book

Certified Ethical Hacker (CEH) Study Guide

by Matt Walker

July 2025

Intermediate to advanced

482 pages

16h 19m

English

O'Reilly Media, Inc.

Book available

Read now

Unlock full access

Includes

Includes Quizzes

How to Use This BookGetting Ready: Preparing and Registering for the ExamPreparing for the ExamRegistering for the ExamThe Certification: More Than Just a TestTaking the ExamConventions Used in This BookO’Reilly Online LearningHow to Contact UsAcknowledgmentsDisclaimer
Security 101EssentialsSecurity BasicsMethodologies and FrameworksIntroduction to Ethical HackingHacking TerminologyThe Ethical HackerConclusion
Search EnginesGoogle HackingOther Search Engine TechniquesShodanUsing Web Services and Social Networking SitesWeb ServicesSocial Networking SitesWebsite and Email FootprintingDNS and Whois FootprintingNetwork FootprintingOther ToolsConclusion
FundamentalsTCP/IP NetworkingSubnettingIdentifying TargetsICMPARPPort ScanningPort Scan TypesNmapHping3EvasionVulnerability ScanningEnumerationWindows System BasicsUnix/Linux System BasicsEnumeration Techniques
EssentialsNetwork Knowledge for SniffingActive and Passive SniffingSniffing Tools and TechniquesTechniquesToolsEvasionDevices Aligned Against YouEvasion TechniquesConclusion
Getting StartedWindows Security ArchitectureLinux Security ArchitectureMethodologyHacking StepsAuthentication and PasswordsBuffer OverflowsPrivilege Escalation and Executing ApplicationsHiding Files and Covering Tracks
Web ServersWeb OrganizationsAttack MethodologyWeb Server ArchitectureWeb Server AttacksAttacking Web ApplicationsInjection Attacks Not Named SQLXSSCross-Site Request Forgery (CSRF)CookiesHTTP AttackSQL InjectionSQL QueriesHow SQL Injection Attacks WorkTypes of SQL Injection AttacksCountermeasures
Wireless Terminology, Architecture, and StandardsWireless EncryptionWEPWPA and WPA2WPA3Wireless HackingAttacksWireless Encryption AttacksWireless Sniffing
The Mobile WorldMobile Vulnerabilities and RisksOWASP’s Top 10 Mobile RisksMobile PlatformsMobile AttacksThe Internet of ThingsIoT ArchitectureIoT Vulnerabilities and AttacksCEH’s IoT Hacking MethodologyOperational Technology HackingOT ArchitectureCEH’s OT Attack Methodology
Cloud ComputingCloud Computing Service TypesCloud TerminologyCloud GovernanceCloud SecurityAttacks and HacksConclusion

The “Malware” AttacksDefinitionsTrojansViruses and WormsFileless MalwareMalware AnalysisMitigationRemaining AttacksDenial of ServiceSession Hijacking
Cryptography and Encryption: An OverviewEncryption Algorithms and TechniquesSymmetric EncryptionAsymmetric EncryptionHashing AlgorithmsSteganographyHardware EncryptionPKI, the Digital Certificate, and Digital SignaturesThe PKI SystemDigital CertificatesDigital SignaturesEncrypted Communication and Cryptography AttacksEncrypted CommunicationCryptography Attacks
Social EngineeringHuman-Based AttacksComputer-Based AttacksMobile-Based AttacksPhysical SecurityMitigationAccess ControlsSetting Up Physical Security
AI, Machine Learning, and LLMsAI and SecurityUsing AI as an Ethical HackerFootprinting and EnumerationVulnerability AnalysisSocial EngineeringAI and MalwareAI AttacksOWASP Top 10sThe Injection Attacks
Types of Security AssessmentsPen-Testing ToolsThe Pen TestSecurity Assessment DeliverablesGuidelinesWhat to Do If You Find Something IllegalConclusion

Content preview from Certified Ethical Hacker (CEH) Study Guide

Appendix A. Practice Exam

A new network administrator is asked to schedule daily scans of systems throughout the enterprise. Which of the following programming languages has an OSI-approved open source license and is commonly used for accomplishing this goal?
1. ASP.NET
2. PHP
3. C#
4. Python
Which of the following lists security and privacy controls for US government federal information systems?
1. NIST 800-53
2. FITARA
3. HIPAA
4. ISO 17799
The IR team is advised of a potential information spillage from a networked computer. An IR team member at the system disconnects the computer from the network and powers it down. Which step in the incident handling process was just completed?
1. Recovery
2. Contain
3. Eradicate
4. Identify
Which one of the following focuses on protecting customer credit card data?
1. TCSEC
2. TNIEG
3. Common Criteria
4. PCI DSS
Bob is working with senior management to identify the systems and processes that are critical for operations. As part of this business impact assessment, he performs calculations on various systems to place a value on them. On a certain router he discovers the following:
1. The router costs $3,200 to purchase.
2. The router typically fails once every three years.
3. The salary for a technician to repair a server failure is $35 an hour, and it typically takes one technician two hours to fully restore a failure.
4. Without access outside their subnet, 15 employees averaging $20 an hour will be at a standstill during an outage.
What ...