• Security officers, auditors, security professionals, site administrators, network administrators, systems engineers, and anyone concerned with network infrastructure security
• IT professionals seeking to gain or validate offensive security skills
• Individuals preparing to sit for the CEH v12 (312-50) exam

• Basic working knowledge of networking, operating systems (Windows, Linux), and security fundamentals
• Some prior hands-on experience in cybersecurity, system administration or IT operations is preferred
• If self-studying, EC-Council may require proof of at least two years of information security work experience or equivalent education

• Understand the full phases of ethical hacking (reconnaissance, scanning, enumeration, exploitation, post-exploitation)
• Conduct advanced reconnaissance, scanning, and enumeration with real penetration tools
• Identify and exploit vulnerabilities in systems, network, applications, cloud, mobile, IoT, and OT environments
• Use and defend against malware, sniffing, DoS, session hijacking, and evasion techniques
• Test, assess, and secure web servers and web applications (injection, XSS, logic flaws)
• Employ wireless and mobile attack strategies and defenses
• Understand cloud and IoT/OT security risks and how to exploit or mitigate them
• Apply cryptographic methods, PKI, and recognize common cryptanalysis techniques
• Use EC-Council’s labs / cyber range environments (CEH Engage) to simulate real-world hacking engagements
• Prepare for and pass both the CEH v12 Theory (125 MCQ, 4 hours) and optionally CEH Practical (6-hour hands-on) exams

Information security concepts, laws & standards, hacking methodology, attack vectors

Techniques and tools for gathering information about target systems, passive & active reconnaissance, countermeasures

Network scanning, port scanning, OS detection, service enumeration, countermeasures

Techniques for enumerating systems and services, user accounts, shared resources

Identifying and analyzing security weaknesses, using vulnerability assessment tools and frameworks

Gaining access, escalating privileges, covering tracks, steganography, countermeasures

Malware taxonomy (viruses, worms, Trojans, RATs), malware analysis and anti-malware controls

Packet sniffing, network traffic capture & analysis, ARP poisoning, defenses

Phishing, pretexting, phishing methods and countermeasures

DoS / DDoS attacks, tools, mitigation strategies

Techniques for session attacks, cookies, tokens, countermeasures

Techniques to bypass security controls and detection mechanisms

Web-based vulnerabilities (SQL injection, XSS, file inclusion, etc.) and mitigation strategies

Injection techniques, detection tools, prevention, countermeasures

Wireless security weaknesses, WPA/WPA2/3, attacking Wi-Fi networks, defense measures

Android/iOS vulnerabilities, mobile threat vectors, mitigation

Cloud architecture, container & serverless risks, IoT/OT device vulnerabilities and defenses

Cryptographic algorithms, PKI, attacks, cryptanalysis techniques