EC-COUNCIL C|EH DESCRIPTION
The All-New C|EHv12 with New Learning Framework: 1. Learn 2. Certify 3. Engage 4. Compete
Who is a Certified Ethical Hacker?
Ethical hackers are information security professionals who are trained to identify and mitigate vulnerabilities in networks and perform security assessments to prevent data breaches. Ethical hacking is a promising career path with extensive growth opportunities. Certified Ethical Hackers hold various job titles in cybersecurity; their core work is critical to testing and securing an organization’s assets. Ethical hackers are trained and skilled in the same Tactics, Techniques, and Procedures (TTP) used by malicious/black-hat hackers to break into organizations’ systems through a repeatable, methodical process that uncovers and exploits weaknesses.
C|EH Program Information
C|EH is divided into 20 modules and delivered through a carefully curated training plan that typically spans across 5 days. As you progress through your training, each module has extensive hands-on lab components that allow you to practice the techniques, and procedures taught in the program in real-time, and on live machines. The 20 modules are designed to help you master the foundations of ethical hacking and prepare you to challenge for the C|EH certification exam.
5 Phases of Ethical Hacking
Certified Ethical Hacker Version 12 is the most comprehensive cyber security program available that balances both breadth and depth to create knowledgeable and skilled Ethical Hackers. This is what makes C|EH v12 unique compared to other industry certifications. It provides comprehensive hands-on coverage on the 5 phases of Ethical Hacking across a variety of current day technologies. Knowing these 5 phases of ethical hacking is crucial to any organization, and the more you know of what a hacker can do, keeps you one step ahead of the attacks!
Reconnaissance refers to the preparatory phase where an attacker seeks to gather information about a target prior to launching an attack.
Scanning utilizes different tools to collect information on websites, networks, or file systems to detect vulnerabilities.
Gaining Access is where an attacker gets access to a system or application that is on a network or computer.
Maintaining Access also referred to as persistence. This allows an attacker continued access on a target whether the machine is rebooted, or the user is logged off.
Covering Tracks After gaining access to a target, removing any artifacts is critical to ensure you as an attacker does not leave a trace. This may include deleting logs, removing any tools, scripts, or applications that were installed on the target.
What is new in C|EH v12
C|EH v12 is a renewed program that teaches you everything you need to know about ethical hacking with training, labs, assessment, a mock engagement(practice) and even a series of global hacking competitions – all part of the C|EHV12!
C|EHv12 New Learning Framework
C|EH v12 has designed a new learning framework that uses a 4-phase methodology: Learn, Certify, Engage and Compete.
This approach to learning ensures that students who go through the C|EH v12 program receive an in-depth learning experience that provides comprehensive training, prepares learners for the certification exam, all while providing the hands-on labs, and practice range experiences to step into the workforce. This is a unique learning framework that only C|EHv12 offers to cybersecurity professionals.
4-Phase Learning Framework for C|EH v12
C|EH v12 incorporates Training, Hands-on Learning Labs, Certification Assessments, Practice Cyber Ranges, Cyber Competitions, and opportunities for continuous learning all into one comprehensive program curated through our new Learning Framework: Learn, Certify, Engage, and Compete. Into detail about the 4-Phase Learning Framework for C|EH v12.
1. C|EHv12 Learn
The C|EH v12 training program curates 20 modules covering a wide variety of technologies, tactics, and procedures providing prospective Ethical Hackers with the core knowledge needed to thrive in the cyber profession. Concepts covered in the training program are balanced 50/50 with knowledge and hands-on application through our Cyber range.
Every tactic discussed in training is backed by step-by-step labs conducting in a live virtualized environment with live targets, live tools, and vulnerable systems. WITH OVER 220 LABS, AND our Lab technology, you will have comprehensive hands-on practice to learn and apply the knowledge you attain.
C|EH V12 MODULES:
Module 01: Introduction to Ethical Hacking
Learn the fundamentals of key issues in the information security world, including the basics of ethical hacking, information security controls, relevant laws, and standard procedures.
Module 02: Footprinting and Reconnaissance
Learn how to use the latest techniques and tools to perform footprinting and reconnaissance, a critical pre-attack phase of the ethical hacking process.
Module 03: Scanning Networks
Learn different network scanning techniques and countermeasures.
Module 04: Enumeration
Learn various enumeration techniques, including Border Gateway Protocol (BGP) and Network File Sharing (NFS) exploits and associated countermeasures.
Module 05: Vulnerability Analysis
Learn how to identify security loopholes in a target organization’s network, communication infrastructure, and end systems. Different types of vulnerability assessment and vulnerability assessment tools are included as well.
Module 06: System Hacking
Learn about the various system hacking methodologies used to discover system and network vulnerabilities, including steganography, steganalysis attacks, and how to cover tracks.
Module 07: Malware Threats
Learn about different types of malware (Trojan, viruses, worms, etc.), APT and fileless malware, malware analysis procedures, and malware countermeasures.
Module 08: Sniffing
Learn about packet-sniffing techniques and their uses for discovering network vulnerabilities, plus countermeasures to defend against sniffing attacks.
Module 09: Social Engineering
Learn social engineering concepts and techniques, including how to identify theft attempts, audit human-level vulnerabilities, and suggest social engineering countermeasures.
Module 10: Denial-of-Service
Learn about different Denial of Service (DoS) and Distributed DoS (DDoS) attack techniques, plus the tools used to audit a target and devise DoS and DDoS countermeasures and protections.
Module 11: Session Hijacking
Learn the various session hijacking techniques used to discover network-level session management, authentication, authorization, and cryptographic weaknesses and associated countermeasures.
Module 12: Evading IDS, Firewalls, and Honeypots
Learn about firewall, intrusion detection system (IDS), and honeypot evasion techniques; the tools used to audit a network perimeter for weaknesses; and countermeasures.
Module 13: Hacking Web Servers
Learn about web server attacks, including a comprehensive attack methodology used to audit vulnerabilities in web server infrastructures and countermeasures.
Module 14: Hacking Web Applications
Learn about web application attacks, including a comprehensive web application hacking methodology used to audit vulnerabilities in web applications and countermeasures.
Module 15: SQL Injection
Learn about SQL injection attack techniques, evasion techniques, and SQL injection countermeasures.
Module 16: Hacking Wireless Networks
Learn about different types of encryption, threats, hacking methodologies, hacking tools, security tools, and countermeasures for wireless networks.
Module 17: Hacking Mobile Platforms
Learn mobile platform attack vectors, Android and iOS hacking, mobile device management, mobile security guidelines, and security tools.
Module 18: IoT Hacking
Learn different types of Internet of Things (IoT) and operational technology (OT) attacks, hacking methodologies, hacking tools, and countermeasures.
Module 19: Cloud Computing
Learn different cloud computing concepts, such as container technologies and serverless computing, various cloud computing threats, attacks, hacking methodologies, and cloud security techniques and tools.
Module 20: Cryptography
Learn about encryption algorithms, cryptography tools, Public Key Infrastructure (PKI), email encryption, disk encryption, cryptography attacks, and cryptanalysis tools.
Hands-On Learning labs
100% virtualization for a complete learning experience
After login, you will have full access to pre-configured targets, networks, and the attack tools necessary to exploit them:
Pre-configured vulnerable websites
Vulnerable, unpatched operating systems
Fully networked environments
3,500+ hacking tools
And much more!
Wide range of target platforms to hone your skills
519 attack techniques covered
Objective-oriented flags for critical thinking and applied knowledge assessment
Cloud based cyber range
2. C|EHv12 Certify
The Certified Ethical Hacker Credential is the most trusted certification across the globe, and is the baseline measurement of ones grasp on the concepts in ethical hacking and security testing.
As an ANSI 17024 accredited examination, the 125 question, 4-hour proctored exam is recognized across the globe as the original, and most trusted tactical cyber security certification for ethical hackers. Each of the Certification Domains are carefully vetted through industry practitioners ensuring the certification maps to current industry requirements. This exam undergoes regular psychometric evaluation and tuning to ensure a fair and accurate measure of the candidate’s knowledge in the Ethical Hacking domains.
After completing the C|EH exam, you also have the opportunity to elevate your credentials. You can take the practical exam that consists of 20 practical challenges in a 6-hour period. Just envision your title as a C|EH Master, this credential will set you apart from you fellow peers.
3. C|EHv12 Engage
New to C|EH v12, students will embark on their first emulated ethical hacking engagement. This 4-phase engagement requires the student to think critically and apply the knowledge and skills gained in the course. Learners will perform and capture a series of flags in each phase demonstrating the live application of skills and abilities in a consequence free environment, in EC-Council’s new Cyber Range.
In the engage phase of learning: you will apply the 5 phases to ethical hacking while conducting real-world ethical hacking assignments. They include:
Covering your tracks
4. C|EHv12 Compete
The compete phase, new to C|EH v12, the C|EH Global Challenges run every month providing Capture-The-Flag style competitions exposing Certified Ethical Hackers to a variety of modern technologies and platforms from Web Applications, OT, IoT, SCADA and ICS systems, to Cloud and Hybrid environments. Our Compete structure allows C|EH’s to fight their way to the top of the leader board each month in these 4-hour curated CTF’s.
Objective based flags are designed around the Ethical Hacking process keeping the C|EH’s skills current, assessing their critical thinking abilities and covering the latest vulnerabilities and exploits as they are discovered. The capture-the-flag competitions are hosted 100% online in EC-Council’s Cyber Range.
Candidates race the clock in scenario-based engagements against fully developed Network and application environments with operating systems, real networks, real tools, and real vulnerabilities.
New Challenges Every Month!
October - OWASP Top 10 Web Application Threat Vectors
November - Ransomware/Malware Analysis
December - Outdated/Unpatched Software
January - System Hacking and Privilege Escalation
February - Web Application Hacking and Pen Testing
March - Cloud Attack/Hacking
April - Social Engineering/Phishing attacks
May - IoT Attack/Hacking
June - Wi-Fi Network Attack/Hacking
July - DOS/DDoS Attack
August - Mobile Attack/Hacking
September - Supply Chain Cyber Attacks
Key Updates to the C|EH v12
New Learning Framework: 1. Learn 2. Certify 3. Engage 4. Compete
Compete: New challenges every month!
100% compliance with the NICE 2.0 Framework
Based on comprehensive industry-wide job task analysis
Hands-on Learning Labs
Global C|EH community competitions
Coverage of the latest malware
Lab-intensive program (every learning objective is demonstrated using labs)
Hands-on program (50% of training time is dedicated to labs)
Lab environments that simulate real-time environments
Covers the latest hacking tools (based on Windows, macOS, and Linux)
Latest OS covered and a patched testing environment
Updated versions of tool screenshots, tool listing slides, and countermeasure slides
MITRE ATT&CK framework
Diamond model of intrusion analysis
Techniques for establishing persistence
Evading NAC and endpoint security
Having your C|EH certification will open doors to over 20+ different career roles. They include:
Mid-Level Information Security Auditor
IT Security Administrator
Cyber Defense Analyst
Vulnerability Assessment Analyst
Information Security Analyst 1
Security Analyst L1
Infosec Security Administrator
Cybersecurity Analyst level 1, level 2, & level 3
Network Security Engineer
SOC Security Analyst
Senior Security Consultant
Information Security Manager
Senior SOC Analyst