Ready to start learning?

[ Course ]

Certified Ethical Hacker Career Path

Discover how to identify security vulnerabilities, evaluate systems ethically, and develop effective mitigation strategies to protect digital assets.

129 Hrs 51 Min807 Videos320 QuestionsCertificate of CompletionClosed Captions

When a web server leaks directory listings, a password policy allows “Winter2024!” to survive a security audit, or a misconfigured VPN exposes internal services to the internet, Ethical Hacking is the discipline that helps you find the problem before someone with bad intentions does. This course is built around that exact reality. I’m not teaching you to collect a bag of tools and call it security. I’m teaching you how to evaluate systems legally, think through attack paths, and document weaknesses in a way that actually helps an organization fix them.

This Certified Ethical Hacker Career Path is the roadmap I would give you if you want to move from general IT support or security curiosity into real offensive security work. It is especially useful if you are aiming for the EC-Council® Certified Ethical Hacker (C|EH™) certification, because the certification only makes sense when you understand the method behind the exam objectives. CEH™ and Certified Ethical Hacker™ are trademarks of EC-Council®.

Ethical Hacking: what this career path is really about

Ethical Hacking is not just “penetration testing lite,” and it is definitely not about memorizing a few exploit names so you can sound impressive in a meeting. The real work is more disciplined than that. You start by understanding the target environment, then you collect information, map the attack surface, identify weaknesses, validate whether those weaknesses are exploitable, and finally translate your findings into clear remediation guidance. That chain matters. If you miss the chain, you end up with noisy results and no real security value.

In this course, you learn how ethical hackers think at each stage of an assessment. You look at systems the way an attacker would, but you do it in a controlled, authorized, professional way. That means learning the difference between passive reconnaissance and active scanning, understanding what enumeration reveals that scanning cannot, and recognizing when a vulnerability is merely theoretical versus when it is actionable in a live environment. Those distinctions are what separate a junior tool operator from a useful practitioner.

The reason this path is worth your time is simple: organizations need people who can identify risk and explain it without panic. Security teams do not need drama. They need evidence, context, and practical next steps. This course helps you build exactly that mindset.

What you will learn in this Ethical Hacking course

This course is organized around the workflow of a real assessment, not around isolated trivia. You will see how the pieces fit together: reconnaissance, footprinting, scanning, enumeration, vulnerability analysis, system access concepts, privilege escalation, post-exploitation awareness, and reporting. That sequence is important because every step informs the next one. If you do reconnaissance poorly, your scan results are incomplete. If you do enumeration poorly, you miss the service details that matter. If you cannot analyze a vulnerability correctly, you waste time chasing false positives.

You will also get exposure to the kinds of targets ethical hackers deal with today: traditional networks, web applications, wireless environments, cloud exposure points, and common enterprise mistakes such as weak credentials, poor segmentation, and unnecessary service exposure. I want you to leave this course able to talk intelligently about risk across different layers of an environment, not just the network perimeter.

Specific skills you should expect to develop include:

Reconnaissance and footprinting techniques that help you learn about a target without creating unnecessary noise
Network scanning and host discovery methods that reveal live systems, open ports, and service behavior
Enumeration skills for pulling useful detail from services such as SMB, DNS, SSH, HTTP, and directory services
Vulnerability analysis workflows so you can interpret findings instead of blindly trusting a scanner
Exploitation concepts that explain how weaknesses become real access paths
Privilege escalation awareness so you understand how a low-level foothold turns into higher-value access
Wireless and web attack concepts that show up constantly in real assessments
Reporting discipline so your findings are useful to both technical teams and managers

If you are serious about Ethical Hacking, this is the right order of operations. Learn the process first. The tools come second.

How the CEH path prepares you for real offensive security work

One of the biggest mistakes people make is treating certification preparation like exam cramming. That is a fast way to forget everything a month later. The better approach is to use the CEH path to build a working model of how attacks unfold in practice. That model is what employers want, because real jobs require judgment. You need to know when to scan, when to enumerate, when to stop, and when to verify a result manually.

That is why this course emphasizes workflow over flash. You will spend time understanding why reconnaissance matters before exploitation, why port 445 can be more interesting than a dozen closed ports, and why a weak application parameter can be more dangerous than a hardened operating system. In the field, people often fixate on the most visible problem. Ethical hackers look for the easiest path to meaningful impact, and that path is not always the most dramatic one.

This course also helps you build the habits that matter on the job:

Document what you observe before you draw conclusions.
Validate evidence instead of trusting assumptions.
Think in terms of exposure, privilege, and pivot potential.
Translate technical findings into remediation steps someone can actually implement.

That is the professional difference. A scanner can tell you a host is vulnerable. A trained ethical hacker can tell you whether the weakness is exploitable, what the likely impact is, and what fix should be prioritized first.

Core domains you need to understand

Ethical Hacking covers a broad set of topics, and I do not want you to think of them as disconnected chapters. They are all part of the same attack-and-defend cycle. Reconnaissance teaches you how much can be learned from public sources and observable network behavior. Scanning tells you what is reachable. Enumeration tells you what is actually there. Vulnerability analysis tells you what might break. Exploitation concepts show you how weaknesses become access. Post-exploitation awareness shows you what an attacker could do next. Reporting turns all of that into something the business can act on.

In practice, these domains include:

Footprinting and intelligence gathering
Network discovery and service mapping
Vulnerability identification and prioritization
Web application attack surface analysis
Authentication weakness assessment
Wireless network security review
Malware and social engineering awareness
Cloud and container exposure basics
Incident response perspective for defenders and testers

That range matters because modern environments are rarely simple. You might find a hardened endpoint but a weak administrative portal. You might find strong perimeter controls but poor internal segmentation. You might find a secure application front end with a vulnerable backend service. Ethical Hacking is the practice of finding the gap between what people believe is secure and what is actually exposed.

Who should take this course

This course is a strong fit for you if you already work in IT and want to move toward cybersecurity, especially if your current role gives you exposure to users, systems, or networks. Help desk technicians, desktop support specialists, network administrators, junior sysadmins, SOC analysts, and aspiring penetration testers all benefit from the structure this path provides. If you already know how systems are built and maintained, you are in a great position to understand how they fail.

It is also a good choice if you are a career changer with solid technical curiosity and the patience to learn methodology. You do not need to arrive as a full-time security expert. But you do need to be willing to think carefully, take notes, and work through concepts in order. Ethical hacking rewards disciplined learners. It punishes guesswork.

Typical job titles that align well with this path include:

Junior Penetration Tester
Security Analyst
Vulnerability Analyst
Information Security Specialist
Associate Security Consultant
SOC Analyst with offensive security aspirations
IT Administrator moving into security testing

If your long-term goal is red team work, penetration testing, application security, or security consulting, this is a practical stepping-stone. It gives you vocabulary, structure, and credibility. That combination matters when you are competing for entry-level security roles.

What skills you gain that employers actually care about

Employers do not hire you because you can recite attack names. They hire you because you can reduce risk. That means you need to be able to discover weaknesses, validate them, and explain them clearly. This course is designed to help you practice exactly those abilities.

By the time you finish, you should be able to approach a target methodically, identify likely entry points, and think through escalation paths. More importantly, you should understand how to write findings that are actionable. A good finding includes the issue, the impact, the evidence, and the recommendation. That seems basic, but it is where many newcomers fall apart. They can describe a vulnerability but cannot explain why it matters.

The most valuable skills you build here are:

Analytical thinking under uncertainty
Security-focused documentation
Risk-based prioritization
Attack path reasoning
Technical communication with both peers and non-technical stakeholders

Those are career skills, not just exam skills. If you develop them well, you become useful in more than one role. That is what helps you grow beyond beginner-level security work.

How this course supports EC-Council® Certified Ethical Hacker (C|EH™) preparation

If your goal includes the EC-Council® Certified Ethical Hacker (C|EH™) certification, this course is built to help you think the way that exam expects you to think. The certification is not just a memorization test. It expects familiarity with ethical hacking methodology, attack vectors, scanning and enumeration concepts, vulnerability assessment, system exploitation ideas, web application attacks, wireless threats, cryptography basics, cloud and IoT awareness, and social engineering awareness. You do not need to become a specialist in every one of those areas overnight, but you do need a coherent framework.

The practical value of this course is that it helps you connect the exam topics to real operational logic. For example, when you study scanning, you should understand how it supports enumeration and later validation. When you learn about web attacks, you should understand how misconfigurations and input handling create those weaknesses. When you study privilege escalation, you should understand why initial access is often only the beginning of the assessment.

The CEH track becomes far more useful when you stop treating it as a list of domains and start seeing it as a repeatable assessment process.

That shift in thinking is what makes the material stick. It also makes you more credible in interviews, where employers can tell immediately whether you understand the subject or only memorized terminology.

Prerequisites and the background that helps you succeed

You do not need to be an expert before starting, but you should have enough comfort with technology to follow systems and network concepts without getting lost. If you know how operating systems work at a basic level, understand common networking terms, and have some hands-on experience with IT troubleshooting, you will be able to absorb the material much faster. Familiarity with Linux commands is helpful, and so is comfort with IP addressing, DNS, ports, protocols, and browser-based application behavior.

What helps most is mindset. You should be willing to ask “how does this work?” and “how could this fail?” Those are the right questions in Ethical Hacking. You should also be ready to take a methodical approach. If you want instant mastery, this field will frustrate you. If you are willing to build skill by repeating workflows and understanding why each step matters, you will make real progress.

I also recommend that you keep a notebook, digital or physical, while you study. Write down commands, observations, service behaviors, and common misconfigurations. Security knowledge gets stronger when you organize it around patterns. A note that says “SMB exposed plus weak share permissions plus default credentials equals risk” is more valuable than a pile of disconnected tool output.

Career impact and where this path can take you

Ethical Hacking can open the door to jobs that are more technical, more specialized, and often better paid than general IT support work. In the United States, entry-level cybersecurity roles commonly sit in the approximate range of $55,000 to $85,000, while experienced junior-to-mid penetration testers, vulnerability analysts, and security consultants can move well beyond that depending on region, industry, and demonstrated skill. Pay is not the only reason to follow this path, but it is a real advantage when you build a portfolio of practical ability.

Just as important, this path gives you a foundation for later specialization. Once you understand Ethical Hacking fundamentals, you can move toward web application security, cloud security testing, red team operations, security consulting, or adversary simulation. That kind of growth is much easier when you already understand reconnaissance, enumeration, attack paths, and reporting. Those concepts never stop being relevant.

Here is the blunt truth: a lot of people want offensive security jobs, but few can explain how they would assess a system from start to finish. If you can do that well, you stand out. This course is meant to help you become that person.

Why I built this course the way I did

I built this career path to solve a common problem: too many learners jump into hacking tools before they understand the logic of assessment. That creates shallow skill. Shallow skill does not hold up in interviews, and it definitely does not hold up on the job. So I structured this course to teach you the order of operations first, then the techniques, then the judgment that ties everything together.

You will see why one step leads to the next. You will learn how to separate signal from noise. You will learn to think like someone trying to understand a system, not just break one. That distinction matters more than people realize. Strong Ethical Hacking is not chaos. It is organized curiosity backed by discipline.

If you are ready to build that foundation, this course will give you a serious start. Not a shortcut. Not a gimmick. A real path.

EC-Council®, C|EH™, and Certified Ethical Hacker™ are trademarks of EC-Council®. This content is for educational purposes.

Module 1 – CEH v11 Foundations Course Introduction

1.1 About this course: CEH Foundations
1.2 About the Instructor

Module 2 – CEH v11 Introduction To Networking

2.1 Networking Overview
2.2 Network Scope
2.3 Network Addressing
2.4 Activity – Examining Network Addressing

Module 3 – CEH v11 Lan Components

3.1 Protocols, Ports, Sockets
3.2 Network Topologies
3.3 LAN Devices
3.4 LAN Devices Part 2
3.5 VLANs
3.6 Activity – Examining Ports and Sockets
3.7 Activity – Examining Switches and VLANs

Module 4 – CEH v11 Routing and Network Access

4.1 Routers
4.2 Layer 3 Switches
4.3 Modems and Remote Access
4.4 Firewalls and Proxies
4.5 Activity – Examining Routing
4.6 Activity – Examining VLAN Routing
4.7 Activity – Examining Firewall Rules

Module 5 – CEH v11 Intrusion Detection and Network Layers

5.1 IDS and IPS
5.2 OSI Model
5.3 TCP-IP
5.4 Activity – Examining Network Layers

Module 6 – CEH v11 Networking Protocols and Addressing

6.1 Layer 4 Protocols
6.2 Layer 3 Protocols
6.3 Layer 2 Protocols
6.4 IP Addressing
6.5 Subnetting
6.6 DHCP
6.7 Activity – Examining TCP
6.8 Activity – Examining UDP
6.9 Activity – Examining IP
6.10 Activity – Examining ICMP
6.11 Activity – Examining ARP

Module 7 – CEH v11 Network Services

7.1 DNS
7.2 DNS Records
7.3 NTP
7.4 Authentication
7.5 Biometrics
7.6 Activity – Examining DNS
7.7 Activity – Examining DNS Records

Module 8 – CEH v11 Access Control

8.1 Local Authentication
8.2 Directory Service Authentication
8.3 Extending Authentication
8.4 Authorization
8.5 Activity – Testing Access Control

Module 9 – CEH v11 Intro to Linux

9.1 Linux Overview
9.2 Linux File System
9.3 Linux Core Commands
9.4 Linux Search and Read Commands
9.5 Activity – Exploring Linux
9.6 Activity – Using Linux Core Commands
9.7 Activity – Using Linux Search Commands
9.8 Activity – Using Linux Read Commands

Module 10 – CEH v11 Configuring Linux

10.1 Linux File Permissions
10.2 Linux Special Permissions
10.3 Linux Configuration
10.4 Linux Packages
10.5 Linux User Management

Module 11 – CEH v11 Practicing Linux Configuration

11.1 Activity – Setting Linux Permissions
11.2 Activity – Setting Linux Special Permissions
11.3 Activity – Managing Packages in Kali Linux
11.4 Activity – Managing Users and Groups in Linux

Module 12 – CEH v11 Managing Linux

12.1 Linux Job Scheduling
12.2 Linux File, Directory, and Download Commands
12.3 Linux System Commands
12.4 Linux Network Management
12.5 Linux Firewall

Module 13 – CEH v11 Practicing Linux Management

13.1 Activity – Scheduling Tasks in Linux
13.2 Activity – Using Linux File, Directory, and Download Commands
13.3 Activity – Using Linux Edit and Archive Commands
13.4 Activity – Compiling Malicious Code
13.5 Activity – Using Linux Process and System Commands
13.6 Activity – Using Linux Disk, Hardware, and Network Commands

Module 14 – CEH v11 Intro to Windows

14.1 Windows Overview
14.2 Windows Registry
14.3 Windows Security

Module 15 – CEH v11 Windows Commands

15.1 Windows Commands
15.2 Windows Admin Commands
15.3 Windows Network Commands
15.4 Windows Run Line Commands
15.5 Windows PowerShell

Module 16 – CEH v11 Practicing Windows Commands

16.1 Activity – Using Windows Built-in Commands
16.2 Activity – Using Windows Task Commands
16.3 Activity – Using Windows Admin Commands
16.4 Activity – Using Windows Network Commands
16.5 Activity – Using Windows PowerShell
16.6 Networking and OS Penetration Testing
16.7 Review

Module 17 – CEH v11 Intro to Hacking

17.1 Information Security Overview
17.2 Hacking Concepts
17.3 Ethical Hacking Concepts
17.4 Penetration Testing
17.5 Penetration Testing Part 2
17.6 Activity – Performing a Static Code Review

Module 18 – CEH v11 Information Security

18.1 Cyber Kill Chain Concepts
18.2 Activity – Performing Weaponization
18.3 Information Security
18.4 Security Policies
18.5 Security Controls
18.6 Access Control

Module 19 – CEH v11 Protecting Data

19.1 Data Protection
19.2 Backup Sites
19.3 Vulnerability Management
19.4 SIEM
19.5 Risks

Module 20 – CEH v11 Managing Risk

20.1 Risk Management
20.2 Incident Handling
20.3 Information Security Laws and Standards
20.4 Activity – Assessing Risk
20.5 Ethical Hacking Penetration Testing
20.6 Review
20.7 Conclusion

Module 21 – CEH v11 Ethical Hacker Course Intro

21.1 About this course – Ethical Hacker
21.2 About the Instructor

Module 22 – CEH v11 Intro to Footprinting

22.1 Footprinting Concepts
22.2 Footprinting Methodology
22.3 OSINT Tools
22.4 Advanced Google Search
22.5 Whois Footprinting
22.6 Activity – Performing a Whois Lookup

Module 23 – CEH v11 Footprinting Network Services

23.1 DNS Footprinting
23.2 Website Footprinting
23.3 Email Footprinting
23.4 Network Footprinting
23.5 Footprinting through Social Networking Sites

Module 24 – CEH v11 Defend Against Footprinting

24.1 Competitive Intelligence Gathering
24.2 Footprinting Countermeasures
24.3 Footprinting Penetration Testing
24.4 Review

Module 25 – CEH v11 Intro to Scanning

25.1 Scanning Concepts
25.2 ICMP Discovery Scans
25.3 Other Discovery Scans

Module 26 – CEH v11 Port Scanning

26.1 Ports
26.2 TCP Flags and Handshakes
26.3 TCP Scan Types
26.4 Other Scanning Techniques

Module 27 – CEH v11 Vulnerability Scanning

27.1 Banner Grabbing
27.2 Vulnerability Scanning
27.3 SSDP Scanning

Module 28 – CEH v11 NMAP

28.1 Nmap
28.2 Common Nmap Scans
28.3 Nmap Options
28.4 Nmap Stealth Scans
28.5 Hping and Other Scanners

Module 29 – CEH v11 Firewalls and Intrusion Detection

29.1 Firewall Types
29.2 Firewall Features
29.3 Firewall Features Part 2
29.4 Firewall Configurations
29.5 Intrusion Detection and Prevention

Module 30 – CEH v11 Evading Detection

30.1 Firewall and IDS Evasion
30.2 Firewall and IDS Evasion Part 2
30.3 Firewalking
30.4 Probing a Firewall
30.5 Probing a Firewall Part 2

Module 31 – CEH v11 Proxies and VPNs

31.1 Proxies
31.2 VPNs
31.3 Tor
31.4 Scanning Countermeasures
31.5 Scanning Penetration Testing
31.6 Review

Module 32 – CEH v11 Accessing Vulnerability

32.1 Vulnerability Assessment Overview
32.2 Vulnerability Scoring Systems
32.3 Vulnerability Assessment Tools

Module 33 – CEH v11 Vulnerability Research

33.1 Scanner Output and Reports
33.2 Vulnerability Research
33.3 Review

Module 34 – CEH v11 Intro to Enumeration

34.1 Enumeration Concepts
34.2 Enumeration Techniques and Tools
34.3 Service and Application Enumeration
34.4 SMB and NetBIOS Enumeration

Module 35 – CEH v11 Service Enumeration

35.1 SNMP Enumeration
35.2 LDAP Enumeration
35.3 DNS Enumeration
35.4 SMTP Enumeration
35.5 NTP Enumeration

Module 36 – CEH v11 Advanced Enumeration

36.1 Remote Connection Enumeration
36.2 File Transfer Enumeration
36.3 VoIP Enumeration
36.4 IPSEC Enumeration
36.5 IPv6 Enumeration
36.6 BGP Enumeration

Module 37 – CEH v11 Command Line Enumeration

37.1 Windows Command Line Enumeration
37.2 Linux Command Line Enumeration
37.3 Linux Command Line Enumeration Part 2

Module 38 – CEH v11 Defending Against Enumeration

38.1 Enumeration Countermeasures
38.2 Enumeration Countermeasures Part 2
38.3 Enumeration Penetration Testing
38.4 Review

Module 39 – CEH v11 Intro to System Hacking

39.1 System Hacking Concepts
39.2 System Hacking Tools and Frameworks
39.3 Searchsploit
39.4 Compiling and Running Exploits

Module 40 – CEH v11 System Hacking with Metasploit

40.1 Metasploit
40.2 Metasploit Search
40.3 Metasploit Exploits and Payloads
40.4 Metasploit Meterpreter
40.5 Metasploit Connectivity
40.6 Metasploit Impersonation and Migration

Module 41 – CEH v11 Further Attacking a Compromised System

41.1 Netcat
41.2 Pivoting
41.3 Netcat Relays
41.4 Metasploit Post Exploitation Modules
41.5 Common Operating System Exploits

Module 42 – CEH v11 Hacking an Operating System

42.1 Hacking Windows
42.2 Hacking Linux
42.3 Network Service Exploits
42.4 Password Attacks

Module 43 – CEH v11 Password Cracking Overview

43.1 Dictionary Attack
43.2 Brute Force Attack
43.3 Password Spraying
43.4 Rainbow Tables

Module 44 – CEH v11 Performing Password Attacks

44.1 Network Service Password Attacks
44.2 Password Cracking Tools
44.3 Online Password Cracking Sites
44.4 Windows Password Cracking
44.5 Linux Password Cracking
44.6 Other Methods for Obtaining Passwords

Module 45 – CEH v11 Using Exploits

45.1 Keylogging
45.2 Spyware
45.3 Rootkits
45.4 Buffer Overflows
45.5 Privilege Escalation
45.6 Hiding Files

Module 46 – CEH v11 Hiding Information

46.1 Alternate Data Streams
46.2 Steganography
46.3 Creating and Maintaining Remote Access
46.4 Hiding Evidence

Module 47 – CEH v11 Covering Tracks

47.1 Covering Tracks in Windows
47.2 Covering Tracks in Linux
47.3 System Hacking Counter-Measures
47.4 System Hacking Penetration Testing
47.5 Review

Module 48 – CEH v11 Malware Overview

48.1 Intro to Malware
48.2 Virus Overview
48.3 Virus Types
48.4 Self-Hiding Viruses
48.5 Worms
48.6 Trojans
48.7 Trojan Types
48.8 RATS

Module 49 – CEH v11 Hacking With Malware

49.1 Ransomware
49.2 Botnets
49.3 Covert Channel Trojans
49.4 Banking Trojans
49.5 Rootkits

Module 50 – CEH v11 Creating Malware

50.1 Other Malware
50.2 Malware Makers
50.3 Dropper and Stage Creation
50.4 Exploit Kits

Module 51 – CEH v11 Detecting Malware

51.1 Malware Detection
51.2 Malware Detection Part 2
51.3 Malware Analysis

Module 52 – CEH v11 Defending Against Malware

52.1 Malware Reverse Engineering
52.2 Malware Countermeasures
52.3 Malware Penetration Testing
52.4 Review

Module 53 – CEH v11 Sniffing

53.1 Sniffing Concepts
53.2 Types of Sniffing
53.3 Sniffing Protocols
53.4 Sniffing Tools

Module 54 – CEH v11 Spoofing and MITM

54.1 ARP
54.2 ARP Spoofing
54.3 MITM
54.4 MAC Attacks
54.5 MAC Spoofing
54.6 DHCP Attacks

Module 55 – CEH v11 Defending Against Poisoning and Sniffing

55.1 Name Resolution Poisoning
55.2 VLAN Hopping
55.3 Sniffing Counter Measures
55.4 Sniffing Penetration Testing
55.5 Review

Module 56 – CEH v11 Social Engineering

56.1 Social Engineering Concepts
56.2 Social Engineering Techniques
56.3 Social Engineering Examples
56.4 Social Engineering Tools

Module 57 – CEH v11 Defending Against Social Engineering

57.1 Social Media
57.2 Identity Theft
57.3 Insider Threats
57.4 Social Engineering Countermeasures
57.5 Social Engineering Penetration Testing
57.6 Review

Module 58 – CEH v11 Denial-of-Service

58.1 DoS-DDoS Concepts
58.2 Volumetric Attacks
58.3 Fragmentation Attacks
58.4 State Exhaustion Attacks
58.5 Application Layer Attacks

Module 59 – CEH v11 Advanced DoS Attacks

59.1 Protocol Attacks
59.2 Other Attacks
59.3 Botnets

Module 60 – CEH v11 Defending Against Denial-of-Service

60.1 DoS-DDoS Attack Tools
60.2 DoS-DDoS Countermeasures
60.3 Dos Penetration Testing
60.4 Review

Module 61 – CEH v11 Advanced Ethical Hacker Course Intro

61.1 About This Course: Advanced Ethical Hacker
61.2 About the Instructor

Module 62 – CEH v11 Session Hjacking

62.1 Session Hijacking Concepts
62.2 Token-based Authentication
62.3 Compromising a Session Token
62.4 XSS
62.5 CSRF
62.6 Other Attacks

Module 63 – CEH v11 Defending Against Hijacking

63.1 Network Level Hijacking
63.2 Session Hijacking Tools
63.3 Session Hijacking Countermeasures
63.4 Session Penetration Hijacking
63.5 Review

Module 64 – CEH v11 Implementing Intrusion Detection

64.1 IDS-IPS
64.2 Snort
64.3 Snort Rules
64.4 Syslog

Module 65 – CEH v11 Testing Intrusion Detection

65.1 WIPS
65.2 IDS Considerations
65.3 IDS Tools
65.4 IDS Evasion
65.5 IDS-Firewall Evasion Tools
65.6 IDS Scenerios

Module 66 – CEH v11 Implementing Firewalls

66.1 Firewalls
66.2 Packet Filtering Rules
66.3 Firewall Deployments
66.4 Traffic Flow through Firewalls
66.5 Split DNS

Module 67 – CEH v11 Testing Firewallls

67.1 Firewall Tools
67.2 Firewall Evasion
67.3 Firewall Scenarios

Module 68 – CEH v11 Implementing Honeypots

68.1 Honeypots
68.2 Honeypot Detection
68.3 IDS-Firewall Evasion Countermeasures
68.4 IDS-Firewall Honeypot Penetration Testing
68.5 Review

Module 69 – CEH v11 Attacker Webserver

69.1 Webserver Security Overview
69.2 Common Webservers
69.3 Webserver Attacks
69.4 Misconfiguration Attack Examples

Module 70 – CEH v11 Webserver Defense

70.1 Webserver Attack Tools
70.2 Attack Countermeasures
70.3 Webserver Penetration Testing
70.4 Review

Module 71 – CEH v11 Intro To Web Apps

71.1 Web Application Concepts
71.2 Attacking Web Apps

Module 72 – CEH v11 OWASP Top 5 Web App Vulnerabilities

72.1 A01 – Broken Access Control
72.2 A02 – Cryptographic Failures
72.3 A03 – Injection
72.4 A04 – Insecure Design
72.5 A05 – Security Misconfiguration

Module 73 – CEH v11 OWASP Additional Web App Vulnerabilities

73.1 A06 – Vulnerable and Outdated Components
73.2 A07 – Identification and Authentication Failures
73.3 A08 – Software and Data Integrity Failures
73.4 A09 – Security Logging and Monitoring
73.5 A10 – Server Side Request Forgery

Module 74 – CEH v11 Common Web App Attacks

74.1 XSS Attacks
74.2 CSRF
74.3 Parameter Tampering
74.4 Clickjacking
74.5 SQL Injection

Module 75 – CEH v11 Unauthorized Access Through Web Apps

75.1 Insecure Deserialization Attacks
75.2 IDOR
75.3 Directory Traversal
75.4 Session Management Attacks
75.5 Response Splitting

Module 76 – CEH v11 Web App Overflow Attacks

76.1 Denial of Service
76.2 Overflow Attacks
76.3 XXE Attacks
76.4 Soap Attacks
76.5 Ajax Attacks

Module 77 – CEH v11 Defending Web Apps

77.1 Web App Hacking Tools
77.2 Web Hacking Countermeasures
77.3 Web Application Penetration Testing
77.4 Review

Module 78 – CEH v11 Intro To SQL Injection

78.1 SQL Overview
78.2 SQL Injection Concepts
78.3 Basic SQL Injection

Module 79 – CEH v11 Performing SQL Injection

79.1 Finding Vulnerable Websites
79.2 Error-based SQL Injection
79.3 Union SQL Injection
79.4 Blind SQL Injection
79.5 SQL Injection Scenarios
79.6 Evading Detection

Module 80 – CEH v11 Defending Against SQL Injection

80.1 SQL Injection Tools
80.2 SQL Injection Countermeasures
80.3 Safe Coding Examples
80.4 SQL Wildcards
80.5 SQL Injection Penetration Testing
80.6 Review

Module 81 – CEH v11 Wireless Networking Overview

81.1 Wireless Concepts
81.2 Wireless Signal Encoding
81.3 Wi-Fi Standards
81.4 Wi-Fi Antennas
81.5 Wireless Authentication

Module 82 – CEH v11 Wi-Fi Security

82.1 Wi-Fi Security Standards
82.2 Wireless Network Troubleshooting Tools
82.3 Wi-Fi Discovery Tools
82.4 Sniffing Wi-Fi

Module 83 – CEH v11 Hacking Wi-Fi

83.1 Wi-Fi Attack Types
83.2 Wi-Fi Rogue Access Point Attacks
83.3 Wi-Fi Denial of Service Attacks
83.4 Wi-Fi Password Cracking Attacks
83.5 WEP Cracking

Module 84 – CEH v11 Advanced Wireless Attacks

84.1 WPA-WPA2 Cracking
84.2 WPA3 Attacks
84.3 WPS Cracking
84.4 Wi-Fi Attack Tools for Mobile Devices
84.5 Bluetooth Hacking
84.6 Other Wireless Hacking

Module 85 – CEH v11 Defending Wireless Networks

85.1 Wireless Hacking Countermeasures
85.2 Wireless Security Tools
85.3 Wireless Penetration Testing
85.4 Review

Module 86 – CEH v11 Mobile Platform Overview

86.1 Mobile Platform Overview
86.2 Mobile Device Vulnerabilities
86.3 Mobile Device Attacks

Module 87 – CEH v11 Hacking Android

87.1 Android
87.2 Android Vulnerabilities
87.3 Rooting Android
87.4 Android Exploits
87.5 Android Hacking Tools
87.6 Reverse Engineering an Android App
87.7 Securing Android

Module 88 – CEH v11 Hacking iOS

88.1 iOS
88.2 iOS Vulnerabilities
88.3 Jailbreaking iOS
88.4 iOS Exploits
88.5 iOS Hacking Tools
88.6 Securing iOS

Module 89 – CEH v11 Mobile Platform Defense

89.1 Mobile Device Management
89.2 BYOD
89.3 Mobile Security Guidelines and Tools
89.4 Mobile Device Penetration Testing
89.5 Review

Module 90 – CEH v11 IoT Hacking

90.1 loT Concepts
90.2 loT Infrastructure
90.3 Fog Computing
90.4 loT Vulnerabilities
90.5 loT Threats

Module 91 – CEH v11 IoT Defense

91.1 IoT Hacking Methodologies and Tools
91.2 IoT Hacking Methodolgies and Tools Part 2
91.3 Hacking Countermeasures
91.4 IoT Penetration Testing
91.5 OT Concepts
91.6 Industrial IoT

Module 92 – CEH v11 Operational Technology Overview

92.1 IT-OT Convergence
92.2 ICS
92.3 SCADA
92.4 DCS
92.5 RTU
92.6 PLC
92.7 Addition OT Components

Module 93 – CEH v11 Hacking OT

93.1 OT Variables
93.2 Well-known OT attacks
93.3 OT Attack Methodology and Basic Tools
93.4 OT Reconnaissance
93.5 OT Penetration and Control

Module 94 – CEH v11 Defending OT

94.1 OT Attack Tools
94.2 OT Hacking Countermeasures
94.3 OT Penetration Testing
94.4 Review

Module 95 – CEH v11 Attacking The Cloud

95.1 Cloud Computing Concepts
95.2 Virtualization
95.3 Cloud Types
95.4 Cloud Benefits and Considerations
95.5 Cloud Risks and Vulnerablilities

Module 96 – CEH v11 Cloud Defense

96.1 Cloud Threats and Countermeasures
96.2 Cloud Security Tools
96.3 Cloud Security Best Practices
96.4 Cloud Penetration Testing
96.5 Review

Module 97 – CEH v11 Cryptography Overview

97.1 Cryptography Concepts
97.2 Symetric Encryption
97.3 Asymmetric Encryption
97.4 Public Key Exchange
97.5 PKI

Module 98 – CEH v11 Protecting Data With Crytography

98.1 Digital Certificates
98.2 Digital Signatures
98.3 Hashing
98.4 Email Encryption
98.5 Network Communication Encryption

Module 99 – CEH v11 Protecting Data at Home and in Transit

99.1 Disk Encryption
99.2 VPN Encryption
99.3 Cryptography Tools

Module 100 – CEH v11 Pentesting Cryptography

100.1 Cryptography Attacks
100.2 Cryptography Penetration Testing
100.3 Review
100.4 Conclusion

Module 1 – Introduction To Ethical Hacking

1.0 Introduction to CEH v12
1.1 Elements of Security
1.2 Cyber Kill Chain
1.3 MITRE ATT&CK Framework
1.3.1 Activity – Researching the MITRE ATTACK Framework
1.4 Hacking
1.5 Ethical Hacking
1.6 Information Assurance
1.7 Risk Management
1.8 Incident Management
1.9 Information Security Laws and Standards
1.10 Introduction to Ethical Hacking Review

Module 2: Footprinting and Reconnaissance

2.1 Footprinting Concepts
2.2 OSINT Tools
2.2.1 Activity – Conduct OSINT with OSR Framework
2.2.2 Activity – OSINT with theHarvester
2.2.3 Activity – Add API Keys to theHarvester
2.2.4 Activity – Extract Document Metadata with FOCA
2.2.5 Activity – Extract Document Metadata with FOCA
2.3 Advanced Google Search
2.3.1 Activity – Google Hacking
2.4 Whois Footprinting
2.4.1 Activity – Conducting Whois Research
2.5 DNS Footprinting
2.5.1 Activity – Query DNS with NSLOOKUP
2.6 Website Footprinting
2.6.1 Activity – Fingerprint a Webserver with ID Serve
2.6.2 Activity – Extract Data from Websites
2.6.3 Activity – Mirror a Website with HTTrack
2.7 Email Footprinting
2.7.1 Activity – Trace a Suspicious Email
2.8 Network Footprinting
2.9 Social Network Footprinting
2.10 Footprinting and Reconnaissance Countermeasures
2.11 Footprinting and Reconnaissance Review

Module 3: Scanning Networks

3.1 Scanning Concepts
3.2 Discovery Scans
3.2.1 Activity – ICMP ECHO and ARP Pings
3.2.2 Activity – Host Discovery with Angry IP Scanner
3.3 Port Scans
3.3.1 Activity – Port Scan with Angry IP Scanner
3.4 Other Scan Types
3.5 Scanning Tools
3.5.1 Activity – Hping3 Packet Crafting
3.5.2 Activity – Fingerprinting with Zenmap
3.6 NMAP
3.6.1 Activity – Nmap Basic Scans
3.6.2 Activity – Host Discovery with Nmap
3.6.3 – Activity – Nmap Version Detection
3.6.4 Activity – Nmap Idle (Zombie) Scan
3.6.5 Activity – Nmap FTP Bounce Scan
3.6.6 – Activity – NMAP Scripts
3.7 Firewall and IDS Evasion
3.7.1 Activity – Nmap Advanced Scans
3.8 Proxies
3.9 Scanning Countermeasures
3.10 Scanning Networks Review

Module 4: Enumeration

4.1 Enumeration Overview
4.2 SMB_NetBIOS_Enumeration
4.2.1 Activity – Enumerate NetBIOS Information with Hyena
4.3 File Transfer Enumeration
4.4 WMI Enumeration
4.4.1 – Activity – Enumerating WMI with Hyena
4.5 SNMP Enumeration
4.5.1 Activity – Enumerate WMI, SNMP and Other Information Using SoftPerfect
4.6 LDAP Enumeration
4.7 DNS Enumeration
4.8 SMTP Enumeration
4.8.1 Activity – Enumerate Email Users with SMTP
4.9 Remote Connection Enumeration
4.10 Website Enumeration
4.10.1 Activity – Enumerate a Website with DirBuster
4.11 Other Enumeration Types
4.12 Enumeration Countermeasures and Review

Module 5: Vulnerability Analysis

5.1 Vulnerability Scanning
5.1.1 Vulnerability Scanning with OpenVAS
5.2 Vulnerability Assessment
5.3 Vulnerability Analysis Review

Module 6: System Hacking

6.1 System Hacking Concepts
6.2 Common OS Exploits
6.3 Buffer Overflows
6.3.1 Activity – Performing a Buffer Overflow
6.4 System Hacking Tools and Frameworks
6.4.1 Activity – Hack a Linux Target from Start to Finish
6.5 Metasploit
6.5.1 Activity – Get Started with Metasploit
6.6 Meterpreter
6.7 Keylogging and Spyware
6.7.1 Activity – Keylogging with Meterpreter
6.8 Netcat
6.8.1 Activity – Using Netcat
6.9 Hacking Windows
6.9.1 Activity – Hacking Windows with Eternal Blue
6.10 Hacking Linux
6.11 Password Attacks
6.11.1 Activity – Pass the Hash
6.11.2 Activity – Password Spraying
6.12 Password Cracking Tools
6.13 Windows Password Cracking
6.13.1 Activity – Cracking Windows Passwords
6.13.2 Activity – Cracking Password Hashes with Hashcat
6.14 Linux Password Cracking
6.15 Other Methods for Obtaining Passwords
6.16 Network Service Attacks
6.16.1 Activity – Brute Forcing a Network Service with Medusa
6.17 Post Exploitation
6.18 Pivoting
6.18.1 & 6.18.2 Activity – Pivoting Setup and Attack
6.19 Maintaining Access
6.19.1 Activity – Persistence
6.20 Hiding Data
6.20.1 Activity – Hiding Data Using Least Significant Bit Steganography
6.21 Covering Tracks
6.21.1 Activity – Clearing Tracks in Windows
6.21.2 Activity – View and Clear Audit Policies with Auditpol
6.22 System Hacking Countermeasures
6.23 System Hacking Review

Module 7: Malware Threats

7.1 Malware Overview
7.2 Viruses
7.3 Trojans
7.3.1 Activity – Deploying a RAT
7.4 Rootkits
7.5 Other Malware
7.6 Advanced Persistent Threat
7.7 Malware Makers
7.7.1 Activity – Creating a Malware Dropper and Handler
7.8 Malware Detection
7.9 Malware Analysis
7.9.1 Activity – Performing a Static Code Review
7.9.2 Activity – Analyzing the SolarWinds Orion Hack
7.10 Malware Countermeasures
7.11 Malware Threats Review

Module 8: Sniffing

8.1 Network Sniffing
8.2 Sniffing Tools
8.2.1 Activity- Sniffing HTTP with Wireshark
8.2.2 Activity – Capturing Files from SMB
8.3 ARP and MAC Attacks
8.3.1 Activity – Performing an MITM Attack with Ettercap
8.4 Name Resolution Attacks
8.4.1 Activity – Spoofing Responses with Responder
8.5 Other Layer 2 Attacks
8.6 Sniffing Countermeasures
8.7 Sniffing Review

Module 9: Social Engineering

9.1 Social Engineering Concepts
9.2 Social Engineering Techniques
9.2.1 Activity – Deploying a Baited USB Stick
9.2.2 Activity – Using an O.MG Lightning Cable
9.3 Social Engineering Tools
9.3.1 Activity – Phishing for Credentials
9.4 Social Media, Identity Theft, Insider Threats
9.5 Social Engineering Countermeasures
9.6 Social Engineering Review

Module 10: Denial-of-Service

10.1 DoS-DDoS Concepts
10.2 Volumetric Attacks
10.3 Fragmentation Attacks
10.4 State Exhaustion Attacks
10.5 Application Layer Attacks
10.5.1 Activity – Performing a LOIC Attack
10.5.2 Activity – Performing a HOIC Attack
10.5.3 Activity – Conducting a Slowloris Attack
10.6 Other Attacks
10.7 DoS Tools
10.8 DoS Countermeasures
10.9 DoS Review

Module 11: Session Hijacking

11.1 Session Hijacking
11.2 Compromising a Session Token
11.3 XSS
11.4 CSRF
11.5 Other Web Hijacking Attacks
11.6 Network-Level Session Hijacking
11.6.1 Activity – Hijack a Telnet Session
11.7 Session Hijacking Tools
11.8 Session Hijacking Countermeasures
11.9 Session Hijacking Review

Module 12: Evading IDS, Firewalls, and Honeypots

12.1 Types of IDS
12.2 Snort
12.3 System Logs
12.4 IDS Considerations
12.5 IDS Evasion
12.5.1 Activity – Fly Below IDS Radar
12.6 Firewalls
12.7 Packet Filtering Rules
12.8 Firewall Deployments
12.9 Split DNS
12.10 Firewall Product Types
12.11 Firewall Evasion
12.11.1 Activity – Use Social Engineering to Bypass a Windows Firewall
12.11.2 Activity – Busting the DOM for WAF Evasion
12.12 Honeypots
12.13 Honeypot Detection and Evasion
12.13.1 Activity – Test and Analyze a Honey Pot
12.14 Evading IDS, Firewalls, and Honeypots Review

Module 13: Hacking Web Servers

13.1 Web Server Operations
13.2 Hacking Web Servers
13.3 Common Web Server Attacks
13.3.1 Activity – Defacing a Website
13.4 Web Server Attack Tools
13.5 Hacking Web Servers Countermeasures
13.6 Hacking Web Servers Review

Module 14: Hacking Web Applications

14.1 Web Application Concepts
14.2 Attacking Web Apps
14.3 A01 Broken Access Control
14.4 A02 Cryptographic Failures
14.5 A03 Injection
14.5.1 Activity – Command Injection
14.6 A04 Insecure Design
14.7 A05 Security Misconfiguration
14.8 A06 Vulnerable and Outdated Components
14.9 A07 Identification and Authentication Failures
14.10 A08 Software and Data integrity Failures
14.11 A09 Security Logging and Monitoring Failures
14.12 A10 Server-Side Request Forgery
14.13 XSS Attacks
14.13.1 Activity – XSS Walkthrough
14.13.2 Activity – Inject a Malicious iFrame with XXS
14.14 CSRF
14.15 Parameter Tampering
14.15.1 Activity – Parameter Tampering with Burp
14.16 Clickjacking
14.17 SQL Injection
14.18 Insecure Deserialization Attacks
14.19 IDOR
14.19.1 Activity – Hacking with IDOR
14.20 Directory Traversal
14.21 Session Management Attacks
14.22 Response Splitting
14.23 Overflow Attacks
14.24 XXE Attacks
14.25 Web App DoS
14.26 Soap Attacks
14.27 AJAX Attacks
14.28 Web API Hacking
14.29 Webhooks and Web Shells
14.30 Web App Hacking Tools
14.31 Hacking Web Applications Countermeasures
14.32 Hacking Web Applications Review

Module 15: SQL Injection

15.1 SQL Injection Overview
15.2 Basic SQL Injection
15.3 Finding Vulnerable Websites
15.4 Error-based SQL Injection
15.5 Union SQL Injection
15.5.1 Activity – Testing SQLi on a Live Website – Part 1
15.5.2 Activity – Testing SQLi on a Live Website – Part 2
15.6 Blind SQL Injection
15.7 SQL Injection Tools
15.7.1 Activity – SQL Injection Using SQLmap
15.8 Evading Detection
15.9 Analyzing SQL Injection
15.10 SQL Injection Countermeasures
15.11 SQL Injection Review

Module 16: Hacking Wireless Networks

16.1 Wireless Concepts
16.2 Wireless Security Standards
16.3 WI-FI Discovery Tools
16.4 Common Wi-Fi Attacks
16.5 Wi-Fi Password Cracking
16.6 WEP Cracking
16.6.1 Activity – Cracking WEP
16.7 WPA,WPA2,WPA3 Cracking
16.7.1 Activity – WPA KRACK Attack
16.8 WPS Cracking
16.9 Bluetooth Hacking
16.10 Other Wireless Hacking
16.10.1 Activity – Cloning an RFID badge
16.10.2 Activity – Hacking with a Flipper Zero
16.11 Wireless Security Tools
16.12 Wireless Hacking Countermeasures
16.13 Hacking Wireless Networks Review

Module 17: Hacking Mobile Platforms

17.1 Mobile Device Overview
17.2 Mobile Device Attacks
17.3 Android Vulnerabilities
17.4 Rooting Android
17.5 Android Exploits
17.5.1 Activity – Hacking Android
17.5.2 Activity – Using a Mobile Device in a DDoS Campaign
17.6 Android-based Hacking Tools
17.7 Reverse Engineering an Android App
17.8 Securing Android
17.9 iOS Overview
17.10 Jailbreaking iOS
17.11 iOS Exploits
17.12 iOS-based Hacking Tools
17.13 Reverse Engineering an iOS App
17.14 Securing iOS
17.15 Mobile Device Management
17.16 Hacking Mobile Platforms Countermeasures
17.17 Hacking Mobile Platforms Review

Module 18: IoT AND OT Hacking

18.1 IoT Overview
18.2 IoT Infrastructure
18.3 IoT Vulnerabilities and Threats
18.3.1 Activity – Searching for Vulnerable IoT Devices
18.4 IoT Hacking Methodology and Tools
18.5 IoT Hacking Countermeasures
18.6 OT Concepts
18.7 IT-OT Convergence
18.8 OT Components
18.9 OT Vulnerabilities
18.10 OT Attack Methodology and Tools
18.11 OT Hacking Countermeasures
18.12 IoT and OT Hacking Review

Module 19: Cloud Computing

19.1 Cloud Computing Concepts
19.2 Cloud Types
19.3 Cloud Benefits and Considerations
19.4 Cloud Risks and Vulnerabilities
19.5 Cloud Threats and Countermeasures
19.5.1 Activity – Hacking S3 Buckets
19.6 Cloud Security Tools And Best Practices
19.7 Cloud Computing Review

Module 20: Cryptography

20.1 Cryptography Concepts
20.2 Symmetric Encryption
20.2.1 Activity – Symmetric Encryption
20.3 Asymmetric Encryption
20.3.1 Activity – Asymmetric Encryption
20.4 Public Key Exchange
20.5 PKI
20.5.1 Activity – Generating and Using an Asymmetric Key Pair
20.6 Digital Signatures
20.7 Hashing
20.7.1 Activity – Calculating Hashes
20.8 Common Cryptography Use Cases
20.9 Cryptography Tools
20.10 Cryptography Attacks
20.11 Cryptography Review
20.12 Course Conclusion

This course is included in all of our team and individual training plans. Choose the option that works best for you.

[ Team Training ]

Enroll My Team.

Give your entire team access to this course and our full training library. Includes team dashboards, progress tracking, and group management.

Get Team Pricing

[ Individual Plans ]

Choose a Plan.

Get unlimited access to this course and our entire library with a monthly, quarterly, annual, or lifetime plan.

View Individual Plans

[ FAQ ]

Frequently Asked Questions.

What is the Certified Ethical Hacker (CEH) certification, and how does this course prepare me for it?

The Certified Ethical Hacker (CEH) certification is a widely recognized credential that validates your ability to identify and address vulnerabilities in IT systems ethically and legally. It covers a broad range of topics including penetration testing, network security, and vulnerability assessment.

This course is designed to provide practical, hands-on experience aligned with the CEH exam objectives. It teaches you how to evaluate systems, think like an attacker, and develop mitigation strategies. By focusing on real-world scenarios such as server misconfigurations and security audits, you’ll build the skills needed to pass the CEH exam and become a certified ethical hacker.

How does understanding attack paths improve my effectiveness as an ethical hacker?

Understanding attack paths is crucial because it allows ethical hackers to anticipate potential vulnerabilities and plan effective penetration tests. By mapping out how an attacker might move through a network, you can identify weak points before malicious actors do.

This approach helps in developing comprehensive security strategies that address not just individual vulnerabilities but also the entire attack surface. The course emphasizes thinking like an attacker, practicing scenario-based evaluations, and documenting findings, all of which enhance your ability to protect systems and respond to threats.

What are common misconfigurations that ethical hackers look for during assessments?

Common misconfigurations include open directory listings on web servers, weak password policies like “Winter2024!”, and improperly configured VPNs exposing internal services to the internet. These issues are often overlooked but can be exploited by attackers to gain unauthorized access.

The course teaches you to identify these vulnerabilities through legal and ethical testing methods. By understanding typical misconfigurations, you’ll learn how to prioritize remediation efforts and strengthen overall system security, preventing potential breaches.

What skills are essential for a successful career as an ethical hacker according to this course?

Essential skills include a solid understanding of network protocols, system architecture, and common vulnerabilities. Critical thinking, attention to detail, and the ability to think like an attacker are also vital.

This course emphasizes practical skills such as evaluating security configurations, conducting penetration tests, and documenting findings comprehensively. Developing these skills enables you to assess systems legally, anticipate attack vectors, and help organizations improve their security posture.

Does this course cover the legal and ethical considerations involved in hacking?

Yes, the course stresses the importance of conducting ethical hacking within legal boundaries. It covers best practices for obtaining proper permissions and understanding the scope of engagement to avoid illegal activities.

Ethical hacking involves acting responsibly, respecting privacy, and ensuring that all assessments are authorized. The course prepares you to operate professionally, documenting findings transparently and communicating risks effectively to stakeholders.