A realistic eight-week plan at roughly 10 hours per week. CEH is broad, so keep a steady pace and reinforce each topic with safe, legal lab practice (only systems you own or are authorised to test).
| Week | Focus | Checkpoint |
|---|---|---|
| 1 | Foundations, ethics and the kill chain | You can explain authorised testing and attack phases |
| 2 | Reconnaissance and footprinting | You can describe passive vs active reconnaissance |
| 3 | Scanning and enumeration | You can explain host and service discovery |
| 4 | Vulnerability analysis and system hacking | You can relate each technique to a defence |
| 5 | Malware, sniffing and social engineering | You can describe detection for each |
| 6 | Web and application attacks | You can explain SQL injection conceptually and its mitigation |
| 7 | Wireless, mobile, IoT, cloud, cryptography | You can summarise threats and controls per area |
| 8 | Full-length timed reviews + weak areas | You consistently pass timed reviews |
A note on ethics and practice
Only ever practise on systems you own or are explicitly authorised to test. Study offensive techniques to strengthen defence, and avoid “real exam questions” sites, which breach EC-Council policy and copyright.