Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Everything you need to know about EC-Council's flagship offensive security certification as of 2026, covering the curriculum, exam structure, prerequisites, career paths, and how CEH compares to other ethical hacking credentials. A complete reference guide for anyone considering CEH or trying to understand what it covers.
Gather information about the target without direct interaction.
Identify live hosts, open ports, services, and vulnerabilities.
Exploit identified vulnerabilities to establish a foothold.
Persist within the environment to simulate long-term threats.
Remove evidence to mirror real adversary behavior.
CEH is EC-Council's flagship offensive security certification, released in 2003, now in its 13th version, and held by professionals in 145+ countries.
It validates the skills to identify, assess, and exploit vulnerabilities in networks, systems, and applications, using the same tools and techniques as real attackers, but within a legal and ethical framework.
The credential is ANAB-accredited under ISO/IEC 17024, approved under DoD 8140, and structured around a five-phase attack methodology that defines how ethical hackers approach every engagement. CEH is issued and maintained by EC-Council, the international certification body that has administered the program since 2003.
Four things that have made CEH one of the most widely-held offensive security credentials since 2003.
CEH is held by professionals in 145+ countries and appears in job postings across financial services, healthcare, consulting, technology, and defense. It's the offensive security credential most often listed by name when employers describe what they want.
Covers tools and techniques across the ecosystem: Nmap, Metasploit, Burp Suite, Wireshark, Aircrack-ng, Hashcat, and dozens more, without being tied to one platform.
EC-Council iLabs and the optional CEH Practical exam give candidates a way to prove hands-on capability, not just multiple-choice knowledge.
CEH is an approved foundational qualification under DoD Manual 8140.03 for multiple work roles in the Defense Cyber Workforce Framework (DCWF), spanning the Cybersecurity and IT workforce elements at Basic, Intermediate, and Advanced proficiency levels.
It also satisfied the legacy DoD 8570 CSSP requirements before 8140 replaced 8570 in 2023, giving it nearly two decades of federal recognition. Current qualification matrices are published at the DoD Cyber Exchange.
Everything you need to know about the certification, the exam structure, and how to maintain CEH as of 2026.
EC-Council offers three CEH credential levels in 2026. Most candidates pursue the core CEH; some go on to earn CEH Master by also passing the CEH Practical exam.
The core credential. A 125-question multiple-choice exam over 4 hours covering all 20 modules. Tests methodology, tools, and concepts. Most CEH holders stop here.
Optional hands-on exam. 6 hours in a live network environment solving 20 real-world challenges that span the full ethical hacking methodology. Pass/fail based on captured objectives.
Earned by passing both CEH and CEH Practical. Demonstrates both conceptual knowledge and hands-on capability. Strongest version of the credential for resume signaling.
CEH is rarely a candidate's first certification or their last. It typically sits in the middle of a longer journey, building on foundational IT credentials and leading into specialized offensive, leadership, or defensive paths.
Build the baseline
The pivot point
Two questions to answer before you commit: can you take the exam, and should you take CEH specifically. Here's a straight answer to both.
You can sit for the exam directly.
Submit a CEH Exam Eligibility Application to EC-Council with documentation of two years of work in information security. Once approved, you register for the exam through the ECC Portal or Pearson VUE without taking official training. Application processing typically takes 5 to 10 business days.
Official training waives the requirement.
Complete an EC-Council Accredited Training Center (ATC) course (Training Camp's CEH boot camp qualifies) and the experience requirement is automatically waived. Your exam voucher comes with the training, so you can sit for CEH immediately after the course finishes.
CEH appears in hiring requirements across nearly every offensive and defensive security role. These are the most common job titles where employers list CEH as required or preferred:
Conducts authorized simulated attacks against systems to identify exploitable vulnerabilities before adversaries do.
Emulates real-world threat actor tactics, techniques, and procedures to test detection and response capability.
Performs systematic security assessments, scores findings against industry frameworks, and reports remediation priorities.
Investigates and triages alerts using offensive security knowledge to validate findings and tune detection rules.
Advises organizations on offensive security posture, builds testing programs, and leads engagements across multiple clients.
Designs and implements security controls informed by attacker tradecraft, hardening systems against the techniques CEH covers.
CEH is one of several offensive security certifications. Here's how it compares to two common alternatives.
| CEH | CompTIA PenTest+ | OffSec OSCP | |
|---|---|---|---|
| Issuer | EC-Council | CompTIA | OffSec (formerly Offensive Security) |
| Exam Format | 125 multiple-choice over 4 hours | Performance-based + multiple-choice, ~165 min | 24-hour hands-on lab + report |
| Difficulty | Intermediate | Intermediate | Advanced |
| Focus | Broad methodology and tool coverage | Hands-on penetration testing scenarios | Deep technical exploitation |
| Renewal | 120 ECE credits over 3 years | CEUs over 3 years | No renewal required |
| DoD 8140 Approved | Yes | Yes | No |
| Best For | Broad credential recognition, career entry | Hands-on exam takers, CompTIA-stack candidates | Established practitioners pursuing deep technical credibility |
These certifications cover overlapping but distinct ground. Many practitioners eventually hold more than one.
Our official EC-Council CEH boot camp covers the full curriculum over five days, with iLabs access, your exam voucher, and a first-attempt pass guarantee included, so you leave exam-ready.
Exam prep, certification strategy, career outcomes, and what's changed in CEH v13.
A detailed look at what CEH-credentialed professionals actually earn in 2026, broken down by job title, years of experience, and the industries hiring most aggressively for ethical hacking skill sets.
An honest look at whether CEH is actually required to land a pen testing role, what hiring managers really weight, and where the credential helps vs. where experience and other certifications matter more.
A complete walkthrough of how the CEH v13 exam is built: question types, domain weighting, scoring methodology, and the practical changes from earlier versions of the certification.
Domain-by-domain analysis of where CEH v13 candidates struggle most, based on real performance patterns, and where to focus your study time to maximize your score.
The structural reasons CEH v13 resists self-study, from labs to scope to time management, and how an instructor-led format addresses each one without padding the timeline.
A first-person account of moving from general IT into ethical hacking through CEH: what worked, what stalled, and the moments that turned curiosity into competence.
The talent gap in offensive security isn't just about open job postings. It's about pipeline, expectations, and a credential system that doesn't always match what defenders actually need.
The CEH v13 curriculum walks through the full attack lifecycle, from reconnaissance to exploitation to post-exploitation, across networks, web applications, wireless, mobile, cloud, and emerging technologies. Click any module for details.
Information security controls, laws, standards, and the ethical hacking methodology that frames the entire course.
OSINT techniques, DNS interrogation, WHOIS lookups, search engine reconnaissance, and competitive intelligence gathering.
Network discovery, port scanning, service identification, OS fingerprinting, and scanning beyond firewalls with tools like Nmap.
NetBIOS, SNMP, LDAP, NTP, NFS, SMTP, DNS, and SMB enumeration techniques to extract usernames, machine names, and network resources.
Vulnerability classification, scanning tools, scoring systems (CVSS), and vulnerability assessment methodology.
Password cracking, privilege escalation, maintaining access, executing applications, hiding files, and clearing logs.
Trojans, viruses, worms, fileless malware, APTs, and malware analysis and countermeasures.
Packet sniffing techniques, MAC attacks, DHCP attacks, ARP poisoning, spoofing, and DNS poisoning.
Phishing, vishing, smishing, impersonation, insider threats, and identity theft countermeasures.
DoS and DDoS attack techniques, botnets, attack tools, and detection and mitigation strategies.
Application-level and network-level session hijacking, including MITM, sidejacking, and session fixation.
Detection system internals, evasion techniques, and how attackers bypass defensive controls.
Web server architecture, attack vectors, methodology, and countermeasures for Apache, IIS, and Nginx.
OWASP Top 10 attack techniques, including broken authentication, broken access control, and security misconfiguration.
In-band, blind, and out-of-band SQLi techniques, evasion strategies, and detection methods.
Wireless encryption (WEP, WPA, WPA2, WPA3), attacks against wireless protocols, Bluetooth hacking, and wireless countermeasures.
Android and iOS attack vectors, mobile device management, rooting, jailbreaking, and mobile pen testing.
IoT device attacks, OT/ICS/SCADA threats, attack methodology against industrial control systems, and countermeasures.
Cloud architecture, container security, serverless attacks, and cloud-specific threats across AWS, Azure, and GCP.
Encryption algorithms, PKI, email and disk encryption, cryptanalysis attacks, and cryptographic weaknesses.
Curriculum reflects the current CEH v13 release from EC-Council. Module order and content may vary slightly across version updates.
The questions candidates ask most often when researching the Certified Ethical Hacker certification.
CEH is EC-Council's flagship offensive security certification. First released in 2003, it validates the skills needed to identify, assess, and exploit vulnerabilities in networks, systems, and applications, using the same tools and techniques as malicious attackers, legally and ethically. It's frequently requested by employers hiring for offensive security and senior defensive roles.
EC-Council recommends at least two years of information security work experience to sit for the exam directly. Candidates without that experience can complete official EC-Council training, which waives the experience requirement and qualifies them to take the exam. This is the most common path for career changers and IT professionals moving into security.
The CEH exam is 125 multiple-choice questions delivered over 4 hours. Passing scores are determined per exam form and typically range between 60% and 85% depending on question difficulty. The exam is administered through the ECC EXAM portal (with online proctoring) or at Pearson VUE testing centers.
CEH Practical is an optional hands-on lab exam. It's 6 hours in a live network environment where candidates solve 20 real-world challenges across the full ethical hacking methodology. Unlike the multiple-choice CEH, the Practical tests whether you can actually do the work. Passing both CEH and CEH Practical earns the CEH Master designation.
As of 2026, the CEH exam voucher is approximately $1,199 USD directly from EC-Council, though pricing varies by region and may be bundled at a different rate with official training. Retake fees and the CEH Practical exam have separate costs. EC-Council also has an annual membership fee that applies to active credential holders.
CEH requires 120 EC-Council Continuing Education (ECE) credits over a three-year renewal cycle, plus an annual EC-Council membership fee. Credits can be earned through additional training, attending approved conferences, publishing security research, teaching, and other approved activities listed in the ECE policy.
CEH is from EC-Council and emphasizes ethical hacking methodology across 20 modules with broad tool coverage tested through multiple-choice questions. CompTIA PenTest+ uses performance-based exam items focused on penetration testing scenarios. CEH has stronger international name recognition and a longer history; PenTest+ has a more hands-on exam format. Both are vendor-neutral and cover overlapping but distinct ground.
Yes. Under DoDM 8140.03, CEH is an approved foundational qualification for multiple DCWF work roles across the Cybersecurity and IT workforce elements, spanning Basic, Intermediate, and Advanced proficiency levels. It also satisfied the legacy DoD 8570 CSSP requirements before 8140 replaced 8570 in 2023. See the full DoD 8140 work role paths.
CEH supports careers as a penetration tester, red team operator, vulnerability assessor, SOC analyst (Tier 2/3), security consultant, and cybersecurity engineer. The methodology and tool exposure translate across nearly any offensive or defensive security role. As of 2026, many employers list CEH as a required or preferred credential in job postings for these positions.
CEH was first released by EC-Council in 2003 and has been updated regularly since then. The current release is CEH v13. The certification is ANAB-accredited under ISO/IEC 17024 (the international standard for personnel certification bodies), which is part of why it's recognized in government and regulated industries.
Most candidates with some IT or security background prepare for 6 to 10 weeks of focused study, putting in 10 to 15 hours per week. Those coming in without an information security foundation often need 12 to 16 weeks. Boot camp formats compress this into five days of instruction immediately followed by the exam, which works when candidates already have baseline networking and security knowledge to build on.
For most candidates targeting offensive security or hybrid offense-defense roles, yes. CEH remains one of the most-requested credentials by name in 2026 job postings, satisfies DoD 8140 requirements, and is recognized internationally. It's most valuable for career-changers entering security and for IT professionals moving toward penetration testing or vulnerability assessment work. It's less essential for established practitioners who already hold OSCP or equivalent hands-on credentials.
CEH does not require you to write code from scratch, but you'll need to read and modify scripts in languages like Python, PowerShell, and Bash. You'll also encounter web-related code (HTML, JavaScript, SQL) in the web application and SQL injection modules. Candidates without any scripting exposure typically find these sections the most challenging and should spend extra time on the hands-on labs.
CEH v13 is the current release as of 2026, with the headline change being significantly expanded coverage of artificial intelligence in offensive security, including AI-powered attack tools, prompt injection, and adversarial machine learning. The overall structure stays at 20 modules covering the five-phase attack methodology, but tools, examples, and iLabs content have been refreshed throughout. Candidates currently certified on v12 maintain their credential through normal ECE renewal and don't need to retake the exam.
Whether you're weighing the certification, working out funding, or planning training for a team, tell us where you are and we'll help you map out the right path.