Certified Ethical Hacker v13 Exam Outline

---

Authors Note

Back in 2022, I completed my CEH v11 after five months of intense preparation. That journey taught me not only the technicalities of ethical hacking but also the discipline and mindset required to excel in this domain. At that time, I documented the exam outline in detail, aiming to help aspiring professionals navigate the certification path.

Fast-forward to today, and the cybersecurity landscape has evolved dramatically—cloud environments have become mainstream, IoT devices are everywhere, AI is both a defense mechanism and an attack vector, and threats are far more complex. Many of my close friends have decided to take up the Certified Ethical Hacker (CEH) challenge, and I realized it’s time for another deep dive—this time into the CEH v13.

This detailed write-up is not only for my circle but for the entire cyber community. It will give you a clear, domain-by-domain breakdown of the CEH v13 syllabus, enhanced with real-world context, practical tips, and insights to help bridge the gap between theory and application.

Introduction

The Certified Ethical Hacker (CEH) v13 certification by EC-Council provides a practical, industry-oriented curriculum that prepares cybersecurity professionals to detect, prevent, and respond to threats in today’s rapidly evolving environment. With expanded coverage on AI/ML-driven attacks, cloud, and IoT vulnerabilities, CEH v13 is structured to reflect real-world scenarios hackers and defenders encounter.

1. Exam Overview — What You’re Up Against

Exam Code: 312-50
Format: 125 multiple-choice questions
Duration: 4 hours
Passing Score: Variable (60%–85% depending on question pool difficulty)
Content: 20 modules covering reconnaissance to cloud, IoT, and AI
Delivery Mode: ECC Exam Center / Pearson VUE

Review Note:
Unlike older versions, CEH v13 is more scenario-heavy—you’ll often get “What’s the next best step?” rather than “What’s the definition?” This means rote memorization won’t save you—you need process thinking.

2. Domain Weightage — Know Where to Invest Time

Review Tip:
If you’re short on prep time, master Recon, Scanning, Web App, and Sniffing. These have high question density.

3. Study Resources — What Works & What Doesn’t

Best Resources:

• EC-Council iClass / Official Courseware — Most accurate, aligns perfectly with exam objectives.
• Matt Walker’s CEH All-in-One v13 — Great for theory & quick reviews.
• Ric Messier’s CEH v13 Study Guide — More practice-oriented.
• Hands-on Platforms: EC-Council iLabs, TryHackMe CEH Path, Hack The Box.

Avoid:

• Outdated v10–v11 books (missing AI/Cloud/IoT).
• Question dumps — they harm real skill-building and risk disqualification.

Review Takeaway:
Combine official content (for accuracy) with community labs (for applied skill). Neither alone is enough.

4. Hands-On Practice — The Make-or-Break Factor

CEH v13 rewards tool fluency, not just tool familiarity.
You must be able to:

• Enumerate networks with Nmap (different scan types, timing, NSE scripts).
• Intercept and modify requests in Burp Suite.
• Analyze pcap files with Wireshark.
• Exploit vulnerable web apps (SQLi, XSS) in a sandbox.

Review Insight:
Many candidates fail because they can name a tool but cannot interpret its output in a scenario. Practice interpreting screenshots, logs, and CLI outputs.

5. New Topics — The Curveballs

CEH v13 includes:

• AI Threats — Adversarial ML, AI-based phishing, automated malware.
• Cloud Security — Misconfigurations, insecure APIs, IAM flaws.
• IoT/OT Security — Device fingerprinting, firmware analysis.

Review Strategy:
These topics have fewer total questions but can be tricky due to lack of free lab material. Use EC-Council’s lab VMs to cover them at least at a basic operational level.

6. Study Plan — A Realistic 12-Week Framework

Weeks 1–4 Core fundamentals — Recon, Scanning, Sniffing

Weeks 5–8 Vulnerability Assessment, Web App Security, Cryptography

Weeks 9–10 Emerging Tech — Cloud, IoT, AI

Week 11 Full-length mock exams & lab replays

Week 12 Weak area revision + brain-rest before test

Review Advice:
Every 4th week, take a full mock test. Don’t just check score—review every wrong and guessed question.

7. Exam-Day Strategy — Surviving the Clock

• Average Time: 1.9 minutes per question.
• Flag long scenario questions, return later.
• Read carefully — a single NOT can change the right answer.
• For tool output questions, focus on key anomalies not the full log.

Review Warning:
Don’t overthink — CEH v13 tends to favor the “industry best practice” answer over the “most technical” one.

8. Common Pitfalls to Avoid

1. Spending too much time on low-weight domains (e.g., Malware Analysis) while neglecting Recon/Web.
2. Memorizing tools without knowing their switches/parameters.
3. Ignoring Cloud & AI sections because “they’re new”.
4. Cramming the night before — the exam is endurance-based.

9. Final Review Checklist

✔ Understand the CEH methodology flow.
✔ Be comfortable with 10+ core tools (Nmap, Metasploit, Nikto, Burp, Hydra, John, etc.).
✔ Have practiced real attack flows in labs.
✔ Can explain vulnerabilities in both technical & layman terms.
✔ Have taken at least 3 full-length mock exams.

Bottom Line

CEH v13 isn’t about “catching hackers”—it’s about thinking like one, ethically, while proving you can apply structured, real-world attack techniques. If you combine official content, lab practice, and time management, your pass chances rise dramatically.

If you skip hands-on or neglect high-weight domains, you’ll likely struggle. Treat it like a practical security readiness drill, not just a certification.

CEH v13 Detailed Exam Outline

1. Introduction to Ethical Hacking

• Defines the role of ethical hackers, and explains distinctions among black, white, and gray hats.
• Covers laws, standards (e.g., ISO, PCI DSS), and frameworks governing ethical hacking, stressing professional responsibility.
• Introduces the five hacking phases: Reconnaissance, Scanning, Gaining Access, Maintaining Access, and Covering Tracks.
• Emphasizes the importance of authorization and documentation in all engagements.

Preparation Tip: Pay attention to the five phases of hacking — they are the backbone of the CEH methodology and often tested with scenario-based question

2. Footprinting and Reconnaissance

• Detailed exploration of passive/active information gathering.
• Techniques include search engines, WHOIS lookups, DNS recon, mapping targets via tools like Maltego and social networks.
• Demonstrates the use of websites, job boards, and public documents for intelligence gathering.
• Teaches countermeasures to prevent unintentional data leakage.

Preparation Tip: Learn to interpret Nmap scan results — expect questions on what certain flags or ports indicate.

3. Scanning Networks

• How to discover live hosts, open ports, and services.
• Insights into Nmap scripting engine and automated vulnerability scanners.
• Covers firewall/IDS detection and bypassing using custom packets/decoys.
• Stresses importance of safe probing to avoid detection.

Preparation Tip: Understand how different scan types work at the TCP/IP level — these details are common in tricky exam questions.

4. Enumeration

• Deep dives into NetBIOS, SNMP, and LDAP enumeration, with practical demonstrations.
• Techniques for extracting user lists, shares, and network resources.
• Tools such as Enum4Linux and SNMPwalk are practiced hands-on.
• Notes on hardening systems against enumeration.

Preparation Tip: Enumeration is loud — expect questions on detection and stealth techniques.

5. Vulnerability Analysis

• Differentiates between vulnerability assessment and penetration testing.
• Systematic process using both automated (OpenVAS) and manual methods.
• Explains risk prioritization and report preparation.
• Emphasizes legal and operational scopes.

Preparation Tip: Know the difference between vulnerability scanning and penetration testing — CEH emphasizes this distinction.

6. System Hacking

• Step-by-step coverage of password attacks: guessing, cracking (hashes, rainbow tables).
• Attack chains: privilege escalation, installing persistent backdoors (rootkits, keyloggers).
• Teaches evidence tampering and log cleaning as attack and defense exercises.

Preparation Tip: Learn Windows vs. Linux privilege escalation techniques separately — both appear in the exam.

7. Malware Threats

• Anatomy of malware: worms, viruses, trojans, and ransomware with case studies.
• Analyzes payload delivery, execution, and propagation.
• Basic malware reverse engineering and sandboxes.
• Defense: anti-malware, behavioral analysis.

Preparation Tip: Be able to identify malware types by behavior — the exam often tests this indirectly.

8. Sniffing

• Packet capture and analysis (Wireshark, tcpdump).
• Explains ARP poisoning, MAC flooding, and countermeasures.
• Real-world MITM and credential theft scenarios.
• Importance of network segmentation and encryption.

Preparation Tip: Expect questions on ARP poisoning detection — a common real-world scenario.

9. Social Engineering

• Real-life examples of phishing, pretexting, baiting, and vishing.
• Best practices for user awareness training.
• Attack simulations and how to conduct them responsibly.
• Role of policy and ongoing education.

Preparation Tip: Many scenario-based questions here — focus on real-world attack situations.

10. DoS/DDoS Attacks

• In-depth workings of flood, amplification, and botnet-based attacks.
• Practice with open-source tools (LOIC, hping).
• Network architecture for resilience and defense in depth.
• Incident response recommendations.

Preparation Tip: Understand application-layer DDoS vs. network-layer DDoS differences.

11. Session Hijacking

• Detailed exploitation: predicting session tokens, XSS-driven hijacks.
• Demo of session replay and sidejacking.
• Explores HTTP security headers, cookie flags, and secure coding practices.

Preparation Tip: Session hijacking is often tied to web application security in exam questions.

12. Evading IDS, Firewalls, and Honeypots

• Evasion tactics: fragmentation, encryption, tunneling.
• Real attack and detection lab exercises.
• Notes on tuning IDS/IPS and understanding honeypot deception.

Preparation Tip: Learn fragmentation, tunneling, and encryption tricks through lab exercises.

13. Hacking Web Servers

• Common vulnerabilities (default creds, outdated software).
• Techniques for enumeration, exploitation, and privilege escalation.
• Mitigation: patch management, least privilege, web server hardening.

Preparation Tip: Focus on exploiting misconfigurations and applying server hardening steps.Focus on exploiting misconfigurations and applying server hardening steps.

14. Hacking Web Applications

• Focus on OWASP Top 10: including SQLi, XSS, CSRF, and logic flaws.
• Labs on exploiting and defending against these vulnerabilities using Burp Suite.
• Secure SDLC and code review best practices.

Preparation Tip: Master OWASP Top 10 by exploiting DVWA and then applying fixes.

15. SQL Injection

• Types: in-band, blind, out-of-band.
• Tools: sqlmap, manual exploitation.
• Prevention: input validation, parameterized queries.
• Business impact discussions.

Preparation Tip: Practice manual SQLi payloads before automating with sqlmap.

16. Hacking Wireless Networks

• Attacks: WEP/WPA/WPA2 cracking, rogue APs, evil twins.
• Real-world case studies and lab attacks.
• Secure configuration and monitoring for wireless environments.

Preparation Tip: Set up a test AP and practice WEP/WPA/WPA2 cracking.

17. Hacking Mobile Platforms

• Common threats: mobile malware, rooting/jailbreaking.
• Tools and labs for analyzing Android/iOS vulnerabilities.
• Mobile device management and hardening practices.

Preparation Tip: Review mobile OS architectures and perform APK reverse engineering.

18. IoT Hacking

• IoT attack surfaces: default passwords, open services.
• Introduction to firmware analysis and device exploitation.
• Securing IoT with segmentation, patching, and monitoring.

Preparation Tip: Explore default credentials, firmware extraction, and IoT device segmentation techniques.

19. Cloud Computing Threats

• Cloud models: IaaS, PaaS, SaaS security risks.
• Attacks: misconfigured storage, credential stuffing, privilege escalation.
• Mitigations: IAM, monitoring, and incident response in cloud environments.

Preparation Tip: Study cloud misconfigurations and IAM security policies in AWS or Azure free tiers.

20. Cryptography

• Core concepts: symmetric, asymmetric, hashing, PKI.
• Real-world attacks: SSL stripping, weak ciphers.
• Implementation best practices and compliance (e.g., GDPR, HIPAA).

Preparation Tip: Focus on key differences between encryption types, hashing, and PKI processes.

21. Ethical Hacking Tools and Techniques

• Hands-on with industry tools: Kali Linux, Metasploit, Burp Suite.
• End-to-end exploitation scenarios.
• Emphasis on toolchain optimization and automation.

Preparation Tip: Learn at least one powerful feature from each major CEH tool.

22. Hands-on Labs & Real-World Scenarios

• Capture the Flag (CTF) exercises mapped to MITRE ATT&CK.
• Documentation, reporting, and lessons learned from simulated tests.

Preparation Tip: Dedicate time to CTF challenges to apply theory under pressure.

Closing Notes

CEH v13 equips candidates to think like offensive and defensive cybersecurity professionals, blending technical mastery with real-world application. The program emphasizes legality, documentation, and ethics as key differentiators of a professional ethical hacker. By mastering these topics through hands-on labs and current threat intelligence, candidates are positioned for critical roles in security operations, penetration testing, and risk management.