Certified Ethical Hacker v11 Exam Preparation Guide

A Certified Ethical Hacker is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system(s). The CEH credential certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective.

It tests your skills in uncovering vulnerabilities that can be exploited by a malicious attacker. A CEH certification prepares you to match a black hat hacker’s techniques and creativity while equipping you with an in-depth understanding of hacking tools, evolving attack vectors, and preventative countermeasures.

Certified ethical hackers obtain permission from the asset owners before scrutinizing it for vulnerabilities and ensure that the outcomes remain confidential. The journey of becoming a certified ethical hacker begins with passing the CEH (ANSI) exam. Once you do, you can opt to take the CEH practical, a six-hour practical exam. When a professional is CEH certified and clears the CEH practical, they are recognized as a CEH Master.(Will Write my personal experience once completing the forth coming exams)

Ways to become a CEH

To become a certified ethical hacker, you need to pass the CEH exam that consists of a total of 125 multiple choice questions. You have a time limit of four hours to complete the examination.

EC-Council maintains the integrity of the certification exams by providing it as different question banks. These question banks are analyzed through beta testing for a suitable sample group under the supervision of security experts. It helps in ensuring that the questions asked in the exam have real-world applications in addition to academic significance. The governing body determines the difficulty rating of each question, and based on that, the cutoff is evaluated. Usually, it’s in the range of 60% to 80%, depending on the set of questions you get.

Eligibility criteria

Regarding the eligibility criteria for attempting the CEH certification exam, you have two options. First, you can complete an official EC-Council training at an accredited training center, approved academic institution, or via the iClass platform. In this case, you can challenge the EC-Council certification exam without going through the application process.

The second option for CEH certification eligibility needs you to have at least two years of experience in the information security domain as a prerequisite. If you have the relevant experience, you can submit your application along with a fee of $100 (non-refundable). In the application form, you’ll have to list your manager’s details, who would act as verifiers in the application process. The application usually takes around a period of five to 10 working days once the verifier responds to the EC-Council’s request for information.

Preparation Steps

Study-Train-Study

Once you decide to achieve the certification, you need a concrete plan for training as well as practice. Choose the best source for training. Its highly recommend choosing offline classroom training if you are a student or novice in cybersecurity. Usually, you can complete training in 3-4 months or less. The reason for recommending an offline course is that meeting other like-minded learners and professionals will help you  develop the ethical hacker mindset. You can get in touch with proper mentors, people with similar mind-sets and take advantage of group study which can reveal many unknown issues, incidents, and examples. Of course, this will cost you more, but you can’t learn to swim without getting wet.

Get your hands on Experience with ilabs !

The plus point of the latest version of CEH v11 is that it is more focused,  practical based and scenario-based with the latest content that equips students with hands-on skills. Remember, security is all about practice and implementation rather than a bunch of documents and do’s and don’ts checklist. While gaining the credential you will learn about methods and tools that you can use to protect the organization such as security implementations, testing, and monitoring. Just bookish knowledge won’t help there. We recommend that spending at least 2 hours daily practice apart from training will improve your skills dramatically.

Study Guides 

While we did mention above not to be bookish, books are a treasure trove of knowledge and even for clearing the CEH you must do a thorough read of the recommended books.  You can religiously follow study guides and clear your concept on every topic in a very descriptive manner. This will answer all your “What and Why” in terms of cybersecurity and ethical hacking. Of course, this is world-class content and therefore you will get exact definitions, descriptions, and diagrams for almost all topics. We recommend studying at least 1 hour daily to get clear on all topics during the training. 

Study groups – Community

In my experience , i studied solely for day and nights nearly 4 months .Study groups will polish your knowledge and skills for CEH topics. There are many study groups you can join where you can resolve your queries, clear your doubts, take help to learn something, and help others too. This will help you to stay in the company of like-minded people and you will get to learn fast. 

It is recommended not to share any personal/sensitive information. Beware of any unknown person who asks for sensitive information like your IP address, location, personal information, or anything apart from CEH courseware.  

Its recommend making a study group with the people you know who are also attempting the exam. You can take the help of your trainer or mentor to manage this group. Be active and participate in group activities like quizzes or group discussions.

Self-assessment

Keep learning is the key element of CEH training. Brush up your knowledge for the exam perspective as that is your main goal to become certified. For this, you need to learn how to give the exam and what type of questions are asked. You may face a lot of weird-looking or twisted or tricky questions with confusing multiple answers. Therefore, once you are done with your CEH training and you have knowledge of all topics, you need to test it like a mock drill of the war zone. There are many sources available where you can practice the exam questions. This platform will help you to understand the methods to ace the exam questions and complete them within the required timeframe.

Here sharing some links to practice for your exams

CEH ASSESSMENT- NEW 2022! CEHv11. Tests with complete explanations. Be an EC-Council Certified Ethical Hacker! -Udemy Course with nearly 500 Questions

CEH Study Guide – Learn the Courseware in depth and make notes of key points, this will help to review before exam

Apart from this, you can follow blogs, industry experts, and relevant videos for more understanding and guidance.

Module 1 : Introduction To Ethical Hacking

Ethical hacking and information security controls, laws, and standards. Pen tests, security audit, vulnerability assessment, and penetration testing roadmap.

• CIA Triad
• TTP
• Hacking LifeCycle
• Cyber Kill Chain
• Security Audit Compliance

Module 2 : Footprinting and Reconnaissance

Footprinting refers to the process of collecting information about a target network and its environment, which helps in evaluating the security posture of the target organization’s IT infrastructure. It also helps to identify the level of risk associated with the organization’s publicly accessible information. Footprinting can be categorized into passive footprinting and active footprinting:

• Passive Footprinting:

Involves gathering information without direct interaction. This type of foot printing is principally useful when there is a requirement that the information-gathering activities are not to be detected by the target.

• Active Foot printing:

Involves gathering information with direct interaction. In active foot printing, the target may recognize the ongoing information gathering process, as we overtly interact with the target network.

Module 3 : Scanning Networks

Network scanning is the process of gathering additional detailed information about the target by using highly complex and aggressive reconnaissance techniques. The purpose of scanning is to discover exploitable communication channels, probe as many listeners as possible, and keep track of the responsive ones.

Types of scanning:

1. Port Scanning: Lists open ports and services
2. Network Scanning: Lists the active hosts and IP addresses
3. Vulnerability Scanning: Shows the presence of known weaknesses

Module 4 : Enumeration 

Enumeration creates an active connection with the system and performs directed queries to gain more information about the target. It extracts lists of computers, usernames, user groups, ports, OSes, machine names, network resources, and services using various techniques. Enumeration techniques are conducted in an intranet environment.

1. Perform NetBIOS Enumeration
2. Perform SNMP Enumeration
3. Perform LDAP Enumeration
4. Perform DNS Enumeration
5. Perform NFS Enumeration
6. Perform SMB Enumeration
7. Perform Enumeration using tools

Module 5 : Vulnerability Analysis

Detect security gaps in an organization’s network infrastructure, communication channels, and computer systems. Vulnerability assessment plays a major role in providing security to any organization’s resources and infrastructure from various internal and external threats. To secure a network, an administrator needs to perform patch management, install proper antivirus software, check configurations, solve known issues in third-party applications, and troubleshoot hardware with default configurations. All these activities together constitute vulnerability assessment. Network vulnerability scanning can be categorized into active scanning and passive scanning:

1. Common Weakness Enumeration (CWE)
2. Common Vulnerabilities and Exposures (CVE)
3. National Vulnerability Database (NVD)
4. Common Vulnerability Scoring System (CVSS)

Module 6 : System Hacking

System hacking methodologies, Steganography, steganalysis attacks, and covering tracks to discover network and system vulnerabilities.

1. Gaining Access
2. Escalating Privileges
3. Maintaining Access
4. Clearing Logs

Module 7 : Malware Threats

Types of malwares (Trojan, virus, worms, etc.), system auditing for malware attacks, malware analysis, and countermeasures.

1. Identify malware components used to download the malicious code
2. Recognize the components of malicious software
3. Identify the characteristics of an APT attack
4. Identify the phases of an APT attack
5. recognize the purpose of APT groups
6. Identify the different types of trojan malware
7. Identify the malware deployment types
8. Identify the trojan type that includes running the real program in addition to the malicious code
9. Recognize techniques used to avoid trojan detection
10. Identify malicious software that requires human interaction to replicate to a system
11. Identify the phases of the virus lifecycle
12. Recognize the malware type that self-replicates

Module 8 : Sniffing

Networks are constantly sending data to deliver messages and keep network services working, but those data packets may contain sensitive information like passwords. In this course, you’ll examine how an attacker can gain access to sensitive data through packet sniffing. You’ll learn how attackers can manipulate DHCP, which can allow them to then intercept target host communications. Next, you’ll explore how attackers can manipulate ARP by taking advantage of the default functions of the ARP protocol. You’ll move on to examine how attackers trick users into sharing personal information through DNS poisoning. Finally, you’ll learn about common security controls that allow networks to communicate, while still adding layers of scrutiny, control, and obfuscation

1. Identify the different attacks an attacker can use to access sensitive data through network switches
2. Recognize the physical ways attacks can access sensitive data
3. Recognize the types of packets sniffing attackers can use to access sensitive data
4. Use network attacks to bypass network switches in order to sniff packets
5. Identify how using a rogue DHCP server can be used to intercept target host communications
6. Recognize how attackers can manipulate DHCP on client systems
7. Describe how to defend against attackers manipulating the Address Resolution Protocol (ARP) table
8. Identify how attackers can manipulate the ARP table
9. Recognize and manipulate the Address Resolution Protocol (ARP) table
10. Describe how to view the DNS cache on a local system
11. Identify the attack techniques that can be used against DNS
12. Recognize how attackers trick users into accessing an invalid host via DNS poisoning
13. Identify security controls that can be employed to add layers of security that can derail many sniffing attacks
14. Recognize common security controls and settings that can be added to derail many sniffing attacks

Module 9 : Social Engineering

The most insecure point in a network is not the network hosts, but the end user that works with it. In this course, you’ll explore the concepts and tactics of social engineering attacks, where the end user becomes the vulnerable system. The most dangerous attack can come from inside your network. You’ll also examine insider threats, including why they’re effective, their organization impacts, and why they’re difficult to detect and defend against. Identity theft is one of the most common and lucrative avenues of attack. To complete this course, you’ll learn the basic concepts, motives, and goals behind identity theft attacks.

1. Identify the impact to an organization that compromised by social engineering attacks
2. Recognize characteristics of a social engineering attack
3. Recognize the phases of a social engineering attack
4. Recognize the types of social engineering attacks
5. Identify common scenarios involving insider threats
6. Identify suspicious activity that could identify an insider threat
7. Recognize the different types of insider threats
8. Identify signs of identity theft
9. Recognize the reasons for identity theft

Module 10 : Denial-of-Service

Denial of Service attacks can be very disruptive to an organization both monetarily and reputationally. In this course, you’ll explore Denial of Service and Distributed Denial of Service attacks, as well as common DoS techniques and categories and common tools used to perform them. Next, you’ll examine volumetric DoS attacks, which are one of the more common types deployed by attackers. These include UDP flood, Ping of Death, Smurf, and Pulse Wave. Finally, you’ll learn about protocol-based DoS attacks, including SYN floods, ACK floods, and fragmentation attacks.          

1. Identify the tools used to perform a denial-of-service attack
2. Identify the types of denial of service (DoS) attacks
3. Identify a command to perform a ping of death attack
4. Recognize the command to issue to perform a UDP flood attack
5. Recognize the different volumetric attack types
6. Identify the command to perform a SYN flood attack
7. Identify the different types of DoS attacks
8. Recognize the different types of flood attacks

Module 11 : Session Hijacking

Techniques to discover network-level session management, authentication/authorization, cryptographic weaknesses, and countermeasures. identify the tools needed to intercept a web request, provide a session ID to the browser, and analyze the session ID, to see how easy it is to predict. Recognize various types of session attacks. Identify attack types on SSL and TLS, and describe how to perform a MITM attack, to assist a hijacked session.

1. Identify the tool to intercept web request
2. Identify the tool to provide a session ID to the browser
3. Define the various attacks on sessions
4. Describe the tool used to analyze the session ID to see how easy it is to predict
5. Describe how to perform a MITM attack to help with session hijacking
6. Identify attack types on SSL and TLS

Module 12 : Evading IDS, firewalls, and Honeypots

 Firewall, IDS, and honeypot evasion techniques, evasion tools and techniques to audit a network perimeter for weaknesses, and countermeasures.

1. Describe the techniques that can be used to evade IDS/IPS
2. Recognize the different alert types of deployed IDS/IPS solutions
3. Recognize the function of intrusion detection and prevention systems (IDS/IPS)
4. Describe how firewalls are used as a security countermeasure
5. Describe how firewalls can be configured as a security countermeasure
6. Describe techniques that are commonly used to bypass firewalls
7. Describe the types of honeypots that can be used to build better defenses
8. Identify how honeypots can be used to protect your organization

Module 13 : Hacking Web Servers

Attacks and a comprehensive attack methodology to audit vulnerabilities in web server infrastructure, and countermeasures.

1. Describe the function of a web server and it common components
2. Identify security controls that can help mitigate possible vulnerabilities
3. Recognize where web server configuration files and common components are stored
4. Describe the common web server attacks
5. Recognize the directory traversal web server attack pattern
6. Recognize tools that can be used to perform common web server attacks
7. Work with the http response splitting web server attack
8. Describe the tools used for each step of the web server attack methodology
9. Identify the components of the web server attack methodology
10. Recognize common web server attack methodology techniques

Module 14 : Hacking Web Applications

Web application attacks and comprehensive web application hacking methodology to audit vulnerabilities in web applications and countermeasures.

1. Describe techniques and technologies used by web applications
2. Describe techniques for testing and protecting web applications
3. Recognize defenses that can be used to protect web applications
4. Recognize the details of web applications
5. Describe an owasp top 10 web application attack and how to protect against it
6. Describe how an owasp top 10 web application attack works
7. Distinguish between the owasp top 10 web application attacks
8. Recognize the owasp top 10 web application attacks
9. Describe unvalidated redirects and forwards
10. Recognize how to mitigate unvalidated redirects and forwards

Module 15 : SQL injection attacks 

SQL injection attack techniques, injection detection tools to detect SQL injection attempts, and countermeasures.

1. Describe how to find spots where SQL Injection could be attempted against a web application that stores and delivers data
2. Identify the type of SQL injection attack used gain web applications that store and deliver data
3. Recognize the security controls and defenses that can be used to prevent SQL Injection attacks
4. Recognize the types of SQL injection attacks
5. Describe how error-based sqli can be tested for
6. Identify ways to exploit sqli vulnerabilities
7. Recognize how to use error-based sqli to enumerate the database
8. Describe the time-based blind sqli method that can be used to access information on a remote system
9. Recognize the types of blind-based sqli that can be used to access sensitive information

Module 16 : Hacking Wireless Networks

Wireless encryption, wireless hacking methodology, wireless hacking tools, and Wi-Fi security tools.

1. Describe the Wi-Fi authentication types
2. Identify the types of Wi-Fi antennas
3. Recognize the common Wi-Fi standards
4. Recognize the features of the Wi-Fi encryption schemes
5. Describe threats to wireless technologies
6. Identify threats to wireless technologies used by attackers
7. Recognize the Rogue AP threat to wireless technologies
8. Identify tools that help with wireless discovery and mapping
9. Recognize tools used for doing wireless attacks
10. Use tools to do wireless discovery, mapping, traffic analysis and attacks

Module 17 : Hacking Mobile Platforms

Mobile platform attack vector, android vulnerability exploitations, and mobile security guidelines and tools. One of the main reasons that attackers are successful against mobile devices is due to the difficulty in managing them      

1. Describe OWASP Top 10 Mobile Risks
2. Identify the OWASP defined Top 10 Mobile Risks to mobile devices
3. Recognize the attack surface related to mobile devices
4. Recognize the mobile risks as defined by OWASP
5. Describe debugging and access tools available for Android devices
6. Identify security and risk associated with rooting an Android device
7. Identify sources of information for the Android environment
8. Recognize common android vulnerability and attack tools
9. Identify defenses associated with ios devices
10. Identify jailbreaking types associated with ios devices
11. Recognize attack vectors associated with ios devices
12. Recognize tools that could be used as attack vectors with ios devices
13. Identify how mobile device management should be deployed along with security policies
14. Identify security issues around BYOD and mobile device management
15. Identify the need and capabilities of mobile device management
16. Recognize the tools and software available to do mobile device                                           management

Module 18 : IoT and OT hacking

Internet-of-Things (IoT) devices make our lives convenient and that makes them more prevalent every day. Threats to IoT and OT platforms and learn how to defend IoT and OT devices securely.

1. Describe IoT and recognize its main components
2. Describe the IoT architectural components
3. Identify the IoT protocols used for deployment
4. Recognize the communication models used in IoT
5. Describe common IoT threats
6. Identify OWAP Top 10 IoT threats and vulnerabilities
7. Recognize the attack surface for IoT devices
8. Describe common IoT attacks
9. Identify hacking tools and methods for hacking IoT devices
10. Identify tools used for attacking IoT devices
11. Recognize common attacks that can cause harm via IoT devices

Module 19 : Cloud Computing

Cloud computing concepts (Container technology, serverless computing), various threats/attacks, and security techniques and tools.

1. Describe the different cloud computer types
2. Describe the different cloud computer types of responsibility areas
3. Identify the cloud service deployment models
4. Recognize the different cloud storage architectures
5. Describe containers and orchestration
6. Describe the five-tier container architecture
7. Identify common security challenges for container technologies
8. Describe attack methods for accessing or enumerating cloud services
9. Identify tools to enumerate amazon s3
10. Recognize common security vulnerability and assessment tools
11. Recognize tools used for gaining access to sensitive information
12. Identify security controls for protecting cloud environments
13. Recognize common security controls and online tools that can help with protecting cloud accounts, containers, and orchestration
14. Recognize common security controls for cloud environments that can help you protect cloud accounts

Module 20 : Cryptography

Cryptography ciphers, Public Key Infrastructure (PKI), cryptography attacks, and cryptanalysis tools. Encryption is one of the best security controls available for defending computer networks and data, and cryptography plays a vital role in this process

1. Describe the purpose of cryptography
2. Describe the types of cryptography
3. Identify the commonly used types of cryptography
4. Describe common algorithms and implementations used by various crypto systems
5. Identify the strengths of commonly implemented hash functions
6. Recognize common encryption and hashing functions and their uses
7. Recognize the common encryption algorithms and their types
8. Recognize tools that can aid in securing sensitive data on desktops
9. Recognize tools that will aid you in securing your sensitive data on servers

Conclusion 

So, start your journey on becoming a certified cyber security professional with the CEH course and credential. As with anything else, practice makes perfect, and you will become better as an ethical hacker with practice. Work hard and you will achieve your CEH certification at the very first attempt.