The Differences Between CEH v9 and v10

The Differences Between CEH v9 and v10 864 486 CyberVista now N2K

Onto the Next One

The Certified Ethical Hacker (CEH) certification has become a pervasive staple in cybersecurity and in penetration testing since it’s debut through EC-Council in 2003. Fifteen years and over 200,000 certifications later, the CEH certification released it ninth content curriculum update to create version 10 (v10) as an update to the September 2015 v9 update. This update is said to take the CEH certification to the next stage of it’s evolution of being more proactive or offensive in security rather than taking a defensive or passive approach.

As a training provider endorsed by EC-Council, we have worked diligently to make sure that all of our training content adheres to the updates outlined in the v10 courseware as part of the March 2018 update. We have received a lot of questions about the difference between the two most recent versions of the CEH and would like to set the record straight to be helpful to those preparing for this in-demand certification.

Content Changes

One of the easiest ways to distinguish the difference between v9 and v10 would be to look at the difference between the modules, or topic areas, of the course content. Very quickly you will see that the number of modules covered within CEH v10 has increased from 18 to 20 modules. All of the modules included in version 9 are still present in v10 with the addition of both IoT Hacking and Vulnerability Analysis. These two modules were added specifically because they are quickly evolving and changing the cybersecurity landscape.

IoT devices are gadgets, systems, or technologies that are designed to make our lives more convenient. But all IoT devices represent a broad attack surface because they are connected to the Internet. Increasingly, the “things” that are connected to the Internet are critical to the world’s infrastructure, making the results of an attack catastrophic. Security testers can only exploit IoT devices if they first find their vulnerabilities.That’s why Vulnerability Analysis is another focus of CEH v10. This process is about identifying, prioritizing, and fully understanding a system’s weakness and how an attacker may exploit it.  

Likewise, additional content (what we refer to as subdomains) has been added to some of the existing modules. Malware Analysis, Artificial Intelligence (AI), and Machine Learning (ML) have added content to update these subject areas with relevant updates based on changes to the industry and threat landscape over the past three years.

So, this might be helpful, but it might also not give you a sense of the scope of the change between v9 and v10 content. No problem. All else being equal, the addition of the two modules, more robust content to existing modules, and the omission of older, obsolete content, the content difference is approximately a 10-15% change between the two versions.
 

CEH Content Modules

CEH Version 10 (v10) Modules

CEH Version 9 (v9) Modules

Introduction to Ethical Hacking

Introduction to Ethical Hacking

Footprinting and Reconnaissance

Footprinting and Reconnaissance

Scanning Networks

Scanning Networks

Enumeration

Enumeration

Vulnerability Analysis – NEW!

 

System Hacking

System Hacking

Malware Threats

Malware Threats

Sniffing

Sniffing

Social Engineering

Social Engineering

Denial-of-Service

Denial-of-Service

Hacking Web Servers

Hacking Web Servers

Hacking Web Applications

Hacking Web Applications

SQL Injection

SQL Injection

Hacking Wireless Networks

Hacking Wireless Networks

Hacking Mobile Platforms

Hacking Mobile Platforms

IoT Hacking – NEW!

 
Evading IDS, Firewalls, and Honeypots   Evading IDS, Firewalls, and Honeypots

Cloud Computing

Cloud Computing

Cryptography

Cryptography

Exam Changes

While the course content changes were released in March 2018, the CEH exam itself has not updated to reflect the content change. All CEH hopefuls taking the exam will still experience the 812-50 version of the exam. This exam is a 125-question, computer-based exam, with a 4 hour time limit. Differing from the modules listed in the previous section, EC-Council provides details on the weights and subject matter coverage in terms of seven exam sections (see Exam Blueprint). EC-Council has not yet released the date of an updated exam.

Exam Summary

Exam Title:

Certified Ethical Hacker (ANSI)

Exam Code:

312-50 (ECC EXAM), 312-50 (VUE)

Number of Questions:

125

Duration:

4 hours

Availability:

ECCEXAM / VUE Test

Format:

Multiple Choice

Passing Score:

70%

Exam Cost:

$1,199* (Included in Certify course)

*As of August 2018, the cost of the CEH exam has increased from $950.

Exam Blueprint+

Section

Weight

# of Questions

SECTION I

Background Information

4%

5

SECTION II

Analysis / Assessment

13%

40

SECTION III

Security

25%

16

SECTION IV

Tools / Systems / Programs

32%

25

SECTION V

Procedures / Methodology

20%

31

SECTION VI

Regulation / Policy

4%

5

SECTION VII

Ethics

2% 3

+You can download a comprehensive exam blueprint at eccouncil.com.

Changes to Labs

In order to develop and master penetration testing skills, individuals preparing for the CEH will have the opportunity to experience labs. Like content, the hands-on abilities showcased within the labs are constantly evolving. There are significant differences between the labs in version v10 and v9.

Overall, the number of labs has not changed. However, 30 labs from v9 have been completely replaced between versions. Moreover, 11 of the labs have been “substantially modified” suggesting that some component of the learning objectives, technology, or scenario have been modified to reflect notable changes. Lastly, v10 labs also include the EC-Council STORM Mobile Security Toolkit. This toolkit includes a portable Raspberry Pi-based touchscreen device loaded with a customized version of Kali Linux.

Penetration Tester demand via CyberSeek.org

The Next Version of Your Career

The opportunities in ethical hacking are vast. Earning the CEH v10 puts many of the current 10,929 jobs within the US for penetration testing with your reach. If you’d like to learn more about the career opportunities related to earning the CEH certification and what positions employ these job responsibilities, then let’s talk about your approach to using CyberVista Certify CEH training course as a means of earning your certification. We’ll make sure you learn and retain the knowledge and skills specific to v10 and beyond.