- Designed for results
- World-class experts
- Flexible online learning
Certified Ethical Hacker (CEH) Training Course
Overview
Everything you need to study for both the Version 10 and Version 11 CEH exams.
Overview
The Certified Ethical Hacker (CEH) Training Course is a complete, self-paced study solution that is designed to fit into your busy schedule. Learn through expert video-based lessons enhanced with hands-on labs, selected readings, self-study quizzes, plus exclusive Pearson Test Prep practice exams to help you determine your preparedness for the exam.Certified Ethical Hacker (CEH) also offers live training events with topical deep dives and practice question review.
Certified Ethical Hacker (CEH) Training Course provides a complete overview of the topics contained in the EC-Council Blueprint for the CEH exam. With five modules, this course covers all concepts in the objectives so you can master the knowledge you need to pass the exam. New objectives for the Version 11 exam can be found at the end of the course, with full coverage provided through in-depth video lessons.
Build your ethical hacking skills with the foundations of reconnaissance, footprinting, enumeration, and vulnerability analysis and dive into hacking web servers, applications, wireless networks, IoT devices, and mobile platforms. Veteran security experts Omar Santos, Nick Garner, and Bo Rothwell provide a thorough foundation through demos and best practices for security risk analysis, as well as hacking tools and methods. With this knowledge, you will be able to confidently mitigate and help guard your network from the multifaceted attacks that you will encounter while also preparing you to pass the CEH exam.
Regardless of your level of experience, this course explores all sides of a multi-pronged cybersecurity attack to ensure that you are prepared to combat attack threats.
Course includes
- 18 hours of video-based lessons enhanced with selected readings curated by industry experts
- Hands-on labs to simulate real-world environments
- Self-study quizzes to test your progress as you work through the course
- Flash cards to study key terms
- Exclusive Pearson Test Prep practice exams to determine your preparedness for the exam
- Live training events with topical deep dives and practice question review
Learn how to
- Perform footprinting and reconScan networks
- Perform and take countermeasures against enumeration
- Conduct a vulnerability analysis
- Hack systems and cover your tracks
- Use and prevent malware
- Perform network sniffing
- Conduct social engineering methodologies and learn how to prevent them from happening
- Perform Denial-of-Service (DoS) and session hijacking attacks, as well as take measures to guard against them
- Hack web servers and applications using multiple tools and techniques
- Perform attacks using SQL injection
- Use the best tools and techniques for hacking wireless networks
- Deploy IDS, firewalls, and honeypots, as well as learn how to evade them
- Understand and learn how to use cloud computing for penetration testing
- Understand cryptography and cryptanalysis
- Exploit the vulnerabilities of Internet of Things (IoT) devices
- Understand the vulnerabilities of and methods to hack mobile devices
Skill level
- Intermediate
Who should take this course
- Anyone interested in passing the EC Council Certified Ethical Hacker (CEH) exam
- Anyone interested in becoming a cybersecurity professional
- Anyone interested in ethical hacking (penetration testing)
Course requirements
Anyone interested in earning a Certified Ethical Hacker (CEH) certification must attend training through EC-Council or show that they have 2 years of information security experience in each of the 5 CCISO domains via the application form. Please go to the EC-Council website for more information.
Retake guarantee
Didn't pass your certification exam on your first try? We'll give you six months' continued access at no cost.
About Pearson Training Courses
Pearson Training Courses offer a set of complete and affordable packages of expert-led, self-paced courses to prepare you for exam success. From technology learning to knowledge retention to test prep, these comprehensive courses will help you take your career to the next level.
Support the latest version of Edge, Google Chrome, Firefox, and Safari on the following devices.
Important note: Hands-on labs require desktop access.
- Desktop
- Windows systems with Windows 10
- Mac systems with MacOS Catalina+
- Android
- Samsung s10: OS version 10x/9x
- iOS
- iPhone 11/11 PRO: iOS 14x/13x
- iPhone XR: iOS 14x/13x
- iPhone X: iOS 14x/13x
- iPhone 7: iOS 14x/13x
- iPad Air 2019: iOS 14x/13x
Course experts
Omar Santos - Principal engineer, security expert, and author
Omar Santos is a Principal Engineer of the Cisco Product Security Incident Response Team (PSIRT). Omar is the author of more than 20 books and video courses and has been quoted by numerous media outlets, such as TheRegister, Wired, ZDNet, ThreatPost, CyberScoop, TechCrunch, Fortune Magazine, Ars Technica, and more. You can follow Omar on Twitter @santosomar.
Nick Garner - Senior Solutions Architect and instructor
Nick Garner, CCIE No. 17871, is a solutions integration architect for Cisco Systems. He has been in Cisco Advanced Services supporting customers in both transactional and subscription engagements for 8 years. In his primary role, he has deployed and supported large-scale data center designs for prominent clients in the San Francisco Bay area. His primary technical focus outside of data center routing and switching designs is security and multicast.
William Rothwell - Lead instructor and courseware developer
Wiliam "Bo" Rothwell's passion for understanding how computers work and sharing this knowledge with others has resulted in a rewarding career in IT training. His experience includes Linux, Unix, and programming languages such as Perl, Python, Tcl, and BASH. He is the founder and president of One Course Source, an IT training organization.
Michael Gregg - Cybersecurity author and expert security practitioner
Michael Gregg, CISSP is the president of Superior Solutions, Inc., a Houston based training and consulting firm. He has more than 20 years experience in the IT field. He holds two associate's degrees, a bachelor's degree, and a master's degree. He presently maintains the following certifications: CISSP, MCSE, MCT, CTT+, A+, N+, Security+, CNA, CCNA, CIW Security Analyst, CCE, CEH, CHFI, CEI, DCNP, ES Dragon IDS, ES Advanced Dragon IDS, and TICSA. He has consulted and taught for many organizations, and he is a 9-time winner of Global Knowledge's Perfect Instructor Award.
Course outline
- Overview
- Module 1: Introduction
- Lesson 1: Course Overview
- Lesson 1 Learning Objectives
- 1.1 Areas of Focus and Exam Info
- 1.2 Course Is and Isn't
- Lesson 2: Introduction to Ethical Hacking
- Lesson 2 Learning Objectives
- 2.1 Cybersecurity Overview
- 2.2 Threats and Attack Vectors
- 2.3 Attack Concepts
- 2.4 Understanding the Legal Aspects of Penetration Testing
- 2.5 Exploring Penetration Testing Methodologies
- 2.6 Attack Phases
- 2.7 Attack Types
- 2.8 InfoSec Policies
- Lesson 2: Review
- Lesson 2 Flashcards
- Lesson 2 Quiz
- Lesson 3: Footprinting and Recon
- Lesson 3 Learning Objectives
- 3.1 Footprinting Concepts
- 3.2 Footprinting Objectives
- 3.3 Footprinting Methodologies
- 3.4 Search Engines
- 3.5 Finding People
- 3.6 Competitive Intelligence
- 3.7 Websites
- 3.8 Email Tracking
- 3.9 Network Discovery
- 3.10 DNS/Whois
- 3.11 Social Engineering
- 3.12 Employee Online Activities
- 3.13 Footprinting Tools
- 3.14 Footprinting Countermeasures
- 3.15 Penetration Testing: Footprinting and Recon
- Lesson 3: Review
- Lesson 3 Flashcards
- Lesson 3 Quiz
- Lesson 4: Scanning Networks
- Lesson 4 Learning Objectives
- 4.1 Network Scanning Overview
- 4.2 Scanning Techniques
- 4.3 TCP/UDP Refresher
- 4.4 TCP Scanning Types
- 4.5 More TCP Scanning Techniques
- 4.6 Nmap Demo
- 4.7 IDS Evasion
- 4.8 Banner Grabbing
- 4.9 Vulnerability Scanning
- 4.10 Network Diagramming
- 4.11 Using and Chaining Proxies
- 4.12 HTTP and SSH Tunneling
- 4.13 Anonymizers
- 4.14 IP Spoofing and Countermeasures
- 4.15 Penetration Testing: Scanning Networks
- Lesson 4: Review
- Lesson 4 Flashcards
- Lesson 4 Quiz
- Module 1: Review
- Module 1 Quiz
- Module 2: Introduction
- Lesson 5: Enumeration
- Lesson 5 Learning Objectives
- 5.1 Enumeration Overview
- 5.2 NetBIOS Enumeration
- 5.3 Users and Default Passwords
- 5.4 SNMP Enumeration
- 5.5 Linux Enumeration
- 5.6 LDAP, NTP, SMTP, DNS Enumeration
- 5.7 Enumerating IKE, IPsec, VPNs
- 5.8 Enumeration Countermeasures
- 5.9 Penetration Testing: Enumeration
- Lesson 5: Review
- Lesson 5 Flashcards
- Lesson 5 Quiz
- Lesson 6: Vulnerability Analysis
- Lesson 6 Learning Objectives
- 6.1 Introducing Vulnerability Research and Classification
- 6.2 Exploring Vulnerability Assessment
- 6.3 Vulnerability Management Lifecycle (Vulnerability Assessment Phases)
- 6.4 Understanding Different Approaches of Vulnerability Assessment Solutions
- 6.5 Overview of Vulnerability Scoring Systems
- 6.6 Vulnerability Assessment Tools
- 6.7 Overview of Vulnerability Assessment Reports
- Lesson 6: Review
- Lesson 6 Flashcards
- Lesson 6 Quiz
- Lesson 7: System Hacking
- Lesson 7 Learning Objectives
- 7.1 Hacking Methodology
- 7.2 Password Cracking
- 7.3 Keyloggers and Anti-keyloggers
- 7.4 Microsoft Authentication
- 7.5 Defense Against Password Cracking
- 7.6 Privilege Escalation
- 7.7 Executing Applications
- 7.8 Rootkits and Anti-rootkits
- 7.9 NTFS Stream Manipulation
- 7.1 Steganography and Steganalysis Methods
- 7.11 Covering Tracks
- 7.12 Penetration Testing: System Hacking
- Lesson 7: Review
- Lesson 7 Flashcards
- Lesson 7 Quiz
- Lesson 8: Malware Threats
- Lesson 8 Learning Objectives
- 8.1 Understanding Malware and Malware Propagation Techniques
- 8.2 Trojans, Backdoors, Viruses, Worms
- 8.3 Indications of Infection
- 8.4 Common Ports
- 8.5 How Malware Gets Into a System
- 8.6 How to Detect
- 8.7 Anti-malware Software
- 8.8 Online Malware Analysis Services
- 8.9 Countermeasures
- 8.10 Penetration Testing: Malware Threats
- Lesson 8: Review
- Lesson 8 Flashcards
- Lesson 8 Quiz
- Lesson 9: Sniffing
- Lesson 9 Learning Objectives
- 9.1 Sniffing Overview
- 9.2 Sniffing Attack Types
- 9.3 Protocol Analyzers
- 9.4 Sniffing Tools
- 9.5 Sniffing Detection and Defense
- 9.6 Penetration Testing: Sniffing
- Lesson 9: Review
- Lesson 9 Flashcards
- Lesson 9 Quiz
- Lesson 10: Social Engineering
- Lesson 10 Learning Objectives
- 10.1 Social Engineering Concepts
- 10.2 Social Networking
- 10.3 Identity Theft
- 10.4 Social Engineering Countermeasures
- 10.5 Understanding Social Engineering
- 10.6 Surveying Social Engineering Methodologies
- 10.7 Understanding How to Target Employees
- 10.8 Exploring Social Engineering Tools
- 10.9 Exploring the Social Engineering Toolkit (SET)
- 10.10 Surveying Social Engineering Case Studies
- 10.11 Penetration Testing: Social Engineering
- Lesson 10: Review
- Lesson 10 Flashcards
- Lesson 10 Quiz
- Module 2: Review
- Module 2 Quiz
- Module 3: Introduction
- Lesson 11: Denial-of-Service (DoS)
- Lesson 11 Learning Objectives
- 11.1 DoS/DDoS Overview
- 11.2 DoS Techniques
- 11.3 Botnets
- 11.4 DoS Attack Tools
- 11.5 Detection and Countermeasures
- 11.6 DDoS Protection Tools
- 11.7 Penetration Testing: DoS
- Lesson 11: Review
- Lesson 11 Flashcards
- Lesson 11 Quiz
- Lesson 12: Session Hijacking
- Lesson 12 Learning Objectives
- 12.1 What Is Session Hijacking?
- 12.2 Techniques
- 12.3 Application Level Session Hijacking
- 12.4 MitM Attacks
- 12.5 Cross-site Attacks
- 12.6 Network Level Hijacking
- 12.7 Session Hijacking Tools
- 12.8 Hijacking Protection
- 12.9 Penetration Testing: Session Hijacking
- Lesson 12: Review
- Lesson 12 Flashcards
- Lesson 12 Quiz
- Module 3: Review
- Module 3 Quiz
- Module 4: Introduction
- Lesson 13: Hacking Webservers
- Lesson 13 Learning Objectives
- 13.1 Webserver Concepts
- 13.2 Webserver Attacks
- 13.3 Attack Methodology
- 13.4 Countermeasures
- 13.5 System Patch Management
- 13.6 Security Tools
- 13.7 Exploring CMS and Framework Identification
- 13.8 Surveying Web Crawlers and Directory Brute Force
- 13.9 Understanding How Web Application Scanners Work
- 13.10 Introducing Nikto
- 13.11 Introducing the Burp Suite
- 13.12 Introducing OWASP Zed Application Proxy (ZAP)
- 13.13 Introducing OpenVAS
- Lesson 13: Review
- Lesson 13 Flashcards
- Lesson 13 Quiz
- Lesson 14: Hacking Web Applications
- Lesson 14 Learning Objectives
- 14.1 Attack Vectors and Threats
- 14.2 Footprinting
- 14.3 Authentication and Authorization System Attacks
- 14.4 Understanding the Need for Web Application Penetration Testing
- 14.5 Exploring How Web Applications Have Evolved Over Time
- 14.6 Understanding the Web Application Protocols
- 14.7 Exploring the HTTP Request and Response
- 14.8 Surveying Session Management and Cookies
- 14.9 Understanding the APIs
- 14.10 Exploring the Tools Used to Test the APIs
- 14.11 Exploring Cloud Services
- 14.12 Exploring Web Application Frameworks
- 14.13 Surveying Docker Containers
- 14.14 Introducing DevOps
- 14.15 Understanding Authentication Schemes in Web Applications
- 14.16 Exploring Session Management Mechanisms and Related Vulnerabilities
- 14.17 Database Connectivity Attacks
- Lesson 14: Review
- Lesson 14 Flashcards
- Lesson 14 Quiz
- Lesson 15: Advanced Web Application Hacking
- Lesson 15 Learning Objectives
- 15.1 Understanding What is Command Injection
- 15.2 Exploiting Command Injection Vulnerabilities
- 15.3 Understanding What is XML Injection
- 15.4 Exploiting XML Injection Vulnerabilities
- 15.5 Undertanding How to Mitigate Injection Vulnerabilities
- 15.6 Understanding What is XSS
- 15.7 Exploiting Reflected XSS Vulnerabilities
- 15.8 Exploiting Stored XSS Vulnerabilities
- 15.9 Exploiting DOM Based XSS Vulnerabilities
- 15.10 Understanding Cross-Site Request Forgery (CSRF)
- 15.11 Exploiting CSRF Vulnerabilities
- 15.12 Evading Web Application Security Controls
- 15.13 Mitigating XSS and CSRF Vulnerabilities
- 15.14 Surveying the Client-side Code and Storage
- 15.15 Understanding HTML5 Implementations
- 15.16 Understanding AJAX Implementations
- 15.17 Mitigating AJAX, HTML5, and Client-side Vulnerabilities
- 15.18 Understanding the Other Common Security Flaws in Web Applications
- 15.19 Exploiting Insecure Direct Object References and Path Traversal
- 15.20 Surveying Information Disclosure Vulnerabilities
- 15.21 Fuzzing Web Applications
- 15.22 Web Application Security Tools
- 15.23 Web Application Firewalls
- Lesson 15: Review
- Lesson 15 Flashcards
- Lesson 15 Quiz
- Lesson 16: SQL Injection
- Lesson 16 Learning Objectives
- 16.1 Overview
- 16.2 Attacks Using SQL Injection
- 16.3 Methodology
- 16.4 Understanding SQL Injection
- 16.5 Exploiting SQL Injection Vulnerabilities
- 16.6 SQL Injection Defense
- 16.7 Detection Tools
- Lesson 16: Review
- Lesson 16 Flashcards
- Lesson 16 Quiz
- Module 4: Review
- Module 4 Quiz
- Module 5: Introduction
- Lesson 17: Hacking Wireless
- Lesson 17 Learning Objectives
- 17.1 Wireless LAN Overview
- 17.2 Wireless Encryption
- 17.3 Wireless Threats
- 17.4 Understanding Wireless Antennas
- 17.5 Surveying Wi-Fi Devices Like the Pinneaple
- 17.6 Building Your Own Lab
- 17.7 Introducing the Aircrack-ng Suite
- 17.8 Introducing Airmon-ng
- 17.9 Understanding Airodump-ng
- 17.10 Introducing Aireplay-ng
- 17.11 Introducing Airdecap-ng
- 17.12 Introducing Airserv-ng
- 17.13 Introducing Airtun-ng
- 17.14 Understanding WEP Fundamentals
- 17.15 Learning How to Crack WEP
- 17.16 Understanding WPA Fundamentals
- 17.17 Surveying Attacks Against WPA2-PSK Networks
- 17.18 Using coWPAtty
- 17.19 Using Pyrit
- 17.20 Exploring WPA Enterprise Hacking
- 17.21 Using Kismet
- 17.22 Using Wireshark
- 17.23 Defining Evil Twin Attacks
- 17.24 Performing Evil Twin Attacks
- 17.25 Using Karmetasploit
- 17.26 Bluetooth and Bluejacking
- 17.27 Understanding Bluetooth Vulnerabilities
- 17.28 Surveying Tools for Bluetooth Monitoring
- 17.29 Wireless Attack Defense
- 17.30 Wireless IPS
- Lesson 17: Review
- Lesson 17 Flashcards
- Lesson 17 Quiz
- Lesson 18: IDS, Firewalls, and Honeypots
- Lesson 18 Learning Objectives
- 18.1 IDS, Firewall, and Honeypot Concepts
- 18.2 Firewall Tools
- 18.3 Honeypot Tools
- 18.4 IDS Tools
- 18.5 Evading IDS and Firewalls
- 18.6 Evading IDS and Firewall Tools
- 18.7 Detecting Honeypots
- 18.8 Penetration Testing: IDS, Firewalls, and Honeypots
- Lesson 18: Review
- Lesson 18 Flashcards
- Lesson 18 Quiz
- Lesson 19: Cloud Computing
- Lesson 19 Learning Objectives
- 19.1 Overview
- 19.2 Providers
- 19.3 Detection
- 19.4 Instance and VPC Security Methods
- 19.5 Cloud Use as a Pen Testing Source
- 19.6 Understanding the Challenge of Testing Cloud Services
- 19.7 Exploring How to Test in the Cloud
- Lesson 19: Review
- Lesson 19 Flashcards
- Lesson 19 Quiz
- Lesson 20: Cryptography
- Lesson 20 Learning Objectives
- 20.1 Overview
- 20.2 Algorithms
- 20.3 Tools
- 20.4 Public Key Infrastructure
- 20.5 Email
- 20.6 Disk Encryption and Tools
- 20.7 Attacks Against Cryptography
- 20.8 Cryptanalysis Tools
- Lesson 20: Review
- Lesson 20 Flashcards
- Lesson 20 Quiz
- Lesson 21: IoT Hacking
- Lesson 21 Learning Objectives
- 21.1 Understanding IoT Fundamentals
- 21.2 Exploring ZigBee and IEEE 802.15.4
- 21.3 Exploring INSTEON
- 21.4 Exploring ZWave
- 21.5 Exploring LoRA
- 21.6 Overview of IoT Penetration Testing
- 21.7 IoT Security Tools
- Lesson 21: Review
- Lesson 21 Flashcards
- Lesson 21 Quiz
- Lesson 22: Hacking Mobile Platforms
- Lesson 22 Learning Objectives
- 22.1 Understanding OWASP Mobile Device Vulnerabilities
- 22.2 Wrestling with the BYOD Dilemma
- 22.3 Understanding Mobile Device Management (MDM)
- 22.4 Understanding Mobile Device Security Policies
- 22.5 Exploring The Android Security Model
- 22.6 Exploring Android Emulators and SDK
- 22.7 Understanding Android Hacking Tools and Methodologies
- 22.8 Introducing iOS Security
- 22.9 Exploring Jailbraking iOS
- 22.1 Surveying Tools for Dissasembling iOS Applications
- 22.11 Understanding Mobile Spyware
- 22.12 Exploring How to Make Your Own STORM-like Mobile Hacking Device
- Lesson 22: Review
- Lesson 22 Flashcards
- Lesson 22 Quiz
- Module 5: Review
- Module 5 Quiz
- CEH v11 Bonus Content Learning Objectives
- Understanding IoT Security Threats
- The Utility Industry
- Communications Over the Utility WAN
- Field Area Networks (FANs)
- IoT Industrial Network Architecture
- Factory Security
- The Oil and Gas Industry—Trends and Challenges
- IoT Architectures for Oil and Gas
- Securing IoT for Oil and Gas
- IoT Architecture for Mining
- Surveying Unsecure Code Practices and Insecure APIs
- Understanding Security Threats in Cloud Environments
- Understanding VXLAN and Network Overlays
- Understanding Microsegmentation
- Introducing the Different Cloud Deployment and Service Models
- Surveying Patch Management in the Cloud
- Performing Security Assessments in Cloud Environments
- Introducing Agile, DevOps, and CI/CD Pipelines
- Introducing Serverless Computing
- Understanding Container Orchestration and an Introduction to Kubernetes
- Exploring the Concepts of DevSecOps
- Attacking WPA2 Implementations
- Assessing Unsecure Code Practices and APIs
- Exploring Sandboxes and Virtual Machine Escape Attacks
- The Evolution of IEEE 802.11 Security
- WPA3 Security
- Understanding API Access
- Understanding Authentication
- Understanding Authorization Modes
- Managing Security Contexts
- Managing Kubernetes User Accounts
- Managing Security (Video Lab)
- Managing Security (Video Lab Solution)
- Understanding File-less Malware Concepts
- Introducing Malware Analysis
- Exploring WPA3 Attacks and Mitigation