O'Reilly logo
live online training icon Live Online training

Certified Ethical Hacker (CEH) Crash Course

Topic: Security
Omar Santos

This live and interactive training is designed to help you prepare for the EC-Council Certified Ethical Hacker (CEH) version 11 certification exam.

In this training we will review:

  • Key topics and methodologies that you need to master the CEHv11 exam objectives
  • Step by step examples of security penetration testing methodologies and concepts
  • Sample questions for each of the topics covered in the exam

Learn how to craft exploits used by ethical hackers to perform real-world penetration testing engagements. Understand the methods for conducting wired and wireless network assessments, hacking web servers, and web applications. Explore attack techniques against mobile devices, IoT devices, and cloud deployments.

What you'll learn-and how you can apply it

  • Review the main topics covered in the CEHv11 exam.
  • Learn through step-by-step demonstrations.
  • Review sample questions and participate in interactive discussions.

This training course is for you because...

  • You have an understanding of cybersecurity fundamentals.
  • This training prepares candidates for the Certified Ethical Hacker (CEH) version 11 certification.
  • This explores the CEH exam objectives and no matter where you are in your study plan this course is for you!
  • Anyone interested in cybersecurity and penetration testing (ethical hacking) will benefit from this training.
  • You want to learn different methodologies and best practices to perform security penetration testing assessments.


  • Course participants should have a basic understanding of cybersecurity and networking concepts.

The following books and video courses provides a good overview of cybersecurity fundamentals that are pre-requisites for this course:

Course Set-up: version 10

The course setup instructions are documented at https://cehreview.com/setup

Recommended Preparation:

Recommended Follow-up:

About your instructor

  • Omar Santos is an active member of the cybersecurity community, where he leads several industry-wide initiatives. He is the lead of the DEF CON Red Team Village; the chair of the Common Security Advisory Framework (CSAF) technical committee; the co-chair of the Forum of Incident Response and Security Teams (FIRST) Open Source Security working group; and has been the chair of several initiatives in the Industry Consortium for Advancement of Security on the Internet (ICASI). His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to increasing the security of their critical infrastructures.

    Omar is the author of over twenty books and video courses, as well as numerous white papers, articles, and security configuration guidelines and best practices. Omar is a principal engineer of the Cisco Product Security Incident Response Team (PSIRT), where he mentors and leads engineers and incident managers during the investigation and resolution of cyber security vulnerabilities. Additional information about Omar’s current projects can be found at omarsantos.io and you can follow Omar on Twitter @santosomar.


The timeframes are only estimates and may vary according to how the class is progressing

DAY 1:

Section 1: Introduction to Ethical Hacking and to the CEHv11 exam (30 minutes)

  • An introduction to ethical hacking and penetration testing methodologies.
  • Reviewing what is new in the CEHv11 exam.

Section 2: Foot-printing, Enumeration, Reconnaissance, and Network Scanning (50 minutes)

  • Introducing passive and active reconnaissance.
  • Reviewing network scanning and system enumeration.
  • Reviewing example questions.
  • Break 10 minutes

Section 3: Vulnerability Analysis and System Hacking (40 minutes)

  • Reviewing vulnerability analysis methodologies and system hacking.
  • Reviewing example questions.

Section 4: Social Engineering (40 minutes)

  • Introducing social engineering.
  • Reviewing social engineering tools and methodologies.
  • Reviewing example questions.
  • Break 10 minutes

Section 5: Denial-of-Service (30 minutes)

  • Introducing denial of service (DoS) attacks.
  • Reviewing examples of DoS attacks.
  • Reviewing example questions.

Section 6: Session Hijacking, Evading IDS, IPS, Firewalls, and Honeypots (30 minutes)

  • Introducing session hijacking.
  • Reviewing how to evade intrusion detection systems (IDS), intrusion prevention systems (IPS), and honeypots.
  • Reviewing example questions.

DAY 2:

Section 7: Cryptography (30 minutes)

  • Introducing cryptography concepts.
  • Reviewing cryptographic vulnerabilities.
  • Reviewing example questions.

Section 8: Hacking Wireless Networks (40 minutes)

  • Introducing wireless network vulnerabilities.
  • Reviewing how to hack wireless networks.
  • WP3 encryption and cracking
  • Reviewing example questions.
  • Break 10 minutes

Section 9: Hacking Web Servers and Web Applications (60 minutes)

  • Reviewing how to hack web servers.
  • Reviewing how to hack web applications.
  • Web API hacking and security.
  • Webhooks and web shell concepts
  • Review example questions.
  • Break 10 minutes

Section 10: Emerging Attack Vectors (30 minutes)

  • File-less malware.
  • Targeted ransomware.
  • Web API threats and Web Shell.
  • Reviewing mobile hacking methodologies and techniques.
  • Reviewing example questions.

Section 11: IoT Hacking (30 minutes)

  • Introducing IoT security.
  • Reviewing IoT hacking methodologies and techniques.
  • HMI based attacks.
  • Side-channel attacks.
  • Reviewing example questions.

Section 12: Cloud Security (30 minutes)

  • Introducing cloud computing.
  • Reviewing cloud security concepts.
  • Container Technology.
  • Docker and Kubernetes Security.
  • Reviewing example questions.