Certified Ethical Hacker (CEH) V12: Your Pathway to CEH Training For Certification

Certified Ethical Hacker v12 is the latest iteration of EC-Council’s Certified Ethical Hacker v12 series. IBT offers CEH training to provide you the tools to research, discover and scan targets, analyze vulnerabilities and test attack methods and tools. The focus of this CEH online training course is to solve the challenge of breaking into a target network, collect evidence of success, and escape unnoticed. Every lesson and topic are infused with step-by-step guided practice using real hardware- and software-based hacking tools. Throughout both lecture and hands-on activities, the instructor, Chrys Thorsen provides commentary from the field including tips, tricks and hard-learned lessons.

With internship




Without internship



this course includes

56 Training Hours

322 On-demand Videos

Closed Captions

20 Topics

220 Prep Questions

Certificate of Completion



Introduction To Ethical Hacking


Footprinting and Reconnaissance


Scanning Networks




Vulnerability Analysis


System Hacking


Malware Threats




Social Engineering




Session Hijacking


Evading IDS, Firewalls, and Honeypots


Hacking Web Servers


Hacking Web Applications


SQL Injection


Hacking Wireless Networks


Hacking Mobile Platforms


IoT AND OT Hacking


Cloud Computing



Master the Art of Ethical Hacking with CEH Certification Training

Embark on a transformative journey with our CEH training, the latest version in EC-Council’s Certified Ethical Hacker series. This CEH training for ethical hacking is meticulously designed to arm you with the skills to scan, analyze, and penetrate target networks. The course offers a blend of theory and hands-on activities, guided by experts sharing invaluable tips, tricks, and hard-learned lessons from the field. Our CEH training is presented by Chrys Thorsen, a certified ethical hacker and cybersecurity expert in her field.


Introduction To Ethical Hacking

1.0 Introduction to CEH v12
1.1 Elements of Security
1.2 Cyber Kill Chain
1.3 MITRE ATT&CK Framework
1.3.1 Activity - Researching the MITRE ATTACK Framework
1.4 Hacking
1.5 Ethical Hacking
1.6 Information Assurance
1.7 Risk Management
1.8 Incident Management
1.9 Information Security Laws and Standards
1.10 Introduction to Ethical Hacking Review

Footprinting and Reconnaissance

2.1 Footprinting Concepts
2.2 OSINT Tools
2.2.1 Activity - Conduct OSINT with OSR Framework
2.2.2 Activity - OSINT with theHarvester
2.2.3 Activity - Add API Keys to theHarvester
2.2.4 Activity - Extract Document Metadata with FOCA
2.2.5 Activity - Extract Document Metadata with FOCA
2.3 Advanced Google Search
2.3.1 Activity - Google Hacking
2.4 Whois Footprinting
2.4.1 Activity - Conducting Whois Research
2.5 DNS Footprinting
2.5.1 Activity - Query DNS with NSLOOKUP
2.6 Website Footprinting
2.6.1 Activity - Fingerprint a Webserver with ID Serve
2.6.2 Activity - Extract Data from Websites
2.6.3 Activity - Mirror a Website with HTTrack
2.7 Email Footprinting
2.7.1 Activity - Trace a Suspicious Email
2.8 Network Footprinting
2.9 Social Network Footprinting
2.10 Footprinting and Reconnaissance Countermeasures
2.11 Footprinting and Reconnaissance Review

Scanning Networks

3.1 Scanning Concepts
3.2 Discovery Scans
3.2.1 Activity - ICMP ECHO and ARP Pings
3.2.2 Activity - Host Discovery with Angry IP Scanner
3.3 Port Scans
3.3.1 Activity - Port Scan with Angry IP Scanner
3.4 Other Scan Types
3.5 Scanning Tools
3.5.1 Activity - Hping3 Packet Crafting
3.5.2 Activity - Fingerprinting with Zenmap
3.6 NMAP
3.6.1 Activity - Nmap Basic Scans
3.6.2 Activity - Host Discovery with Nmap
3.6.3 - Activity - Nmap Version Detection
3.6.4 Activity - Nmap Idle (Zombie) Scan
3.6.5 Activity - Nmap FTP Bounce Scan
3.6.6 - Activity - NMAP Scripts
3.7 Firewall and IDS Evasion
3.7.1 Activity - Nmap Advanced Scans
3.8 Proxies
3.9 Scanning Countermeasures
3.10 Scanning Networks Review


4.1 Enumeration Overview
4.2 SMB_NetBIOS_Enumeration
4.2.1 Activity - Enumerate NetBIOS Information with Hyena
4.3 File Transfer Enumeration
4.4 WMI Enumeration
4.4.1 - Activity - Enumerating WMI with Hyena
4.5 SNMP Enumeration
4.5.1 Activity - Enumerate WMI, SNMP and Other Information Using SoftPerfect
4.6 LDAP Enumeration
4.7 DNS Enumeration
4.8 SMTP Enumeration
4.8.1 Activity - Enumerate Email Users with SMTP
4.9 Remote Connection Enumeration
4.10 Website Enumeration
4.10.1 Activity - Enumerate a Website with DirBuster
4.11 Other Enumeration Types
4.12 Enumeration Countermeasures and Review

Vulnerability Analysis

5.1 Vulnerability Scanning
5.1.1 Vulnerability Scanning with OpenVAS
5.2 Vulnerability Assessment
5.3 Vulnerability Analysis Review

System Hacking

6.1 System Hacking Concepts
6.2 Common OS Exploits
6.3 Buffer Overflows
6.3.1 Activity - Performing a Buffer Overflow
6.4 System Hacking Tools and Frameworks
6.4.1 Activity - Hack a Linux Target from Start to Finish
6.5 Metasploit
6.5.1 Activity - Get Started with Metasploit
6.6 Meterpreter
6.7 Keylogging and Spyware
6.7.1 Activity - Keylogging with Meterpreter
6.8 Netcat
6.8.1 Activity - Using Netcat
6.9 Hacking Windows
6.9.1 Activity - Hacking Windows with Eternal Blue
6.10 Hacking Linux
6.11 Password Attacks
6.11.1 Activity - Pass the Hash
6.11.2 Activity - Password Spraying
6.12 Password Cracking Tools
6.13 Windows Password Cracking
6.13.1 Activity - Cracking Windows Passwords
6.13.2 Activity - Cracking Password Hashes with Hashcat
6.14 Linux Password Cracking
6.15 Other Methods for Obtaining Passwords
6.16 Network Service Attacks
6.16.1 Activity - Brute Forcing a Network Service with Medusa
6.17 Post Exploitation
6.18 Pivoting
6.18.1 Activity - Pivoting Setup
6.19 Maintaining Access
6.19.1 Activity - Persistence
6.20 Hiding Data
6.20.1 Activity - Hiding Data Using Least Significant Bit Steganography
6.21 Covering Tracks
6.21.1 Activity - Clearing Tracks in Windows
6.21.2 Activity - View and Clear Audit Policies with Auditpol
6.22 System Hacking Countermeasures
6.23 System Hacking Review

Malware Threats

7.1 Malware Overview
7.2 Viruses
7.3 Trojans
7.3.1 Activity - Deploying a RAT
7.4 Rootkits
7.5 Other Malware
7.6 Advanced Persistent Threat
7.7 Malware Makers
7.7.1 Activity - Creating a Malware Dropper and Handler
7.8 Malware Detection
7.9 Malware Analysis
7.9.1 Activity - Performing a Static Code Review
7.9.2 Activity - Analyzing the SolarWinds Orion Hack
7.10 Malware Countermeasures
7.11 Malware Threats Review


8.1 Network Sniffing
8.2 Sniffing Tools
8.2.1 Activity- Sniffing HTTP with Wireshark
8.2.2 Activity - Capturing Files from SMB
8.3 ARP and MAC Attacks
8.3.1 Activity - Performing an MITM Attack with Ettercap
8.4 Name Resolution Attacks
8.4.1 Activity - Spoofing Responses with Responder
8.5 Other Layer 2 Attacks
8.6 Sniffing Countermeasures
8.7 Sniffing Review

Social Engineering

9.1 Social Engineering Concepts
9.2 Social Engineering Techniques
9.2.1 Activity - Deploying a Baited USB Stick
9.2.2 Activity - Using an O.MG Lightning Cable
9.3 Social Engineering Tools
9.3.1 Activity - Phishing for Credentials
9.4 Social Media, Identity Theft, Insider Threats
9.5 Social Engineering Countermeasures
9.6 Social Engineering Review


10.1 DoS-DDoS Concepts
10.2 Volumetric Attacks
10.3 Fragmentation Attacks
10.4 State Exhaustion Attacks
10.5 Application Layer Attacks
10.5.1 Activity - Performing a LOIC Attack
10.5.2 Activity - Performing a HOIC Attack
10.5.3 Activity - Conducting a Slowloris Attack
10.6 Other Attacks
10.7 DoS Tools
10.8 DoS Countermeasures
10.9 DoS Review

Session Hijacking

11.1 Session Hijacking
11.2 Compromising a Session Token
11.3 XSS
11.4 CSRF
11.5 Other Web Hijacking Attacks
11.6 Network-Level Session Hijacking
11.6.1 Activity - Hijack a Telnet Session
11.7 Session Hijacking Tools
11.8 Session Hijacking Countermeasures
11.9 Session Hijacking Review

Evading IDS, Firewalls, and Honeypots

12.1 Types of IDS
12.2 Snort
12.3 System Logs
12.4 IDS Considerations
12.5 IDS Evasion
12.5.1 Activity - Fly Below IDS Radar
12.6 Firewalls
12.7 Packet Filtering Rules
12.8 Firewall Deployments
12.9 Split DNS
12.10 Firewall Product Types
12.11 Firewall Evasion
12.11.1 Activity - Use Social Engineering to Bypass a Windows Firewall
12.11.2 Activity - Busting the DOM for WAF Evasion
12.12 Honeypots
12.13 Honeypot Detection and Evasion
12.13.1 Activity - Test and Analyze a Honey Pot
12.14 Evading IDS, Firewalls, and Honeypots Review

Hacking Web Servers

13.1 Web Server Operations
13.2 Hacking Web Servers
13.3 Common Web Server Attacks
13.3.1 Activity - Defacing a Website
13.4 Web Server Attack Tools
13.5 Hacking Web Servers Countermeasures
13.6 Hacking Web Servers Review

Hacking Web Applications

14.1 Web Application Concepts
14.2 Attacking Web Apps
14.3 A01 Broken Access Control
14.4 A02 Cryptographic Failures
14.5 A03 Injection
14.5.1 Activity - Command Injection
14.6 A04 Insecure Design
14.7 A05 Security Misconfiguration
14.8 A06 Vulnerable and Outdated Components
14.9 A07 Identification and Authentication Failures
14.10 A08 Software and Data integrity Failures
14.11 A09 Security Logging and Monitoring Failures
14.12 A10 Server-Side Request Forgery
14.13 XSS Attacks
14.13.1 Activity - XSS Walkthrough
14.13.2 Activity - Inject a Malicious iFrame with XXS
14.14 CSRF
14.15 Parameter Tampering
14.15.1 Activity - Parameter Tampering with Burp
14.16 Clickjacking
14.17 SQL Injection
14.18 Insecure Deserialization Attacks
14.19 IDOR
14.19.1 Activity - Hacking with IDOR
14.20 Directory Traversal
14.21 Session Management Attacks
14.22 Response Splitting
14.23 Overflow Attacks
14.24 XXE Attacks
14.25 Web App DoS
14.26 Soap Attacks
14.27 AJAX Attacks
14.28 Web API Hacking
14.29 Webhooks and Web Shells
14.30 Web App Hacking Tools
14.31 Hacking Web Applications Countermeasures
14.32 Hacking Web Applications Review

SQL Injection

15.1 SQL Injection Overview
15.2 Basic SQL Injection
15.3 Finding Vulnerable Websites
15.4 Error-based SQL Injection
15.5 Union SQL Injection
15.5.1 Activity - Testing SQLi on a Live Website - Part 1
15.5.2 Activity - Testing SQLi on a Live Website - Part 2
15.6 Blind SQL Injection
15.7 SQL Injection Tools
15.7.1 Activity - SQL Injection Using SQLmap
15.8 Evading Detection
15.9 Analyzing SQL Injection
15.10 SQL Injection Countermeasures
15.11 SQL Injection Review

Hacking Wireless Networks

16.1 Wireless Concepts
16.2 Wireless Security Standards
16.3 WI-FI Discovery Tools
16.4 Common Wi-Fi Attacks
16.5 Wi-Fi Password Cracking
16.6 WEP Cracking
16.6.1 Activity - Cracking WEP
16.7 WPA,WPA2,WPA3 Cracking
16.7.1 Activity - WPA KRACK Attack
16.8 WPS Cracking
16.9 Bluetooth Hacking
16.10 Other Wireless Hacking
16.10.1 Activity - Cloning an RFID badge
16.10.2 Activity - Hacking with a Flipper Zero
16.11 Wireless Security Tools
16.12 Wireless Hacking Countermeasures
16.13 Hacking Wireless Networks Review

Hacking Mobile Platforms

17.1 Mobile Device Overview
17.2 Mobile Device Attacks
17.3 Android Vulnerabilities
17.4 Rooting Android
17.5 Android Exploits
17.5.1 Activity - Hacking Android
17.5.2 Activity - Using a Mobile Device in a DDoS Campaign
17.6 Android-based Hacking Tools
17.7 Reverse Engineering an Android App
17.8 Securing Android
17.9 iOS Overview
17.10 Jailbreaking iOS
17.11 iOS Exploits
17.12 iOS-based Hacking Tools
17.13 Reverse Engineering an iOS App
17.14 Securing iOS
17.15 Mobile Device Management
17.16 Hacking Mobile Platforms Countermeasures
17.17 Hacking Mobile Platforms Review

IoT AND OT Hacking

18.1 IoT Overview
18.2 IoT Infrastructure
18.3 IoT Vulnerabilities and Threats
18.3.1 Activity - Searching for Vulnerable IoT Devices
18.4 IoT Hacking Methodology and Tools
18.5 IoT Hacking Countermeasures
18.6 OT Concepts
18.7 IT-OT Convergence
18.8 OT Components
18.9 OT Vulnerabilities
18.10 OT Attack Methodology and Tools
18.11 OT Hacking Countermeasures
18.12 IoT and OT Hacking Review

Cloud Computing

19.1 Cloud Computing Concepts
19.2 Cloud Types
19.3 Cloud Benefits and Considerations
19.4 Cloud Risks and Vulnerabilities
19.5 Cloud Threats and Countermeasures
19.5.1 Activity - Hacking S3 Buckets
19.6 Cloud Security Tools And Best Practices
19.7 Cloud Computing Review


20.1 Cryptography Concepts
20.2 Symmetric Encryption
20.2.1 Activity - Symmetric Encryption
20.3 Asymmetric Encryption
20.3.1 Activity - Asymmetric Encryption
20.4 Public Key Exchange
20.5 PKI
20.5.1 Activity - Generating and Using an Asymmetric Key Pair
20.6 Digital Signatures
20.7 Hashing
20.7.1 Activity - Calculating Hashes
20.8 Common Cryptography Use Cases
20.9 Cryptography Tools
20.10 Cryptography Attacks
20.11 Cryptography Review
20.12 Course Conclusion

Why become a Cybersecurity Engineer?

Growing Demand for Cybersecurity Professionals

The field of cybersecurity is experiencing rapid growth, driven by the escalating number and complexity of cyber threats. Both public and private sectors are investing heavily in cybersecurity measures to protect sensitive information and secure critical infrastructure. This increased investment has created a substantial demand for cybersecurity professionals, and the job market is teeming with opportunities. By becoming a cybersecurity engineer, you position yourself at the forefront of a booming industry with a multitude of career prospects.

Lucrative Salaries and Career Advancement

Cybersecurity professionals are highly sought after, and as a result, they enjoy attractive salaries and excellent benefits. The specialized skills and expertise required in this field command a premium in the job market. Furthermore, as you gain experience and demonstrate your capabilities, the potential for career advancement becomes significant. Cybersecurity engineers can progress to leadership positions, such as Chief Information Security Officer (CISO), and take on strategic roles in shaping an organization's security posture.

Global Relevance and Job Security

Cybersecurity is a global concern affecting organizations of all sizes and industries worldwide. The need for cybersecurity professionals extends beyond borders, making it a globally relevant field. By becoming a cybersecurity engineer, you equip yourself with skills that are in demand not only locally but also internationally. Job security in the field of cybersecurity is robust, as the increasing threat landscape ensures a constant need for skilled professionals to protect against attacks and mitigate risks.

Continuous Learning and Growth

The field of UX/UI design is dynamic and ever-evolving. To stay competitive, designers need to keep learning and adapting to new technologies and design trends. This continuous learning keeps the work interesting and provides opportunities for personal and professional growth.

Opportunities for growth

As software testers gain experience and develop their skills, they can take on more challenging roles and responsibilities. This can lead to promotions and career advancement opportunities. Most Manual testers progress to QA automation, Software development, DevOps, or Cloud Engineering.

Our Talents Work Here

Our talentstories

We connect learners with peers and experts from around the world, facilitating networking and collaboration opportunities.

IBT Training's DevOps course provided a comprehensive and insightful learning experience with valuable hands-on exercises. While the internship placement was beneficial, additional guidance could enhance the overall transition. Overall, IBT Training lays a solid foundation for entering the DevOps field.

Olaniyan Olatunde Kubernetes Admin, Microsoft

Enrolling in this course proved career-defining, offering invaluable knowledge and a guaranteed internship. It set me on a path to success, delivering everything promised—free certification, ongoing learning, and the ability to pass my sec+ on the first try.

Solomon Awuku Cybersecurity Analyst, Tek Computers

Upon completing the class, I felt confident and prepared to embark on a career in cybersecurity. The skills and knowledge I acquired have already proven invaluable, as I find myself better equipped to tackle real-world challenges and contribute to the protection of digital assets.


"IBT Learning is an outstanding tech school, with experienced teachers. Graduates gain hands-on experience with management tools such as Git, Maven, Nexus, SonarQube, Ansible, Docker for microservices, Kubernetes for container orchestration, and Terraform for Infras as Code"

Landric N DevOps Engineer, Transportation Insight

Your Questions, Answered

Is Certified Ethical Hacker Certification worth it?

Does it really work? Short answers to these questions are clear: ‘Yes. Certified Ethics Hackers are an excellent investment that will only help you gain valuable skills. CEH provides an important qualification for your future career in addition to technical knowledge.

How do I become CEH certified?

To become CEH a certified ethical one, you can follow these steps:
1. Take the Certified Ethical Hacker (CEH) course certification, which typically involves five days of training
2. Learn about the latest cybersecurity and information security threats, and develop the practical hacking skills needed to work as an a certified ethical hacker
3. Pass the CEH exam which consists of a total of 125 multiple-choice questions
4. Maintain your certification by earning 120 Continuing Professional Education (CPE) credits within three years
5. You can earn CPE credits by attending conferences, writing research papers, teaching training classes in a related domain, reading materials on related subject matters, and attending webinars

How long does it take to become a Certified Ethical Hacker?

The Certified Ethical Hacker (CEH) certification exam, is a 4-hour exam with 125 multiple-choice questions. To become a Certified Ethical Hacker, prepare for the exam by taking our comprehensive CEH training and then complete the certification exam. The length of time it takes to prepare for the ceh certification training and exam can vary depending on your existing knowledge and experience, but it could take anywhere from a week to several months. To take the CEH certification exam, you need to fulfill one of two prerequisites and be over 18 years old

How much does the CEH certification cost?

The cost of the Certified Ethical Hacker (CEH) certification varies depending on the type of training you choose. You can get started with the ITU Online course for Certified Ethical Hacker Certification Training – The InfoSec Institute estimates that the average salary for CEH holders is $83,591, with most holders earning between $45K and $129K per year.

How long is the CEH certification valid, and how can I maintain it?

The CEH certification is valid for three years from the date of certification. To maintain your certification, you are required to earn Continuing Professional Education (CPE) credits. These credits can be obtained through various activities such as attending training programs, participating in webinars, writing articles, and engaging in professional development activities related to ethical hacking and information security. By earning a sufficient number of CPE credits within the three-year period, you can renew your CEH certification.