Certified Ethical Hacker (CEH): Study Guide

CEH teaches the attacker’s toolkit so you can defend against it. The exam is broad and concept-heavy, organised around the phases of an attack and the major technology areas. Throughout, keep two things front of mind: ethics (ethical hacking is always authorised and scoped) and defence (relate each offensive concept to how you would detect or prevent it). This guide is study guidance only and contains no operational attack instructions or exam questions.

The five phases of ethical hacking

1. Reconnaissance — gathering information about the target, passively and actively.
2. Scanning — discovering live hosts, open ports and services.
3. Gaining access — exploiting a weakness to get in (conceptually, for the exam).
4. Maintaining access — how attackers persist, and how defenders spot it.
5. Covering tracks — how attackers hide activity, and why logging and monitoring matter.

The main topic areas

• Reconnaissance and scanning: footprinting, enumeration, vulnerability analysis.
• System and network attacks: system hacking concepts, malware, sniffing, social engineering, denial of service, session hijacking, evading IDS and firewalls.
• Application and platform attacks: web servers and applications, SQL injection, wireless, mobile, IoT and OT.
• Cloud and cryptography: cloud security concepts and common cryptography topics.

Study each area by understanding what the technique is, why it works, and how a defender detects or prevents it — that framing matches how the exam asks questions and keeps your learning ethical.

Final preparation

Use a safe, legal practice lab (only systems you own or are authorised to test), and finish with full-length, timed reviews across all topic areas. Never test systems without permission, and avoid any “real exam questions” sites, which breach EC-Council policy and copyright.