CEH Certification Guide — Certified Ethical Hacker 2026

What Is the CEH and Why Does It Matter?

The Certified Ethical Hacker (CEH) is EC-Council’s flagship ethical hacking certification, currently at version CEH v13 (exam code 312-50v13). Accredited by ANAB (ANSI National Accreditation Board) under ISO/IEC 17024, the CEH is recognised by the US Department of Defence under DoD Directive 8570/8140 as an approved baseline certification for information assurance roles.

The Certified Ethical Hacker (CEH) is EC-Council’s flagship ethical hacking certification. It teaches you to think and act like an attacker — but legally and with permission — so you can find and fix security weaknesses before real attackers exploit them.

If you are considering a career in penetration testing, vulnerability assessment, or red team operations, the CEH is one of the most recognised credentials in the industry. It is also referenced in many government and defence job postings, including US DoD 8570/8140 requirements and Australian IRAP-adjacent roles.

When I first came across the CEH while studying for Security+, it felt like the “advanced” certification that was far beyond my reach. But breaking it down into its actual domains, I realised I was already learning many of the underlying concepts — just from the other side. Understanding threats, networking, and how attacks work is the same knowledge base. The CEH just formalises the attacker perspective.

Important: The CEH teaches ethical hacking techniques. Using any of these techniques against systems you do not own or have explicit written permission to test is illegal. Laws such as the Computer Fraud and Abuse Act (US), the Computer Misuse Act (UK), and the Criminal Code Act 1995 (Australia) carry serious penalties.

Quick Answer

What is the CEH? The Certified Ethical Hacker (CEH) is EC-Council’s ethical hacking certification that teaches you to identify and exploit security vulnerabilities using the same tools and techniques as malicious hackers — but legally and with authorisation. Why it matters for beginners: The CEH is required or preferred for many government, defence, and private-sector security roles, and meets US DoD 8570/8140 baseline requirements. Key framework: CEH v13 (312-50v13) covers 20 domains aligned with EC-Council’s ethical hacking methodology and maps to the MITRE ATT&CK framework.

What Do Real-World CEH Scenarios Look Like?

The CEH exists because organisations need people who can test their defences proactively. Waiting for a real attacker to find your weaknesses is the most expensive way to discover them.

Who benefits from CEH	Why
Aspiring penetration testers	Structured learning path for offensive security
SOC analysts wanting to move to red team	Builds attacker perspective on top of defensive skills
IT professionals adding security skills	Demonstrates security testing capability to employers
Government/defence job seekers	Meets DoD 8570/8140 and some IRAP-related requirements
Career changers with Security+ already passed	Natural next step toward hands-on security roles

The CEH is not the right first certification for most career changers. If you have no IT background, start with CompTIA A+ and CompTIA Security+ first. The CEH assumes you already understand networking, operating systems, and basic security concepts.

How Does Ethical Hacking Work?

Ethical hacking (also called penetration testing or white-hat hacking) is the authorised practice of probing computer systems, networks, and applications for security vulnerabilities. NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment) defines this as a structured approach to identifying weaknesses before adversaries can exploit them.

Key Definition

Ethical hacking is the authorised and legal practice of bypassing system security to identify potential data breaches and threats in a network. The person performing the test — an ethical hacker or penetration tester — uses the same tools and techniques as malicious attackers but operates with written permission and reports findings to the organisation. Source: EC-Council CEH v13 exam objectives; NIST SP 800-115.

Think of ethical hacking like a fire drill for your organisation’s digital defences.

Just as a fire marshal tests whether alarms work, exits are clear, and staff know what to do — an ethical hacker tests whether firewalls block attacks, applications resist exploitation, and security teams detect intrusions. The goal is to find problems in a controlled environment before a real incident forces you to discover them under pressure.

Certification objective: CEH v13 maps to EC-Council’s ethical hacking methodology: Reconnaissance, Scanning, Gaining Access, Maintaining Access, and Covering Tracks. This mirrors the Cyber Kill Chain concepts used by defenders.

The ethical hacking methodology follows five phases:

1. Reconnaissance — Gathering information about the target using public sources and scanning tools
2. Scanning — Actively probing the target to identify open ports, services, and vulnerabilities
3. Gaining access — Exploiting discovered vulnerabilities to demonstrate impact
4. Maintaining access — Showing how an attacker could persist in the environment
5. Covering tracks — Understanding how attackers hide their presence (so defenders can detect it)

Each phase has corresponding defensive countermeasures. The CEH teaches both sides — attack techniques and how to defend against them.

CEH Exam Details — What You Need to Know

The CEH exam has been updated multiple times. As of 2026, the current version is CEH v13.

Exam Format

Detail	CEH v13
Exam code	312-50v13
Number of questions	125 multiple choice
Time limit	4 hours
Passing score	60-85% (varies by exam form)
Delivery	Pearson VUE or ECC Exam Portal
Prerequisites	2 years IT security experience OR official EC-Council training
Recertification	120 ECE credits over 3 years

The variable passing score means different exam forms have different cut scores based on question difficulty. EC-Council does not publish the exact passing percentage for each form, but it typically falls between 60% and 85%.

CEH Domains

The CEH v13 covers 20 domains that map to the ethical hacking methodology:

Domain	What it covers
Information security and ethical hacking overview	Legal, ethical, and professional foundations
Footprinting and reconnaissance	Passive and active information gathering
Scanning networks	Port scanning, service enumeration, vulnerability scanning
Enumeration	Extracting usernames, shares, services from target systems
Vulnerability analysis	Identifying and classifying security weaknesses
System hacking	Password attacks, privilege escalation, maintaining access
Malware threats	Trojans, viruses, worms, ransomware, fileless malware
Sniffing	Network packet capture and analysis
Social engineering	Phishing, pretexting, impersonation techniques
Denial of service	DoS/DDoS attack methods and countermeasures
Session hijacking	Stealing or manipulating active sessions
Evading IDS, firewalls, and honeypots	Bypassing security controls
Hacking web servers	Exploiting web server vulnerabilities
Hacking web applications	SQL injection, XSS, CSRF, and other web attacks
SQL injection	In-depth database exploitation techniques
Hacking wireless networks	Wi-Fi security and attack techniques
Hacking mobile platforms	Android and iOS security
IoT and OT hacking	Internet of Things and operational technology attacks
Cloud computing	Cloud security risks and attack vectors
Cryptography	Encryption, hashing, PKI, and cryptographic attacks

Many of these topics overlap with what you learn in Security+, Networking Basics, and the Threat Landscape page. The CEH goes deeper into the practical attack side of each topic.

How Does the CEH Fit Into a Security Architecture?

The CEH sits at the intermediate level of the cybersecurity certification landscape, positioned between foundational certifications like CompTIA Security+ and advanced offensive credentials like the OSCP. EC-Council recommends candidates have a minimum of two years’ information security experience or complete official training before attempting the exam.

Preparing for the CEH is a multi-stage process. Rushing straight to the exam without building prerequisite knowledge is one of the most common mistakes.

CEH Study Path

📊 Visual Explanation

CEH Study Path

From prerequisites to certification — a realistic timeline for career changers

Pause

Prerequisites2-4 months

Networking fundamentals

OS basics (Windows + Linux)

Security+ or equivalent knowledge

CEH Training2-3 months

Official courseware or self-study

20 domain coverage

Lab exercises

Hands-On Practice1-2 months

iLabs or home lab

CTF challenges

Tool practice (Nmap, Wireshark, Metasploit)

Exam Preparation2-4 weeks

Practice exams

Weak area review

Time management practice

CertificationExam day

Pass CEH 312-50v13

Apply for certification

Maintain with ECE credits

Idle

A realistic timeline for someone with Security+ already is 4-6 months of dedicated study. If you are starting from scratch without networking and OS fundamentals, add 2-4 months of prerequisite work.

What Does the CEH Look Like in Practice?

CEH v13 covers practical attack techniques and defensive countermeasures using industry-standard tools. EC-Council’s official iLabs environment provides hands-on exercises for each of the 20 domains, and NIST SP 800-115 describes these same techniques as part of a structured security assessment methodology.

The CEH is not just theory. Here are examples of what you learn to do and the tools involved.

Example 1: Reconnaissance with Nmap

# Scan a target for open ports and service versions
# Only run this against systems you own or have written permission to test
nmap -sV -sC -oN scan_results.txt 192.168.1.100

# Explanation:
# -sV   Detect service versions on open ports
# -sC   Run default NSE scripts for additional information
# -oN   Save output to a text file

Learn more about Nmap in the Nmap guide.

Example 2: Password Hash Analysis

# On a Linux system, view the password hash format (requires root)
sudo cat /etc/shadow | head -5

# Example hash format:
# user:$6$randomsalt$hashedpassword:18000:0:99999:7:::
#       ^^ $6$ means SHA-512 hashing algorithm

# In a lab environment, you would use tools like John the Ripper
# or Hashcat to test password strength against known wordlists
john --wordlist=/usr/share/wordlists/rockyou.txt hashes.txt

Example 3: Checking for SQL Injection (Conceptual)

-- Normal login query:
SELECT * FROM users WHERE username = 'admin' AND password = 'password123';

-- SQL injection attempt (attacker input in the username field):
-- Input: admin' OR '1'='1' --
-- Resulting query:
SELECT * FROM users WHERE username = 'admin' OR '1'='1' --' AND password = '';

-- The OR '1'='1' always evaluates to true, bypassing authentication
-- The -- comments out the rest of the query

Understanding how these attacks work is essential for both offensive testing and writing secure code. The CEH covers both the attack technique and the countermeasures (parameterised queries, input validation, WAFs).

CEH Cost — What You Will Actually Spend

The CEH is one of the more expensive cybersecurity certifications. Understanding the cost options helps you plan.

Option	Approximate cost (USD, as of 2026)	What is included
Self-study (exam voucher only)	~$1,199	Exam voucher, no official training
EC-Council iLearn (self-paced)	~$2,199	Video training + exam voucher + 6 months iLabs
EC-Council iWeek (live online)	~$2,999	Live instructor + exam voucher + 6 months iLabs
Bootcamp (third-party)	$2,500-$4,000	Varies by provider

Cost note: Prices are approximate as of 2026. Always verify current pricing at eccouncil.org. Some employers cover certification costs. In Australia, some training may be eligible for government skills subsidies depending on your state and employment status.

Eligibility without official training: If you choose the self-study path (~$1,199 exam voucher), you must demonstrate at least 2 years of information security work experience and pay a non-refundable $100 application fee for eligibility review. If approved, you can schedule the exam without taking official EC-Council training.

The CEH covers 20 domains — that is a lot of ground. This tracker helps you plan your study across all of them and see how CEH fits into your broader certification path.

Career Roadmap & Study TrackerAvailable Now

Step-by-step roadmap with study tracker worksheets and certification decision framework.

Get the Guide → $27

CEH vs CompTIA Security+ — Which Should You Get?

This is one of the most common questions career changers ask. The answer depends on where you are in your journey.

CEH vs CompTIA Security+

CompTIA Security+

• Broad security foundation — Covers defence, risk, compliance, and operations
• Entry-level friendly — No prerequisites required
• Cost: ~$404 exam — Significantly cheaper entry point
• Vendor-neutral — Recognised across all industries
• Defence-focused — How to protect and detect

VS

CEH (Certified Ethical Hacker)

• Offensive security focus — Covers hacking tools, techniques, and methodology
• Intermediate level — Expects networking and OS knowledge
• Cost: $1,199-$2,999 — Significant financial investment
• EC-Council specific — Recognised but debated in some circles
• Attack-focused — How attackers think and operate

Verdict: Start with Security+ if you are new to cybersecurity. Consider CEH after you have Security+ and want to move toward penetration testing or red team roles.

Use case

Security+ opens more entry-level doors. CEH adds value for roles that specifically require offensive security skills or DoD 8570 compliance.

What About OSCP?

The Offensive Security Certified Professional (OSCP) is often compared to the CEH. The OSCP is a hands-on, performance-based exam that requires you to hack into multiple machines within 24 hours. It is significantly harder and more respected in the penetration testing community than the CEH.

Factor	CEH	OSCP
Exam format	125 multiple choice questions	24-hour hands-on practical exam
Difficulty	Intermediate	Advanced
Industry respect	Mixed — valued in government, debated in infosec community	Highly respected in penetration testing
Best for	DoD compliance, government roles, breadth of knowledge	Penetration testing careers, proving hands-on skill
Cost	$1,199-$2,999	~$1,749 (includes 90 days lab access)

If your goal is penetration testing, many experienced professionals recommend the path: Security+ then OSCP, potentially skipping CEH. However, the CEH still holds value for government positions and roles that specifically list it as a requirement.

What Are the Limitations of the CEH?

No single certification guarantees employment, and the CEH has well-documented strengths and limitations within the cybersecurity community. EC-Council’s multiple-choice exam format tests knowledge breadth but does not validate hands-on exploitation skill the way performance-based exams like the OSCP do.

Every certification has strengths and weaknesses. Being honest about them helps you make better career decisions.

Advantage	Limitation
Broadly recognised, especially in government	Multiple-choice format does not prove hands-on skill
Covers 20 security domains comprehensively	Can feel like “a mile wide and an inch deep” on some topics
Meets DoD 8570/8140 requirements	Expensive compared to Security+ or self-paced alternatives
Structured learning path for offensive security	Some infosec professionals consider it less rigorous than OSCP
Available globally with multiple training options	EC-Council’s marketing and pricing practices draw criticism
Good for understanding attacker methodology	Requires recertification every 3 years (120 ECE credits)

Common study mistakes:

• Relying only on brain dumps instead of understanding concepts — this fails because the exam uses multiple question forms
• Skipping the hands-on labs — the exam tests scenario-based knowledge that requires practical understanding
• Studying CEH before having solid networking and OS fundamentals — the material assumes prerequisite knowledge
• Underestimating the breadth — 20 domains is a lot of material to cover
• Not budgeting for the full cost — exam retakes are additional

What Interview Questions Should You Expect About the CEH?

Interviewers testing CEH holders focus on practical application, not just certification status. EC-Council’s CEH v13 exam objectives emphasise the ability to explain attack techniques and their corresponding defensive countermeasures, which is exactly what hiring managers probe during interviews.

If you hold the CEH, interviewers will expect you to demonstrate practical understanding, not just certification status.

Question	What they are testing	Strong answer approach
Walk me through the ethical hacking methodology	Whether you understand structured testing	Describe the five phases with a concrete example of each
What is the difference between a vulnerability scan and a penetration test?	Practical understanding of testing types	Explain that scanning identifies weaknesses while pen testing actively exploits them to prove impact
How would you scope a penetration test engagement?	Professional judgement and methodology	Discuss defining targets, rules of engagement, authorisation, testing windows, and reporting requirements
Explain SQL injection and how to prevent it	Technical depth on a common vulnerability	Describe the attack mechanism and countermeasures (parameterised queries, input validation, WAF)
Why is authorisation important before any security testing?	Ethics and legal awareness	Explain legal requirements, the difference between ethical hacking and criminal activity, and the importance of written scope agreements

The strongest candidates can connect CEH knowledge to defensive outcomes: “I learned how attackers do X, which means as a defender I would look for Y in the logs.”

How Is the CEH Used in Real Security Operations?

The CEH is referenced in government, defence, and enterprise job postings across Australia and internationally. The Australian Signals Directorate (ASD) Essential Eight maturity model recommends regular security assessments, and CEH-certified professionals are commonly engaged to perform these assessments.

In Australia, the CEH is recognised but carries some specific considerations.

Government roles: Australian Government agencies and defence contractors often reference the CEH in job postings, particularly for roles involving security assessment and IRAP (Information Security Registered Assessors Program). While IRAP certification itself has separate requirements, the CEH demonstrates relevant offensive security knowledge.

Private sector: Australian banks, telcos, and large enterprises hire penetration testers and security consultants who hold the CEH. However, many Australian security firms also value the OSCP, CREST certifications, or practical experience over the CEH alone.

ASD alignment: The Australian Signals Directorate (ASD) recommends regular security assessments as part of the Essential Eight maturity model. Understanding ethical hacking methodology aligns with the assessment and testing skills organisations need.

Cost consideration for Australians: At current exchange rates, the CEH represents a significant investment of AUD $1,800-$4,500+. Some Australian training providers offer CEH courses that may be eligible for state government skills funding or employer-sponsored training budgets. Check with your state’s training authority.

Exam delivery: Pearson VUE test centres are available in major Australian cities (Sydney, Melbourne, Brisbane, Adelaide, Perth, Canberra). Online proctored exams are also available.

Summary and Key Takeaways

The CEH is a well-known ethical hacking certification with clear strengths and honest limitations.

• The CEH teaches you to think like an attacker so you can defend systems more effectively.
• It covers 20 domains spanning the full ethical hacking methodology from reconnaissance to cryptography.
• The exam is 125 multiple-choice questions over 4 hours, with a variable passing score of 60-85%.
• Cost ranges from ~$1,199 (self-study) to ~$2,999 (official training), making it one of the pricier certifications.
• Start with Security+ first if you are new to cybersecurity — the CEH assumes prerequisite knowledge.
• The CEH is particularly valuable for government and defence roles that reference DoD 8570/8140.
• For pure penetration testing careers, the OSCP is often considered more rigorous, but the CEH still opens doors.

Individual results vary. Certification alone does not guarantee employment. Combine credentials with hands-on lab experience, a portfolio, and practical skills. The job market varies by location and economic conditions.

Related

• CompTIA Security+ for the recommended first security certification
• Ethical Hacking Introduction for a broader overview of ethical hacking concepts
• Penetration Testing Basics for understanding the penetration testing process
• Career Paths for where the CEH fits in different security career tracks

Frequently Asked Questions

Is the CEH worth it for beginners?

The CEH is not recommended as a first certification for career changers with no IT background. Start with CompTIA A+ and Security+ first. The CEH adds value after you have a foundation in networking, operating systems, and security concepts. It is most worth it if you are targeting government or defence roles that specifically require it.

How hard is the CEH exam?

The CEH exam is moderately difficult. It covers 20 domains with 125 multiple-choice questions over 4 hours. The breadth of material is the main challenge. Most candidates who fail do so because they underestimate the scope or skip hands-on practice. With proper preparation over 4 to 6 months, the pass rate is reasonable.

How much does the CEH cost?

The CEH exam voucher alone costs approximately $1,199 USD for self-study candidates. Official EC-Council training bundles range from $2,199 to $2,999 USD. Third-party bootcamps cost $2,500 to $4,000. Always verify current pricing at eccouncil.org as prices change.

What is the difference between CEH and OSCP?

The CEH is a multiple-choice exam covering broad ethical hacking theory across 20 domains. The OSCP is a 24-hour hands-on practical exam where you must hack into multiple machines. The OSCP is harder and more respected for penetration testing roles. The CEH is more widely recognised in government and compliance contexts.

Do I need experience to take the CEH?

If you take official EC-Council training, there are no formal experience requirements. If you choose self-study, you must demonstrate at least 2 years of information security work experience and pay a $100 application fee for eligibility review. The experience requirement can include security-related IT roles.

Is the CEH recognised in Australia?

Yes, the CEH is recognised in Australia, particularly for government, defence, and consulting roles. Australian employers in banking, telecommunications, and large enterprises also value it. However, some Australian security firms prefer OSCP or CREST certifications for pure penetration testing roles.

How long does it take to prepare for the CEH?

Most candidates need 4 to 6 months of dedicated study if they already have Security+ or equivalent knowledge. If you are building prerequisite networking and OS skills from scratch, add 2 to 4 months. Plan for 10 to 15 hours of study per week.

What version of the CEH is current?

As of 2026, the current version is CEH v13 with exam code 312-50v13. EC-Council updates the exam periodically to reflect current threats and techniques. Always check eccouncil.org for the latest version before starting your preparation.

Can I get a job with just the CEH?

The CEH alone is unlikely to land you a penetration testing job without hands-on experience. However, combined with Security+, lab experience, a portfolio of practice work, and demonstrated skills, the CEH strengthens your application significantly, especially for government and defence contractor positions.

What should I study before the CEH?

Build a solid foundation in networking fundamentals including TCP/IP, ports, and protocols. Learn both Windows and Linux operating systems. Understand core security concepts like the CIA triad, authentication, and encryption. CompTIA Security+ covers most of these prerequisites and is the recommended stepping stone.

Related sections

CompTIA Security+

The recommended first security certification and prerequisite knowledge base for the CEH.

Explore Ethical Hacking Introduction

Understand the ethical hacking methodology and legal frameworks before pursuing certification.

Explore Penetration Testing Basics

Learn the penetration testing lifecycle that the CEH exam methodology is built upon.

Explore

More resources

EC-Council CEH Official Page

Official certification details, current pricing, training options, and exam registration for the Certified Ethical Hacker.

Visit NIST SP 800-115 Technical Guide to Information Security Testing

NIST's framework for security testing and assessment that aligns with CEH methodology.

Visit MITRE ATT&CK Framework

Industry-standard knowledge base of adversary tactics and techniques that complements CEH domain knowledge.

Visit

---

Certification details verified in March 2026 against EC-Council’s official CEH program page, NIST SP 800-115, and the MITRE ATT&CK framework. Pricing and exam format are subject to change — always verify at eccouncil.org before making financial decisions.