Certified Ethical Hacker (CEH) Exam Objectives

Fundamentals of information security, ethical hacking concepts, cyber kill chain methodology, MITRE ATT&CK framework, and relevant laws and standards.

Techniques and tools for gathering information about target networks, including OSINT, DNS footprinting, and social engineering reconnaissance.

Network scanning techniques for host, port, service, and OS discovery, including methods to bypass IDS and firewalls.

Enumerating network resources including NetBIOS, SNMP, LDAP, NFS, DNS, SMTP, and SMB services.

Identifying security loopholes using vulnerability scoring systems, databases, scanning tools, and AI-powered assessment.

System hacking methodologies including password cracking, privilege escalation, steganography, and covering tracks.

Types of malware including trojans, viruses, worms, ransomware, fileless malware, and APTs with static and dynamic analysis.

Packet-sniffing techniques including MAC flooding, ARP poisoning, MITM attacks, DNS poisoning, and countermeasures.

Social engineering concepts and techniques including phishing, impersonation, identity theft, and AI-powered attacks.

DoS and DDoS attack techniques, botnet operations, and detection/protection strategies.

Session hijacking techniques at application and network levels including TCP/IP hijacking, session ID compromise, and countermeasures.

Techniques for evading intrusion detection systems, firewalls, and honeypots, and related countermeasures.

Web server attack methodology including reconnaissance, DNS hijacking, web cache poisoning, and server hardening.

Web application hacking methodology covering OWASP Top 10, API security, web service attacks, and security testing.

SQL injection attack techniques, evasion methods, and countermeasures for protecting database-driven applications.

Wireless network security including encryption cracking, Bluetooth hacking, and wireless attack countermeasures.

Mobile platform attack vectors for Android and iOS, mobile device management, and mobile security guidelines.

IoT and Operational Technology attack surfaces, vulnerabilities, hacking methodologies, and security countermeasures.

Cloud computing concepts, threats, attacks on cloud services (AWS, Azure, GCP), and cloud security best practices.

Encryption algorithms, PKI, digital signatures, cryptanalysis techniques, and cryptographic attack countermeasures.