybersecurity professionals with practical skills to identify system vulnerabilities, simulate real-world cyberattacks ethically, and recommend countermeasures that strengthen organizational defenses against cyber threats.[1] By focusing on offensive security methodologies, it enables certified individuals to bridge the gap between proactive threat simulation and defensive strategies, promoting "white hat" hacking practices that prevent data breaches and unauthorized access.[2] Globally recognized, the CEH serves as an entry-level to mid-level credential for cybersecurity careers, mapping to roles such as penetration testers and information security auditors, and is trusted by entities including the U.S. Department of Defense and over 1,200 educational institutions worldwide.[1] Recent iterations, like version 13, integrate AI-driven techniques to adapt to emerging cybersecurity challenges.[1]History and Development
The EC-Council, an organization dedicated to cybersecurity education, was founded in 2001 in response to the increased demand for information security training following the September 11 terrorist attacks.[8] In 2003, the organization launched the Certified Ethical Hacker (CEH) certification, establishing it as the world's first vendor-neutral ethical hacking credential designed to teach core hacking methodologies, including reconnaissance, scanning, gaining access, maintaining access, and covering tracks.[9][10] Over the years, the CEH program has progressed through iterative versions to incorporate evolving threats and technologies. The release of CEH v12 in September 2022 expanded the curriculum with additional hands-on labs, over 220 practical exercises, and coverage of emerging areas like cloud computing and IoT vulnerabilities, enhancing the focus on real-world application.[11] In September 2024, EC-Council introduced CEH v13, the first version to integrate AI-driven hacking simulations, including generative AI tools for threat modeling and ethical AI usage in penetration testing.[12] Significant milestones in the program's development include the 2018 launch of the CEH Practical exam, a six-hour performance-based assessment that evaluates candidates' ability to apply ethical hacking techniques in simulated environments, complementing the theoretical knowledge from the standard CEH.[7] By 2025, EC-Council had certified over 350,000 professionals worldwide through its programs, with CEH as its flagship certification underscoring its global adoption in the cybersecurity workforce.[13] Additionally, the annual CEH Hall of Fame, initiated in 2021 to recognize top-performing certified professionals scoring 90% or higher on exams and demonstrating exceptional contributions, continued to highlight industry leaders, with the 2025 edition featuring 100 inductees based on global impact metrics.[14][15]Certification Process
Eligibility Requirements
To pursue the Certified Ethical Hacker (CEH) certification offered by the EC-Council, candidates must meet specific eligibility criteria designed to ensure a foundational level of competence in information security. The primary pathways are either completing an official EC-Council training program or demonstrating at least two years of verified work experience in an information security role.[16] No formal academic degree is required, though a background in information technology, networking, or cybersecurity is strongly recommended to grasp the certification's technical demands.[1] Candidates must be at least 18 years old to attempt the exam without restrictions; those under the legal age in their country of residence require written parental or guardian consent and must enroll through an accredited training institution.[16] Additionally, all applicants agree to abide by the EC-Council Code of Ethics, which mandates ethical conduct, such as not engaging in unauthorized access, maintaining confidentiality, and using skills solely for defensive purposes.[17] For experienced professionals opting out of formal training, a self-study path is available through purchase of an exam voucher following eligibility approval; this requires submission of proof of the two-year experience threshold.[18] The experience requirement can be waived entirely by completing an official EC-Council training course.[1] The documentation process involves submitting an Exam Eligibility Application Form, along with supporting evidence such as a resume, employer verification letter, or signed affidavit attesting to the work experience, and a copy of government-issued identification (with personally identifiable information redacted).[19] For training-based eligibility, a Certificate of Attendance or Completion from an accredited provider suffices. Applications are reviewed within five business days, and a non-refundable $100 USD fee applies for the experience verification path; approval is required before scheduling the exam.[16]Training and Preparation
Candidates pursuing the Certified Ethical Hacker (CEH) certification can access training through official pathways provided by the EC-Council, ensuring alignment with the certification's standards.[1] Accredited Training Centers (ATCs) offer instructor-led, in-person boot camps typically spanning five days, providing structured classroom environments for interactive learning.[20] Additionally, the EC-Council's iLearn platform enables self-paced online training, allowing learners to progress at their own speed while incorporating virtual labs for practical application.[1] Training costs vary by format and provider, ranging from approximately $1,700 for self-paced iLearn access to $2,500 for live online instructor-led courses as of 2025, often including an exam voucher and one year of lab access.[1] These programs emphasize hands-on experience, with access to iLabs offering over 220 virtual practice environments to simulate real-world ethical hacking scenarios.[1] The total duration for official training is around 40 hours, focusing on building practical skills through guided exercises.[21] Official study materials include the comprehensive CEH study guide, practice exams, and video modules, designed to cover essential concepts and techniques.[1] Participants are encouraged to dedicate significant time to hands-on labs, exceeding 40 hours, to reinforce theoretical knowledge with applied proficiency.[1] While third-party resources such as the book CEH Certified Ethical Hacker All-in-One Exam Guide by Matt Walker and platforms like Cybrary can supplement preparation, they do not qualify for the official exam voucher unless combined with EC-Council-endorsed training.[1] Candidates must verify that any external materials align with the latest CEH version to ensure relevance.[1]Examination
Exam Format
The Certified Ethical Hacker (CEH) examination is offered in two primary formats: the ANSI-accredited theoretical exam and the CEH Practical exam. The theoretical exam consists of 125 multiple-choice questions designed to assess knowledge of ethical hacking concepts, tools, and techniques.[1] In contrast, the CEH Practical is a performance-based assessment comprising 20 real-world challenges that require candidates to apply hacking skills in simulated environments.[4] Exams are delivered either through online proctoring or in-person at authorized Pearson VUE testing centers, providing flexibility for candidates worldwide. The theoretical exam has a time limit of 4 hours, while the Practical exam extends to 6 hours to accommodate hands-on tasks.[22][1] The content of the theoretical exam aligns with the CEH curriculum's 20 modules and is structured around 9 key domains, with varying weights to reflect importance. For example, reconnaissance techniques account for 17% of the exam, and system hacking phases and attack techniques represent 15%.[23] Other domains include network and perimeter hacking (24%), web application hacking (14%), and emerging areas like mobile, IoT, OT hacking (10%).[23] As of 2025, the CEH v13 version incorporates artificial intelligence (AI) integration throughout the exam, with AI-driven scenarios and tools featured in practical challenges to address modern cybersecurity threats. The passing score ranges from 60% to 85%, varying by exam form to maintain consistency in difficulty.[1][24]Scoring and Certification
The Certified Ethical Hacker (CEH) examination utilizes a scoring system where the passing threshold varies from 60% to 85%, depending on the specific form of the exam administered to account for differences in question difficulty.[25] This applies to the theoretical multiple-choice component, which consists of 125 questions completed over four hours. For the practical variant, evaluation focuses on the successful completion of real-world challenges, such as vulnerability exploitation and system penetration, without detection by defensive measures, with passing scores similarly ranging from 60% to 85%.[4] Upon achieving a passing score, candidates are awarded the CEH certification, which includes a digital badge verifiable through the EC-Council's platform and an associated certification ID for professional use.[26] The certification remains valid for three years from the date of issuance.[5] To renew, holders must accumulate 120 EC-Council Continuing Education (ECE) credits during this period, through activities such as attending approved training courses, participating in webinars, authoring publications on cybersecurity topics, or completing other EC-Council-sanctioned professional development.[5] In the event of an initial failure, the EC-Council's retake policy permits up to five attempts within a 12-month period: the first retake requires no waiting period, while subsequent retakes impose a 14-day cooling-off period between attempts, and a 12-month wait applies after the fifth attempt.[27] Retakes are facilitated through discounted exam vouchers purchased via EC-Council channels. For advanced credentialing, the CEH Master designation requires passing both the standard theoretical exam and the CEH Practical exam, demonstrating mastery in applying ethical hacking techniques across 20 hands-on scenarios in a simulated environment.[28] This variant emphasizes practical proficiency, with grading centered on the effective execution and documentation of penetration testing tasks.[29]Curriculum
Core Modules
The Certified Ethical Hacker (CEH) v13 curriculum encompasses 20 core modules that systematically cover the foundational and advanced aspects of ethical hacking, equipping learners with knowledge of over 550 attack techniques across various domains. These modules blend theoretical explanations of hacking methodologies, hands-on exposure to industry-standard tools, and discussions on ethical and legal frameworks to promote responsible cybersecurity practices. Developed by the EC-Council, the structure follows the five phases of ethical hacking—reconnaissance, scanning, gaining access, maintaining access, and covering tracks—while integrating emerging threats like AI-driven attacks.[1][30] The curriculum has evolved significantly, shifting from an emphasis on basic reconnaissance tools in early versions to more sophisticated integrations in v13, including AI capabilities and threat modeling frameworks such as MITRE ATT&CK for contextualizing attacks. The Cloud Computing module addresses modern infrastructures like container technologies and serverless computing, reflecting the growing complexity of hybrid environments. This progression ensures the modules remain relevant to contemporary cybersecurity challenges, with each incorporating ethical considerations to underscore the distinction between authorized testing and malicious activities.[30][1]- Introduction to Ethical Hacking: This module provides an overview of ethical hacking principles, including the evolution of cyberattacks, key terminology, and the hacker's mindset, while stressing legal boundaries and codes of ethics for penetration testers. It lays the groundwork for understanding compliance standards like GDPR and HIPAA in security assessments.[1]
- Footprinting and Reconnaissance: Learners explore passive and active information-gathering techniques to map target organizations, using tools like Google Hacking and DNS enumeration, with ethical guidelines to ensure reconnaissance remains non-intrusive and authorized. The module highlights the importance of open-source intelligence (OSINT) in identifying potential vulnerabilities without alerting defenders.[30]
- Network Scanning Techniques: Focused on active probing, this module teaches port scanning, service identification, and topology mapping using tools such as Nmap and Nessus, alongside ethical protocols for obtaining permission before scans to avoid disrupting network operations. It covers evasion techniques to simulate real-world adversary behaviors responsibly.[1]
- Enumeration Techniques: This covers extracting detailed system information like user accounts and shares via protocols such as SNMP and LDAP, employing tools like NetBIOS queries, while emphasizing ethical limits to prevent unauthorized data exfiltration. The theory underscores enumeration as a precursor to exploitation in the hacking lifecycle.[30]
- Vulnerability Analysis: Participants learn to assess and prioritize weaknesses using frameworks like CVSS, with tools such as OpenVAS for automated scanning, and ethical considerations for reporting findings to stakeholders without exploitation. The module integrates threat modeling to evaluate vulnerability impacts in enterprise contexts.[1]
- System Hacking Methodologies: This module details gaining and maintaining access through password cracking and privilege escalation, utilizing tools like Metasploit, with a strong focus on ethical post-exploitation to document access paths for remediation rather than persistence. It includes theoretical coverage of rootkits and backdoors in controlled environments.[30]
- Malware Threats: Learners study types of malware including viruses, trojans, and ransomware, analyzing creation and detection with tools like Wireshark for traffic inspection, and ethical guidelines for handling samples in isolated labs to avoid real-world dissemination. The content addresses mitigation strategies aligned with NIST frameworks.[1]
- Packet Sniffing: This explores capturing and analyzing network traffic using tools such as Wireshark and tcpdump, covering protocols like ARP poisoning, with ethics centered on consent for monitoring to comply with privacy laws like the Wiretap Act. Theoretical aspects include understanding packet structures for defensive countermeasures.[30]
- Social Engineering: The module examines psychological manipulation tactics like phishing and pretexting, demonstrating tools such as SET (Social-Engineer Toolkit), while prioritizing ethical training to build awareness programs that protect against human-centric attacks without deception in practice. It draws on real-world case studies for conceptual depth.[1]
- Denial-of-Service (DoS) Attacks: Focuses on resource exhaustion techniques including DDoS variants, using tools like LOIC for simulation, with ethical restrictions on testing only in isolated setups to prevent service disruptions, and theory on detection via anomaly-based monitoring.[30]
- Session Hijacking: This covers intercepting active sessions via tools like Burp Suite, exploring protocols such as TCP/IP weaknesses, and ethical practices for securing sessions post-test to enhance application-layer defenses. The module includes predictive models for hijacking risks.[1]
- Evading IDS, Firewalls, and Honeypots: Learners study bypass methods like fragmentation and encryption tunneling with tools such as Fragroute, emphasizing ethical use in authorized environments to improve detection rules without compromising production systems. Theoretical content integrates signature and behavior-based evasion strategies.[30]
- Web Server Attacks: This module addresses exploits like directory traversal and buffer overflows on servers such as Apache, using tools like Nikto, with ethics focused on patching recommendations to safeguard web infrastructures. It covers configuration hardening as a defensive counterpart.[1]
- Web Application Attacks: Participants examine OWASP Top 10 risks including XSS and CSRF, employing tools like OWASP ZAP, and ethical reporting to developers for secure coding practices. The theory emphasizes input validation to prevent application-layer breaches.[30]
- SQL Injection: Dedicated to database manipulation via unsanitized inputs, this uses tools like SQLMap for automated attacks, with ethical guidelines for testing only with permission and focusing on parameterized queries for prevention. It provides conceptual insights into blind and union-based variants.[1]
- Wireless Network Hacking: The module covers cracking WEP/WPA using tools such as Aircrack-ng, including rogue AP detection, and ethical considerations for securing Wi-Fi in enterprise settings without unauthorized access. Theoretical elements include signal analysis for physical layer threats.[30]
- Mobile Platform Security: This explores Android and iOS vulnerabilities like insecure data storage, using tools such as Frida for dynamic analysis, with ethics centered on app permission audits to protect user privacy. It addresses mobile-specific threats in BYOD environments.[1]
- IoT and OT Attacks: Learners investigate device exploitation in industrial control systems, employing tools like Shodan for discovery, and ethical protocols for non-disruptive testing in critical infrastructure. The module integrates risk assessment for interconnected ecosystems.[30]
- Cloud Computing Threats: This covers misconfigurations in AWS, Azure, and Google Cloud, using tools like Pacu for simulations, with ethical focus on shared responsibility models and compliance in multi-tenant environments. It includes theory on serverless and container security.[1][30]
- Cryptography: This final module reviews encryption algorithms, PKI, and attacks like man-in-the-middle, with tools such as John the Ripper for cracking, emphasizing ethical implementation of secure communications to maintain data integrity. Theoretical foundations include quantum-resistant cryptography trends.[1]