Adhering to their approach of thinking like a hacker, EC-Council is all set to launch the latest version of CEH: CEH v11, adding in the curriculum the latest advancements in the field of cybersecurity. Domains have been kept intact, but new segments have been introduced with the addition and removal of a few topics. The latest version will see the addition of OT Technology, Serverless Computing, WPA3 Encryption, APT, File less Malware, Web API, and Web Shell on the list. On the practical aspects, the OS used for labs includes Windows 10, Windows Server2016, Parrot Security, Windows Server2019, Android, and Ubuntu Linux.
Course Objectives for CEH v11
The exam still focusses on testing one’s knowledge of core security concepts and validate their capability of assessing an organization’s infrastructure to identify threats, analyze them, and provide remediation for protection against cyber-attacks.
Successful completion of CEHv11 certification provides you with a deep understanding of:
- Ethical hacking concepts, cyber kill chain concepts, an overview of information security, security controls, and various laws and regulations related to information security.
- Footprinting concepts and methodologies and utilizing footprinting tools along with the countermeasures
- Performing network scans, host and port discovery by utilizing different scanning tools
- Enumeration techniques that now includes NFS enumeration and related tools, DNS cache snooping, and DNSSEC Zone walking along with the countermeasures
- Concepts of vulnerability assessment, its types, and solutions along with a hands-on experience of industrial tools used
- Phases of system hacking, attacking techniques to obtain, escalate, and maintain access on victim along with covering tracks.
- Malware threats, analysis of various viruses, worms and trojans like Emotet and battling them to prevent data. APT and Fileless Malware concepts have been introduced to this domain.
- Packet sniffing concepts, techniques, and protection against the same.
- Social engineering concepts and related terminologies like identity theft, impersonation, insider threats, social engineering techniques, and countermeasures
- Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks, use cases, and attack and defence tools
- Security solutions like firewall, IPS, honeypots, their evasion, and protection
- Web server and web application-based attacks, methodologies
- SQL injection, hijacking, and evasion techniques
- Wireless encryption, wireless hacking, and Bluetooth hacking-related concepts
- Mobile device management, mobile platform attack vectors, and vulnerabilities related to Android and iOS systems
- Operational Technology (OT) essentials, threats, attack methodologies and attack prevention. The concept of OT is a new addition.
- Recognizing the vulnerabilities in IoT and ensuring the safety of IoT devices
- Encryption algorithms, Public Key Infrastructure (PKI), cryptographic attacks, and cryptanalysis
- Cloud computing, threats and security, essentials of container technology and serverless computing
CEH v11 will also consist of an increased number of labs along with the addition of new labs for the added topics. New attack techniques will be introduced, and a lot of new tools will be presented to the aspirants to get hands-on experience.
It should be noted that the exam format and other aspects such as the eligibility criteria, duration of the exam remain the same.