EC-Council · 2026 Edition
A complete preparation guide written by EC-Council-certified engineers. Covers the exam format,all 13 blueprint domains, a week-by-week study plan, and proven tips for passing first time.
2–4 months
Prep time
Intermediate
Difficulty
125
Exam questions
700/1000
Pass mark
Exam code
CEH
Full name
Certified Ethical Hacker
Vendor
EC-Council
Duration
240 minutes
Questions
125 items
Passing score
700/1000 (scaled)
Domains covered
13 blueprint domains
Recommended experience
2 years of work experience in information security or completion of EC-Council's official CEH training
Typical prep time
2–4 months
CEH is the world's most widely recognised ethical hacking credential. It validates knowledge of offensive security techniques used by hackers and is required or preferred for penetration tester, red team analyst, and security consultant roles.
Job roles this opens
Domain percentage weights are not currently available for this exam. The checklist below is still useful for planning your study.
Weeks 1–3
Reconnaissance and Scanning: footprinting, passive/active recon, network scanning, enumeration
Tip: The CEH exam tests tools by name and phase. Know: Maltego and theHarvester (passive OSINT), Nmap (active scanning — know key flags: -sS SYN scan, -sV version detection, -O OS fingerprinting, -A all detection, -p port range), Nessus (vulnerability scanning), and Metasploit (exploitation framework).
Weeks 4–6
System Hacking and Malware: access, privilege escalation, persistence, malware types
Tip: System hacking phases on CEH: gaining access → escalating privileges → maintaining access → clearing logs. Know the techniques at each phase: password cracking (rainbow tables, brute force, dictionary attacks), privilege escalation (kernel exploits, SUID abuse), backdoors (netcat listeners, Meterpreter), and log clearing (Metasploit clearev, manual log deletion).
Weeks 7–9
Network Attacks: sniffing, DoS/DDoS, session hijacking, social engineering, web attacks
Tip: Web application attacks are tested in depth: SQL injection (know UNION-based, blind, and time-based blind SQLi), XSS (reflected, stored, DOM-based), CSRF, file inclusion (LFI, RFI), command injection, and IDOR. Know what OWASP is and that the OWASP Top 10 is the CEH web attack reference.
Weeks 10–14
Advanced Topics: wireless attacks, IoT hacking, cloud hacking, cryptography, mobile
Tip: Wireless attack techniques: WPA2 handshake capture (deauthenticate a client, capture 4-way handshake, crack offline with aircrack-ng), evil twin AP (rogue AP with same SSID as legitimate network), and WPS PIN attack (reaver). Know the attack type and the tool used for each.
CEHv12 exam: 125 questions, 4 hours, 70% passing score (varies by exam form). The exam is available in both knowledge-based (multiple choice) and practical (6-hour live lab) formats. Check which format your voucher covers.
Know the hacking methodology phases in order: Reconnaissance → Scanning → Gaining Access → Maintaining Access → Clearing Tracks. CEH questions describe an activity and ask which phase it belongs to.
The CEH knowledge exam tests tool recognition, not tool operation. Know what each tool does and what phase it is used in — you will not type commands in the knowledge exam but must identify correct tool usage from descriptions.
Google hacking (Google dorking) is a CEH topic: know common dork operators — site: (restrict to a domain), filetype: (find specific file types), intitle: (search page titles), inurl: (search URLs). Exam questions give a dork string and ask what it finds or give a target and ask which dork would find specific information.
Cryptography on CEH: know the algorithm families — symmetric (AES, DES, 3DES, Blowfish), asymmetric (RSA, ECC, Diffie-Hellman), hashing (MD5, SHA-1, SHA-256), and message authentication codes (HMAC). Know the key lengths considered secure: AES-256, RSA-2048+, SHA-256+.
Apply everything in this guide with adaptive practice questions, detailed answer explanations, and domain analytics.
Deep-dive explanations of the key topics tested on CEH — with exam key points and common misconceptions.