Certified Ethical Hacker (CEH)
19h 22mIntermediate2025-02-03
Authors

Pearson

Omar Santos

Nick Garner
Course details
In this course, learn about exam topics and skills to successfully prepare for the Certified Ethical Hacker (CEH) certification exam. Taught by experienced security experts Omar Santos and Nick Garner, this course will help you better understand the world of hacking so you can act to defend attacks, as well as pass the CEH exam. This course has seven modules that dive into the key objectives of the exam, providing an in-depth exploration of ethical hacking, including fundamentals; reconnaissance techniques; network and perimeter hacking; system hacking phases and attack techniques; web application hacking; wireless, mobile, IoT and OT hacking; cloud computing, and cryptography.
Skills covered
Security TestingIncident ResponseCybersecurityCert Prep
Concepts
0. Introduction
- 01 - Certified Ethical Hacker (CEH) - Introduction
1. Introduction to Ethical Hacking
- 02 - Module 1 - Information security, cybersecurity, and ethical hacking overview introduction
- 03 - Learning objectives
- 04 - Introducing information security and cybersecurity
- 05 - Understanding the cyber kill chain and hacking concepts
- 06 - Surveying ethical hacking methodologies
- 07 - Understanding information security controls
- 08 - Understanding security laws and standards
- 09 - Planning and scoping a penetration testing assessment
- 10 - Building your own hacking lab with WebSploit Labs
2. Footprinting and Reconnaissance
- 11 - Module 2 - Reconnaissance techniques introduction
- 12 - Learning objectives
- 13 - Understanding information gathering and vulnerability identification
- 14 - Introducing open source intelligence (OSINT) techniques
- 15 - Exploring footprinting methodologies
- 16 - Utilizing search engines for footprinting
- 17 - Footprinting web services
- 18 - Exploiting social networking sites for footprinting
- 19 - Surveying password dumps, file metadata, and public source-code repositories
- 20 - Using whois for footprinting
- 21 - Implementing DNS footprinting
- 22 - Executing network footprinting
- 23 - Applying social engineering for footprinting
- 24 - Introducing Shodan, Maltego, Amass, Recon-ng, and other recon tools
- 25 - Identifying cloud vs. self-hosted assets
3. Scanning Networks
- 26 - Learning objectives
- 27 - Surveying network scanning concepts
- 28 - Exploiting scanning tools
- 29 - Understanding host discovery
- 30 - Performing website and web application reconnaissance
- 31 - Performing OS discovery - Banner grabbing and OS fingerprinting
- 32 - Scanning beyond IDS and firewall
- 33 - Creating network diagrams
- 34 - Discovering cloud assets
- 35 - Crafting packets with Scapy to perform reconnaissance
4. Enumeration
- 36 - Learning objectives
- 37 - Introducing enumeration techniques
- 38 - Performing NetBIOS enumeration
- 39 - Performing SNMP enumeration
- 40 - Performing LDAP enumeration
- 41 - Performing NTP and NFS enumeration
- 42 - Performing SMTP and DNS enumeration
- 43 - Conducting additional enumeration techniques
- 44 - Surveying enumeration countermeasures
5. Vulnerability Analysis
- 45 - Module 3 - System hacking phases and attack techniques introduction
- 46 - Learning objectives
- 47 - Understanding vulnerability assessment concepts
- 48 - Classifying and assessing vulnerability types
- 49 - Utilizing vulnerability assessment tools
- 50 - Generating vulnerability assessment reports
6. System Hacking
- 51 - Learning objectives
- 52 - Understanding system hacking concepts
- 53 - Gaining system access
- 54 - Cracking passwords
- 55 - Exploiting known and zero-day vulnerabilities
- 56 - Escalating privileges
- 57 - Maintaining access, command and control, and exfiltration
- 58 - Executing applications
- 59 - Hiding files
- 60 - Clearing logs
- 61 - Performing on-path attacks
- 62 - Introduction to lateral movement and exfiltration
- 63 - Understanding post-engagement cleanup
7. Malware Threats
- 64 - Learning objectives
- 65 - Understanding malware concepts
- 66 - Comprehending APT concepts
- 67 - Grasping trojan concepts
- 68 - Exploring virus and worm concepts
- 69 - Examining fileless malware and living off the land techniques
- 70 - Analyzing malware
- 71 - Implementing malware countermeasures
8. Sniffing
- 72 - Module 4 - Network and perimeter hacking introduction
- 73 - Learning objectives
- 74 - Introducing sniffing concepts
- 75 - Performing MAC attacks
- 76 - Conducting DHCP attacks
- 77 - Performing ARP poisoning
- 78 - Performing spoofing attacks
- 79 - Performing DNS poisoning
- 80 - Surveying sniffing tools
- 81 - Exploring sniffing countermeasures and detection techniques
9. Social Engineering
- 82 - Learning objectives
- 83 - Introducing social engineering concepts and techniques
- 84 - Understanding the insider threat
- 85 - Impersonation on social networking sites
- 86 - Understanding identity theft
- 87 - Understanding social engineering countermeasures
10. Denial-of-Service
- 88 - Learning objectives
- 89 - Introducing DoS DDoS concepts and attack techniques
- 90 - Defining what botnets are
- 91 - Exploring DDoS case studies
- 92 - Surveying DoS DDoS attack tools
- 93 - Understanding DoS DDoS countermeasures and protection tools
11. Session Hijacking
- 94 - Learning objectives
- 95 - Introducing session hijacking concepts
- 96 - Performing application level session hijacking
- 97 - Understanding network level session hijacking
- 98 - Surveying session hijacking tools
- 99 - Understanding session hijacking countermeasures
12. Evading IDS, Firewalls, and Honeypots
- 100 - Learning objectives
- 101 - Introducing IDS, IPS, firewall, and honeypot concepts
- 102 - Exploring IDS, IPS, firewall, and honeypot solutions
- 103 - Evading IDS and firewalls
- 104 - Surveying IDS and firewall evading tools
- 105 - Detecting honeypots and sandboxes
- 106 - Understanding IDS and firewall evasion countermeasures
13. Hacking Web Servers
- 107 - Module 5 - Web application hacking introduction
- 108 - Learning objectives
- 109 - Introducing web server concepts
- 110 - Exploring web server attacks
- 111 - Surveying web server attack methodologies
- 112 - Understanding web server countermeasures
- 113 - Understanding patch management
14. Hacking Web Applications
- 114 - Learning objectives
- 115 - Understanding web app concepts and identifying web app threats
- 116 - Exploring the OWASP Top 10 for web applications
- 117 - Applying web app hacking methodologies and footprinting web infrastructure
- 118 - Analyzing web applications and bypassing client-side controls
- 119 - Attacking authentication mechanisms
- 120 - Attacking session management mechanisms
- 121 - Exploiting authorization schemes and access controls flaws
- 122 - Exploiting cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities
- 123 - Understanding server-side request forgery (SSRF) vulnerabilities
- 124 - Exploiting buffer overflows and creating payloads
- 125 - Attacking application logic flaws and shared environments
- 126 - Attacking database connectivity and web app clients
- 127 - Attacking web services, exploiting web APIs, webhooks, and web shells
- 128 - Ensuring web app security
15. SQL Injection
- 129 - Learning objectives
- 130 - Introducing SQL injection concepts
- 131 - Understanding the types of SQL injection
- 132 - Exploring the SQL injection methodologies
- 133 - Exploring SQL injection tools
- 134 - Exploring SQL injection evasion techniques
- 135 - Understanding SQL injection countermeasures
16. Hacking Wireless Networks
- 136 - Module 6 - Wireless, mobile, IoT, and OT hacking introduction
- 137 - Learning objectives
- 138 - Introducing wireless concepts
- 139 - Understanding wireless encryption
- 140 - Exploring wireless threats
- 141 - Understanding wireless hacking methodologies
- 142 - Surveying wireless hacking tools
- 143 - Hacking Bluetooth
- 144 - Introducing wireless countermeasure
- 145 - Exploring wireless security tools
17. Hacking Mobile Platforms
- 146 - Learning objectives
- 147 - Understanding mobile platform attack vectors
- 148 - Hacking Android OS
- 149 - Hacking iOS
- 150 - Understanding mobile device management
- 151 - Surveying mobile security guidelines and tools
18. IoT and OT Hacking
- 152 - Learning objectives
- 153 - Understanding IoT concepts
- 154 - Surveying IoT hacking methodologies and IoT hacking tools
- 155 - Implementing IoT attack countermeasures
- 156 - Introducing OT, ICS, and SCADA concepts and attacks
- 157 - Implementing OT attack countermeasures
19. Cloud Computing
- 158 - Module 7 - Cloud computing and cryptography introduction
- 159 - Learning objectives
- 160 - Understanding cloud computing concepts
- 161 - Exploring container technology and Kubernetes
- 162 - Leveraging serverless computing
- 163 - Identifying cloud computing threats
- 164 - Conducting cloud hacking
- 165 - Ensuring cloud security
- 166 - Surveying patch management in the cloud
- 167 - Introducing DevSecOps
- 168 - Securing code, applications, and building DevSecOps pipelines
20. Cryptography
- 169 - Learning objectives
- 170 - Introducing cryptography and cryptanalysis
- 171 - Understanding the different encryption algorithms and post-quantum cryptography
- 172 - Describing hashing algorithms
- 173 - Understanding public key infrastructure (PKI)
- 174 - Understanding email encryption
- 175 - Understanding disk encryption
- 176 - Introducing certificate authorities (CAs) and certificate enrollment
- 177 - Surveying SSL and TLS implementations
- 178 - Surveying IPsec implementations and modern VPN implementations
21. Introduction to AI Threats and LLM Security
- 179 - Module 8 - Securing generative AI introduction
- 180 - Learning objectives
- 181 - Understanding the significance of LLMs in the AI landscape
- 182 - Exploring the resources for this course - GitHub repositories and others
- 183 - Introducing retrieval augmented generation (RAG)
- 184 - Understanding the OWASP Top 10 risks for LLMs
- 185 - Exploring the MITRE ATLAS (Adversarial Threat Landscape for Artificial-Intelligence Systems) framework
- 186 - Understanding the NIST taxonomy and terminology of attacks and mitigations
22. Understanding Prompt Injection Insecure Output Handling
- 187 - Learning objectives
- 188 - Defining prompt injection attacks
- 189 - Exploring real-life prompt injection attacks
- 190 - Using ChatML for OpenAI API calls to indicate to the LLM the source of prompt input
- 191 - Enforcing privilege control on LLM access to back-end systems
- 192 - Best practices around API tokens for plugins, data access, and function-level permissions
- 193 - Understanding insecure output handling attacks
- 194 - Using the OWASP ASVS to protect against insecure output handling
23. Training Data Poisoning, Model Denial of Service Supply Chain Vulnerabilities
- 195 - Learning objectives
- 196 - Understanding training data poisoning attacks
- 197 - Exploring model denial of service attacks
- 198 - Understanding the risks of the AI and ML supply chain
- 199 - Best practices when using open-source models from Hugging Face and other sources
- 200 - Securing Amazon Bedrock, SageMaker, Microsoft Azure AI services, and other environments
24. Sensitive Information Disclosure, Insecure Plugin Design, and Excessive Agency
- 201 - Learning objectives
- 202 - Understanding sensitive information disclosure
- 203 - Exploiting insecure plugin design
- 204 - Avoiding excessive agency
25. Overreliance, Model Theft, and Red Teaming AI Models
- 205 - Learning objectives
- 206 - Understanding overreliance
- 207 - Exploring model theft attacks
- 208 - Understanding red teaming of AI models
26. Protecting Retrieval Augmented Generation (RAG) Implementations
- 209 - Learning objectives
- 210 - Understanding the RAG, LangChain, LlamaIndex, and AI orchestration
- 211 - Securing embedding models
- 212 - Securing vector databases
- 213 - Monitoring and incident response
Conclusion
- 214 - Certified Ethical Hacker (CEH) - Summary
Related courses
Related learn paths
- Become an Ethical Hacker
- Become a Penetration Tester
- Getting Started with C++
- Become a Programmer: Foundations
- Penetration Testing Professional Certificate
- Prepare for the CompTIA PenTest+ (PT0-002) Certification Exam
- Explore Cybersecurity Careers
- Working with Data: Collecting, Processing, and Storing Data for AI