ec-council-white-logo.png.webp

Build Your Career with the World’s Most 
In-Demand Ethical Hacking Certification!

Master the most sought-after skills, including Reconnaissance, Vulnerability Analysis, Social Engineering, Session Hijacking, SQL Injections, Cloud Computing, and Cryptography now. 

250,000+ enrolled!

20

Comprehensive Modules

220

Hands-On
Labs

3500

Hacking
Tools

519
Attack
Techniques

Seize the opportunity and build your career with the most in-demand ethical hacking certification in the world, Certified Ethical Hacker (C|EH).

Cyber-attacks are increasing in numbers and sophistication. This means the world needs more cyber security professionals to act as the first line of defense. Skill up to become the first line of defense against cyberattacks.

Want to know more?

Become a Certified Ethical Hacker (C|EH)

"*" indicates required fields

Select your desired mode of training*
Country*

How C|EH v12 Empowers You

  • bullet
    Unique “Learn, Certify, Engage and Compete” methodology for aspiring cyber professionals
  • bullet
    Learn ethical hacking in a structured setting across 20 domains
  • bullet
    Build skills with over 220 challenge-based, hands-on labs with CyberQ™ Labs
  • bullet
    Gain experience with over 500 unique attack techniques
  • bullet
    Learn commercial-grade hacking tools and techniques
  • bullet
    Engage: “hack” a real organization with C|EH® Elite to gain experience
  • bullet
    Compete with hackers around the world as part of the C|EH® Elite program
  • bullet
    Attain the most recognized credential in the cybersecurity industry, C|EH®

Show Off Your Skills with the World’s No. 1 Credential in Ethical Hacking

The knowledge and skills gained through the C|EH® program are second to none covering the widest possible set of domains in cybersecurity. Holding the industry-recognized, ANSI-accredited C|EH® certification proves to your current or prospective employer that EC-Council has evaluated your knowledge and skills and conferred a certification to you based on your accomplishments in the program.

Accreditations, Recognitions & Endorsements

Learn Ethical Hacking

a New Revolutionary Way! 

Our exclusive Learn | Certify | Engage | Compete framework covers not only a comprehensive training program to prepare you for the certification exam but also the industry’s most robust, in-depth, hands-on lab experience of any cybersecurity program available. C|EH v12 will teach you the latest commercial-grade hacking tools, techniques, and methodologies used by hackers and information security professionals to lawfully hack an organization.

1. Gain Skills

Master new skills through a carefully curated training plan and practice every learning objective in the course on live machines and vulnerable targets. Get unprecedented exposure and hands-on experience with the most common security tools, the latest vulnerabilities, and widely used operating systems.

 

With C|EH®, you will get access to

  • bullet-red
    20 modules
  • bullet-red
    Over 220 hands-on-labs with competition flags
  • bullet-red
    Over 3,500 hacking tools

(Windows 11, Windows Servers, Linux, Ubuntu, Android)

2. Gain experience

Prove your skills and abilities with online, practical examinations! The exam comprises two phases: the C|EH Knowledge exam that tests your skills in Information Security, Attack Detection, Attack Prevention, Procedures, Methodologies, and more, and the C|EH (Practical) that requires you to demonstrate the skills and abilities of ethical hacking techniques such as Port scanning tools, Vulnerability detection Attacks on a system, SQL injection methodology, and evasion techniques, and more.

Take a quick look at the two phases of the C|EH Exam

C|EH Knowledge Exam

  • bullet-red
    125 Multiple-Choice Questions
  • bullet-red
    4 Hours
  • bullet-red
    ANSI 17024 Accredited

C|EH Practical Exam

  • bullet-red
    6 hours practical exam
  • bullet-red
    20 scenario-based questions
  • bullet-red
    Prove your skills and abilities

3. Gain Recognition

With C|EH Engage, you will develop real-world experience in ethical hacking in a hands-on environment through a 4-phase security engagement. This engagement requires students to think critically and test the knowledge and skills gained by capturing a series of flags in each phase, demonstrating the live application of skills and abilities in a consequence-free environment through EC-Council’s new Cyber Range.

The four phases of the security engagement are

  • bullet-red
    Vulnerability Assessment
  • bullet-red
    Gaining Access
  • bullet-red
    Perimeter and Web App Exploitation
  • bullet-red
    Mobile, IoT, OT Exploitation

4. Gain Respect

You get the opportunity to participate in the C|EH Global Challenges that occur every month, providing capture-the-flag style competitions that expose you to various new technologies and platforms, from web applications, OT, IoT, SCADA, and ICS systems to the cloud and hybrid environments. Hosted 100% online in EC-Council’s Cyber Range, you will race the clock in scenario-based engagements.  

Here is a quick overview of the C|EH Global Challenges:

  • bullet-red
    New challenges every month
  • bullet-red
    4-hour competition
  • bullet-red
    Opportunity to Compete with your peers all over the world
  • bullet-red
    Chance to hack your way to the top of the Leaderboard
  • bullet-red
    A pathway to gain recognition

Here’s an Inside Look into What You’re Going to Learn with the C|EH Program

Cover the fundamentals of key issues in the information security world, including the basics of ethical hacking, information security controls, relevant laws, and standard procedures.
Key topics covered:
Elements of Information Security, Cyber Kill Chain Methodology, MITRE ATT&CK Framework, Hacker Classes, Ethical Hacking, Information Assurance (IA), Risk Management, Incident Management, PCI DSS, HIPPA, SOX, GDPR

Learn how to use the latest techniques and tools to perform footprinting and reconnaissance, a critical pre-attack phase of the ethical hacking process.

Hands-On Lab Exercises:

Over 30 hands-on exercises with real-life simulated targets to build skills on how to:

  • Perform footprinting on the target network using search engines, web services, and social networking sites
  • Perform website, email, whois, DNS, and network footprinting on the target network

Cover the fundamentals of key issues in the information security world, including the basics of ethical hacking, information security controls, relevant laws, and standard procedures.

Hands-On Lab Exercises:

  • Perform footprinting on the target network using search engines, web services, and social networking sites
  • Perform website, email, whois, DNS, and network footprinting on the target network

Learn various enumeration techniques, such as Border Gateway Protocol (BGP) and Network File Sharing (NFS) exploits, plus associated countermeasures.

Hands-On Lab Exercises:

Over 20 hands-on exercises with real-life simulated targets to build skills on how to:

  • Perform NetBIOS, SNMP, LDAP, NFS, DNS, SMTP, RPC, SMB, and FTP Enumeration

Learn how to identify security loopholes in a target organization’s network, communication infrastructure, and end systems.

Hands-On Lab Exercises:

Over 5 hands-on exercises with real-life simulated targets to build skills on how to:

  • Perform vulnerability research using vulnerability scoring systems and databases
  • Perform vulnerability assessment using various vulnerability assessment tools

Learn about the various system hacking methodologies used to discover system and network vulnerabilities, including steganography, steganalysis attacks, and covering tracks.

Hands-On Lab Exercises:

Over 25 hands-on exercises with real-life simulated targets to build skills on how to:

  • Perform Online active online attack to crack the system’s password
  • Perform buffer overflow attack to gain access to a remote system
  • Escalate privileges using privilege escalation tools
  • Escalate privileges in the Linux machine
  • Hide data using steganography
  • Clear Windows and Linux machine logs using various utilities
  • Hiding artifacts in Windows and Linux machines

Get an introduction to the different types of malware, such as Trojans, viruses, and worms, as well as system auditing for malware attacks, malware analysis, and countermeasures.

Hands-On Lab Exercises:

Over 20 hands-on exercises with real-life simulated targets to build skills on how to:

  • Gain control over a victim machine using Trojan
  • Infect the target system using a virus
  • Perform static and dynamic malware analysis

Key topics covered:

Malware, Components of Malware, APT, Trojan, Types of Trojans, Exploit Kits, Virus, Virus Lifecycle, Types of Viruses, Ransomware, Computer Worms, Fileless Malware, Malware Analysis, Static Malware Analysis, Dynamic Malware Analysis, Virus Detection Methods, Trojan Analysis, Virus Analysis, Fileless Malware Analysis, Anti-Trojan Software, Antivirus Software, Fileless Malware Detection Tools

Learn about packet-sniffing techniques and how to use them to discover network vulnerabilities, as well as countermeasures to defend against sniffing attacks.

Hands-On Lab Exercises:

Over 10 hands-on exercises with real-life simulated targets to build skills on how to:

  • Perform MAC flooding, ARP poisoning, MITM, and DHCP starvation attack
  • Spoof a MAC address of a Linux machine
  • Perform network sniffing using various sniffing tools
  • Detect ARP poisoning in a switch-based network

Key topics covered:

Network Sniffing, Wiretapping, MAC Flooding, DHCP Starvation Attack, ARP Spoofing Attack, ARP Poisoning, ARP Poisoning Tools, MAC Spoofing, STP Attack, DNS Poisoning, DNS Poisoning Tools, Sniffing Tools, Sniffer Detection Techniques, Promiscuous Detection Tools

Learn social engineering concepts and techniques, including how to identify theft attempts, audit human-level vulnerabilities, and suggest social engineering countermeasures.

Hands-On Lab Exercises:

Over 4 hands-on exercises with real-life simulated targets to build skills on how to:

  • Perform social engineering using Various Techniques
  • Spoof a MAC address of a Linux machine
  • Detect a phishing attack
  • Audit an organization’s security for phishing attacks

Key topics covered:

Social Engineering, Types of Social Engineering, Phishing, Phishing Tools, Insider Threats/Insider Attacks, Identity Theft

Learn about different Denial-of-Service (DoS) and Distributed DoS (DDoS) attack techniques, as well as the tools used to audit a target and devise DoS and DDoS countermeasures and protections.

Hands-On Lab Exercises:

Over 5 hands-on exercises with real-life simulated targets to build skills on how to:

  • Perform a DoS and DDoS attack on a target host
  • Detect and protect against DoS and DDoS attacks

Key topics covered:

DoS Attack, DDoS Attack, Botnets, DoS/DDoS Attack Techniques, DoS/DDoS Attack Tools, DoS/DDoS Attack Detection Techniques, DoS/DDoS Protection Tools

Understand the various session hijacking techniques used to discover network-level session management, authentication, authorization, and cryptographic weaknesses and associated countermeasures.

Hands-On Lab Exercises:

Over 4 hands-on exercises with real-life simulated targets to build skills on how to:

  • Perform session hijacking using various tools
  • Detect session hijacking

Key topics covered:

Session Hijacking, Types of Session Hijacking, Spoofing, Application-Level Session Hijacking, Man-in-the-Browser Attack, Client-side Attacks, Session Replay Attacks, Session Fixation Attacks, CRIME Attacks, Network Level Session Hijacking, TCP/IP Hijacking, Session Hijacking Tools, Session Hijacking Detection Methods, Session Hijacking Prevention Tools

Get introduced to firewalls, intrusion detection systems, and honeypot evasion techniques; the tools used to audit a network perimeter for weaknesses; and countermeasures.

Hands-On Lab Exercises:

Over 7 hands-on exercises with real-life simulated targets to build skills on how to:

  • Bypass Windows Firewall
  • Bypass firewall rules using tunneling
  • Bypass antivirus

Learn about web server attacks, including a comprehensive attack methodology used to audit vulnerabilities in web server infrastructures and countermeasures.

Hands-On Lab Exercises:

Over 8 hands-on exercises with real-life simulated targets to build skills on how to:

  • Perform web server reconnaissance using various tools
  • Enumerate web server information
  • Crack FTP credentials using a dictionary attack

Key topics covered:

Web Server Operations, Web Server Attacks, DNS Server Hijacking, Website Defacement, Web Cache Poisoning Attack, Web Server Attack Methodology, Web Server Attack Tools, Web Server Security Tools, Patch Management, Patch Management Tools

Learn about web application attacks, including a comprehensive web application hacking methodology used to audit vulnerabilities in web applications and countermeasures.

Hands-On Lab Exercises:

Over 15 hands-on exercises with real-life simulated targets to build skills on how to:

  • Perform web application reconnaissance using various tools
  • Perform web spidering
  • • Perform web application vulnerability scanning
  • Perform a brute-force attack
  • Perform Cross-Site Request Forgery (CSRF) Attack
  • Identify XSS vulnerabilities in web applications
  • Detect web application vulnerabilities using various web application security tools

Key topics covered:

Web Application Architecture, Web Application Threats, OWASP Top 10 Application Security Risks – 2021, Web Application Hacking Methodology, Web API, Webhooks, and Web Shell, Web API Hacking Methodology, Web Application Security

Learn about SQL injection attack techniques, injection detection tools, and countermeasures to detect and defend against SQL injection attempts.

Hands-On Lab Exercises:

Over 15 hands-on exercises with real-life simulated targets to build skills on how to:

  • Perform an SQL injection attack against MSSQL to extract databases
  • Detect SQL injection vulnerabilities using various SQL injection detection tools

Key topics covered:

SQL Injection, Types of SQL injection, Blind SQL Injection, SQL Injection Methodology, SQL Injection Tools, Signature Evasion Techniques, SQL Injection Detection Tools

Learn about wireless encryption, wireless hacking methodologies and tools, and Wi-Fi security tools

Hands-On Lab Exercises:

Over 3 hands-on exercises with real-life simulated targets to build skills on how to:

  • Foot Print a wireless network
  • Perform wireless traffic analysis
  • Crack WEP, WPA, and WPA2 networks
  • Create a rogue access point to capture data packets

Key topics covered:

Wireless Terminology, Wireless Networks, Wireless Encryption, Wireless Threats, Wireless Hacking Methodology, Wi-Fi Encryption Cracking, WEP/WPA/WPA2 Cracking Tools, Bluetooth Hacking, Bluetooth Threats, Wi-Fi Security Auditing Tools, Bluetooth Security Tools

Learn about mobile platform attack vectors, Android vulnerability exploits, and mobile security guidelines and tools.

Hands-On Lab Exercises:

Over 5 hands-on exercises with real-life simulated targets to build skills on how to:

  • • Hack an Android device by creating binary payloads
  • • Exploit the Android platform through ADB
  • • Hack an Android device by creating an APK file
  • • Secure Android devices using various Android security tools

Key topics covered:

Mobile Platform Attack Vectors, OWASP Top 10 Mobile Risks, App Sandboxing, SMS Phishing Attack (SMiShing), Android Rooting, Hacking Android Devices, Android Security Tools, Jailbreaking iOS, Hacking iOS Devices, iOS Device Security Tools, Mobile Device Management (MDM), OWASP Top 10 Mobile Controls, Mobile Security Tools.

Learn about packet-sniffing techniques and how to use them to discover network vulnerabilities, as well as countermeasures to defend against sniffing attacks.

Hands-On Lab Exercises:

Over 2 hands-on exercises with real-life simulated targets to build skills on how to:

  • Gather information using Online footprinting tools
  • Capture and analyze IoT device traffic

Key topics covered:

IoT Architecture, IoT Communication Models, OWASP Top 10 IoT Threats, IoT Vulnerabilities, IoT Hacking Methodology, IoT Hacking Tools, IoT Security Tools, IT/OT Convergence (IIOT), ICS/SCADA, OT Vulnerabilities, OT Attacks, OT Hacking Methodology, OT Hacking Tools, OT Security Tools

Learn different cloud computing concepts, such as container technologies and serverless computing, various cloud-based threats and attacks, and cloud security techniques and tools.

Hands-On Lab Exercises:

Over 5 hands-on exercises with real-life simulated targets to build skills on how to:

  • Perform S3 Bucket enumeration using various S3 bucket enumeration tools
  • Exploit open S3 buckets
  • Escalate IAM user privileges by exploiting misconfigured user policy

Key topics covered:

Cloud Computing, Types of Cloud Computing Services, Cloud Deployment Models, Fog and Edge Computing, Cloud Service Providers, Container, Docker, Kubernetes, Serverless Computing, OWASP Top 10 Cloud Security Risks, Container and Kubernetes Vulnerabilities, Cloud Attacks, Cloud Hacking, Cloud Network Security, Cloud Security Controls, Cloud Security Tools

In the final module, learn about cryptography and ciphers, public-key infrastructure, cryptography attacks, and cryptanalysis tools.

Hands-On Lab Exercises:

Over 10 hands-on exercises with real-life simulated targets to build skills on how to:

  • Calculate MD5 hashes
  • Perform file and text message encryption
  • Create and use self-signed certificates
  • Perform email and disk encryption
  • Perform cryptanalysis using various cryptanalysis tools

Key topics covered:

Cryptography, Encryption Algorithms, MD5 and MD6 Hash Calculators, Cryptography Tools, Public Key Infrastructure (PKI), Email Encryption, Disk Encryption, Cryptanalysis, Cryptography Attacks, Key Stretching

Here are the Job Roles

That C|EH Prepares You For 

  • bullet-black
    Mid-Level Information Security Auditor
  • bullet-black
    Cybersecurity Auditor
  • bullet-black
    Security Administrator
  • bullet-black
    IT Security Administrator
  • bullet-black
    Cyber Defense Analyst
  • bullet-black
    Vulnerability Assessment Analyst
  • bullet-black
    Network Security Engineer
  • bullet-black
    SOC Security Analyst
  • bullet-black
    Security Analyst
  • bullet-black
    Senior SOC Analyst
  • bullet-black
    Senior Security Consultant
  • bullet-black
    Warning Analyst
  • bullet-black
    Cybersecurity Auditor
  • bullet-black
    Information Security Analyst 1
  • bullet-black
    Security Analyst L1
  • bullet-black
    Infosec Security Administrator
  • bullet-black
    Cybersecurity Analyst level 1, level 2, & level 3
  • bullet-black
    Cybersecurity Consultant
  • bullet-black
    Information Security Manager
  • bullet-black
    Solution Architect
  • …And much more.

Our Certified Students Work in World’s Leading Companies

accenture-logo
cisco logo

Why People Love C|EH

Our learners can vouch for the superior quality of our courses and features. Here’s what they’re saying:

Before I Started the C|EH Training, I had some knowledge about KaliLinux, BackTrack, Wireshark, and other tools, but the C|EH gave me more advanced training on these tools and more, like Armitage, Metasploit, Burp Suite, Nmap, Zenmap, Nessus, and many more.

— Iskren Yankov, Chief Expert Information Security Officer, Ministry of Agriculture, Food and Forestry

 

The training material for C|EH was perfect! It had an abundance of knowledge, and I was delighted to learn multiple practices to find and exploit vulnerabilities within a system.

 

— Seth Henry, Systems Engineer, Booz Allen Hamilton

 

Day 5 of certified ethical hacker training. Enlightened! What an awesome learning experience! Thanks, Accenture.

 

 

Christopher Kolling, Security Associative Principal, Accenture

Frequently Asked Questions

Accreditations measure the capability of the certification body from various aspects, including program design, management, content, delivery, policy, discipline, financial viability, the relevance of training, demand, and more. C|EH is accredited by ANAB, the ANSI National Accreditation Board under ANSI ISO/IEC 17024, and is also accredited by the American Council on Education (ACE) under ACE ID ECCL-0002 as credit-bearing and transferrable for three elective credits.

There are no specific prerequisites for the C|EH program. However, we strongly recommend that candidates possess a minimum of 2 years of experience in IT security before joining a C|EH training program. C|EH training is about testing systems and using them for purposes not originally intended; candidates should understand the basic functions of those IT systems before attempting to hack them.

Yes! C|EH is available Online in both Instructor Led self-paced learning and live Instructor-led. Visit https://iclass.eccouncil.org for more information.

What is the difference between live training and on-demand, self-paced training from EC-Council iClass?

iClass, EC-Council’s official eLearning division, provides two primary forms of training, Masterclass, and iLearn.

Explore the commonly asked questions about the C|EH program and answers to them.

Anyone wishing to take the C|EH Examination must first be deemed eligible to take the exam. We offer two paths to eligibility:

1. Attend official training through our online learning provided by iClass, through an Authorized Training Center (ATC) located in 140+ countries around the world, or at a college or university that is also an official EC-Council Academia Partner. All candidates attending official training at an official EC-Council partner, if deemed eligible to participate in the training, will have direct access to the examination, which can be proctored at the training center, online using EC-Council’s remote proctoring service, or at over 4,500 VUE testing centers across the world.

2. Eligibility Application – If you possess the experience and don’t feel training is necessary for the exam domains, you may wish to skip the training and go straight to challenging the exam. If you do not attend official training, you must apply for exam eligibility here: https://cert.eccouncil.org/application-process-eligibility.html. After the application is processed and approved, EC-Council will work directly with you to determine the best delivery method for the exam. You may then challenge the 4-hour certification exam as scheduled.

The C|EH Exam is an ANSI 17024 exam which means it goes through extensive external validation to ensure the examination itself is fair for the knowledge and experience level of our certification challengers. With the recommendation of 2 years experience in  IT Security or 0fficial training, candidates attempting the exam need to possess strong knowledge in computing systems, networks, and a variety of other IT topics. The examination itself uses Cut-Scores to determine pass/fail results, and cut scores are carefully set by psychometricians who regularly evaluate test question performance and average pass/fail results throughout the program’s life. Reviews from our certification members with limited experience or background have rated our exam difficult, while more seasoned IT and IT security professionals rate it as moderately challenging even after official training. You may review the exam domains and blueprints here to learn more: https://cert.eccouncil.org/certified-ethical-hacker.html.

EC-Council’s official exam retake policy is available here:https://cert.eccouncil.org/exam-retake-policy.html.

EC-Council’s official exam retake policy is available here:https://cert.eccouncil.org/exam-retake-policy.html.

Official training is the most common path students take to prepare for C|EH. The certified EC-Council instructors utilize official EC-Council training materials carefully designed to take you through the various domains covered on the certification exam. Accompanying the training materials, C|EH also includes over 50% hands-on activities in a live Cyber Range where you will practice and apply the knowledge and skills learned in the course against live virtual systems in a controlled environment. Students also receive official exam Prep test banks where they can practice with mock exam questions broken up by domain to assess your level of readiness for the certification. We strongly recommend utilizing these resources to prepare. However, suppose you choose the direct eligibility route and review the domains covered in the exam and the exam blueprint based on your own knowledge and experience levels. In that case, you can self-assess your competency in each area and decide if you are ready to attempt the exam. Students in official C|EH training from V12 on receive free retakes based on the package they enroll into, and retake exams are available for others if required for a fee.

The CEH exam is a 4-hour, scenario-based examination with multiple-choice questions. Each question is carefully weighted to the domain and objective and carries its own cut score. The C|EH exam itself has multiple exam forms that rotate along with rotating questions in each exam form. Because the questions and forms rotate, each exam has a cumulative cut score calculated as the aggregate of all question cut scores. This rotation creates multiple variations of passing scores based on the exam form you receive; typical passing cut scores range from 65% to 80%, providing the most equitable and fair approach to exam performance per ANSI 17024 testing standards. Cut Scores and your achieved score will be shown on your exam transcript, available immediately after completing the examination.

Yes, all legitimate professional certifications have a recertification and maintenance process. The requirements are published under our EC-Council Continuing Education (ECE) Policy, available here: https://cert.eccouncil.org/ece-policy.html.

The total time it takes to become a C|EH can vary by student, but the typical answer is 5 days. C|EH official training is structured as 5-day Bootcamp style training with testing typically delivered at the end of the 5th day as a 4-hour exam. Students who follow an on-demand or self-paced course through iClass or decide to defer their testing date may take longer to achieve certification.

The masterclass provides the student with a Live Online, Instructor-led class schedule with set times where our award-winning instructors will guide you through the C|EH training module by module incorporating hands-on lab time, breakout sessions for discussions, and a live presentation of all course materials.

iLearn is EC-Council’s On-Demand training option. We have hand selected the best instructors, flown them to our Albuquerque-based studio, and produced professional pre-recorded video lectures and lab walkthroughs that can be accessed through your iClass student account any time, 24x7x365.

While most students elect to attend official training receiving the professional guidance of a certified instructor, others prefer to study on their own without official training. Materials are available at the EC-Council Store if you wish to learn on your own. This is what we label as self-study. Any student electing the self-study route will need to apply for exam eligibility as they did not attend official training.

No. Attending Official training is one of the two ways to become eligible to take the C|EH exam. Suppose you have completed Official Training through the EC-Council or one of our Authorized Training centers. In that case, you will not need to apply for exam eligibility, you will not need to pay the $100 Application Fee, and you will not have to wait for reference checks to be approved. Authorized Training Centers have the contracted right to deliver exams directly after completing your official training. If the training center you have gone to advises you in any other way, please call us, and we will help sort out the confusion or validate that your training was at an Authorized Training Center.

EC-Council_Logo-01
©   2023 EC-Council All rights reserved.