The Certified Ethical Hacker qualification is valuable worldwide, and as the Global Standard for Offensive Security Thinking, the CEH course is an excellent introduction. Understanding the content, the skills learned, and the potential career opportunities will afford candidate a better framework to test whether this offered qualification is the correct fit for them and the stage of their career at this time. Therefore, this guide will give every candidate looking to attain such a valuable qualification an excellent framework of CEH v13, the presentized version of the certification and the skills offered in the qualification.
What is the CEH Qualification
First developed and offered by the EC-Council, the CEH qualification is advanced and validates that a certified professional can legally hack a system as a malicious actor would. CEH v13 is the present version and is the first to have integrated artificial intelligence throughout all five phases of Ethical Hacking. Security professionals will be required to understand both hacking and security of systems as AI powered tools have become the norm for both attackers and defenders.
The CEH lacks provide certification for all 20 modules, including the essential module of cloud security and the most difficult module of CEH, the module of reconnaissance. If a candidate so chooses to do so, EC-Council training can be received. Additionally, the candidate must pay a $100 application fee and must have two of Information Technology Security experience to be eligible to take the CEH.
The 20 Modules: Your Learning Objectives
CEH v13 has 20 modules correlating with the entire lifetime of ethical hacking. The first module is an Introduction to Ethical Hacking. The basic principles of hacking, the laws, and the ethics employed in security testing are addressed. Footprinting and Reconnaissance teaches passive and active information gathering, including the use of OSINT, DNS and social engineering reconnaissance.
Scanning Networks teaches network discovery and port scanning techniques, along with banner grabbing methods. Enumeration focuses on gathering more specific details from network services, and Vulnerability Analysis covers scanning tools to identify existing system and application vulnerabilities. The System Hacking module teaches the processes necessary to gain access to computer systems, followed by methods to access higher-level privileges, remain undetected, and keep access once acquired.
The Malware Threats module reviews viruses, trojans, and ransomware. Additional modules are reviewing malware analysis techniques, Sniffing which covers the packet capture and use of Wireshark and tcpdump. The Social Engineering module encompasses framing of psychological manipulation techniques used in various forms of phishing, vishing, and various aspects of physical security attacks.
Session Hijacking focuses on violation of integrity within established network sessions, followed with Evading IDS. Your last modules cover techniques of various Firewalls and Honeypots and Hacking Web Servers, Web Applications, along with the various forms of SQL Injections and the Top 10 Web Application security vulnerabilities that are exploitable in real world attacks.
Hacking Wireless Networks, Mobile Platforms, and IoT, Cloud Computing defense, and Cryptography study hacking and defending clouds and encryption technologies.
Most of these modules include practical training with tools and environments with simulation exercises, detailing 221 hands-on labs designed in CEH v13.
Career Opportunities for CEH Holders
CEH is listed and endorsed in the US Department of Defense DoD 8570/8140 approved baseline list and is almost a requisite for security positions in government contracting, intelligence, and defence, making it important for those looking for federal and government jobs.
In the private sector, jobs include penetration tester, ethical hacker, security analyst, security consultant, vulnerability specialist, and network vulnerability specialist. The average salary for a CEH holder is estimated to be around $137,000 per year in the US, as suggested by Glassdoor. The top government contracting and financial services CEH holders make even more.
For professionals who lack the required two years of experience to qualify for CEH, the CompTIA Security+ course is a great starting point. Security+ paves the way for the knowledge of networking, threats, and cryptography that frames the content of CEH to make it more understandable and valuable.
Should You Pursue CEH or OSCP?
The CEH cert and OSCP cert target different people. CEH is good for people who need a widely accepted and PMDoD stamp approved cert and want a detailed knowledge cert. For those who want a credible hands-on penetration testing cert and are okay with the much more challenging exam format, OSCP is preferred. Many dedicated offensive sec. professionals have both, using CEH for breadth and government recognition and OSCP for depth and hands-on credibility.
Lynn Martelli is an editor at Readability. She received her MFA in Creative Writing from Antioch University and has worked as an editor for over 10 years. Lynn has edited a wide variety of books, including fiction, non-fiction, memoirs, and more. In her free time, Lynn enjoys reading, writing, and spending time with her family and friends.
