Onto the Next One
The Certified Ethical Hacker (CEH) certification has become a pervasive staple in cybersecurity and in penetration testing since it’s debut through EC-Council in 2003. Fifteen years and over 200,000 certifications later, the CEH certification released it ninth content curriculum update to create version 10 (v10) as an update to the September 2015 v9 update. This update is said to take the CEH certification to the next stage of it’s evolution of being more proactive or offensive in security rather than taking a defensive or passive approach.
As a training provider endorsed by EC-Council, we have worked diligently to make sure that all of our training content adheres to the updates outlined in the v10 courseware as part of the March 2018 update. We have received a lot of questions about the difference between the two most recent versions of the CEH and would like to set the record straight to be helpful to those preparing for this in-demand certification.
Content Changes
One of the easiest ways to distinguish the difference between v9 and v10 would be to look at the difference between the modules, or topic areas, of the course content. Very quickly you will see that the number of modules covered within CEH v10 has increased from 18 to 20 modules. All of the modules included in version 9 are still present in v10 with the addition of both IoT Hacking and Vulnerability Analysis. These two modules were added specifically because they are quickly evolving and changing the cybersecurity landscape.
IoT devices are gadgets, systems, or technologies that are designed to make our lives more convenient. But all IoT devices represent a broad attack surface because they are connected to the Internet. Increasingly, the “things” that are connected to the Internet are critical to the world’s infrastructure, making the results of an attack catastrophic. Security testers can only exploit IoT devices if they first find their vulnerabilities.That’s why Vulnerability Analysis is another focus of CEH v10. This process is about identifying, prioritizing, and fully understanding a system’s weakness and how an attacker may exploit it.
Likewise, additional content (what we refer to as subdomains) has been added to some of the existing modules. Malware Analysis, Artificial Intelligence (AI), and Machine Learning (ML) have added content to update these subject areas with relevant updates based on changes to the industry and threat landscape over the past three years.
So, this might be helpful, but it might also not give you a sense of the scope of the change between v9 and v10 content. No problem. All else being equal, the addition of the two modules, more robust content to existing modules, and the omission of older, obsolete content, the content difference is approximately a 10-15% change between the two versions.
CEH Content Modules
|
CEH Version 10 (v10) Modules |
CEH Version 9 (v9) Modules |
|
Introduction to Ethical Hacking |
Introduction to Ethical Hacking |
|
Footprinting and Reconnaissance |
Footprinting and Reconnaissance |
|
Scanning Networks |
Scanning Networks |
|
Enumeration |
Enumeration |
|
Vulnerability Analysis – NEW! |
|
|
System Hacking |
System Hacking |
|
Malware Threats |
Malware Threats |
|
Sniffing |
Sniffing |
|
Social Engineering |
Social Engineering |
|
Denial-of-Service |
Denial-of-Service |
|
Hacking Web Servers |
Hacking Web Servers |
|
Hacking Web Applications |
Hacking Web Applications |
|
SQL Injection |
SQL Injection |
|
Hacking Wireless Networks |
Hacking Wireless Networks |
|
Hacking Mobile Platforms |
Hacking Mobile Platforms |
|
IoT Hacking – NEW! |
|
| Evading IDS, Firewalls, and Honeypots | Evading IDS, Firewalls, and Honeypots |
|
Cloud Computing |
Cloud Computing |
|
Cryptography |
Cryptography |
Exam Changes
While the course content changes were released in March 2018, the CEH exam itself has not updated to reflect the content change. All CEH hopefuls taking the exam will still experience the 812-50 version of the exam. This exam is a 125-question, computer-based exam, with a 4 hour time limit. Differing from the modules listed in the previous section, EC-Council provides details on the weights and subject matter coverage in terms of seven exam sections (see Exam Blueprint). EC-Council has not yet released the date of an updated exam.
Exam Summary
|
Exam Title: |
Certified Ethical Hacker (ANSI) |
|
Exam Code: |
312-50 (ECC EXAM), 312-50 (VUE) |
|
Number of Questions: |
125 |
|
Duration: |
4 hours |
|
Availability: |
ECCEXAM / VUE Test |
|
Format: |
Multiple Choice |
|
Passing Score: |
70% |
|
Exam Cost: |
$1,199* (Included in Certify course) |
*As of August 2018, the cost of the CEH exam has increased from $950.
Exam Blueprint+
|
Section |
Weight |
# of Questions |
|
SECTION I Background Information |
4% |
5 |
|
SECTION II Analysis / Assessment |
13% |
40 |
|
SECTION III Security |
25% |
16 |
|
SECTION IV Tools / Systems / Programs |
32% |
25 |
|
SECTION V Procedures / Methodology |
20% |
31 |
|
SECTION VI Regulation / Policy |
4% |
5 |
|
SECTION VII Ethics |
2% | 3 |
+You can download a comprehensive exam blueprint at eccouncil.com.
Changes to Labs
In order to develop and master penetration testing skills, individuals preparing for the CEH will have the opportunity to experience labs. Like content, the hands-on abilities showcased within the labs are constantly evolving. There are significant differences between the labs in version v10 and v9.
Overall, the number of labs has not changed. However, 30 labs from v9 have been completely replaced between versions. Moreover, 11 of the labs have been “substantially modified” suggesting that some component of the learning objectives, technology, or scenario have been modified to reflect notable changes. Lastly, v10 labs also include the EC-Council STORM Mobile Security Toolkit. This toolkit includes a portable Raspberry Pi-based touchscreen device loaded with a customized version of Kali Linux.
The Next Version of Your Career
The opportunities in ethical hacking are vast. Earning the CEH v10 puts many of the current 10,929 jobs within the US for penetration testing with your reach. If you’d like to learn more about the career opportunities related to earning the CEH certification and what positions employ these job responsibilities, then let’s talk about your approach to using CyberVista Certify CEH training course as a means of earning your certification. We’ll make sure you learn and retain the knowledge and skills specific to v10 and beyond.