Certified Ethical Hacking | CEH Exam Cheat Sheet 2025

The Certified Ethical Hacker (CEH) certification indicates that you have the skills to understand how hackers think and how they operate. It validates to the employers that you are a valuable asset to the company. The CEH is just one of many certifications available on the market today, but it's one of the most recognized by employers. It's an internationally recognized security certification that can be earned through online training, classroom training, or self-study.

 

Looking to pass the CEH exam on the first attempt? Dive into the details to know more! Want to learn how hackers think? Welcome to the world's leading ethical hacking certification!

 

What is the Certified Ethical Hacker (CEH)?

 

The Certified Ethical Hacker (CEH) certification is a globally recognized security credential to possess the skills and creativity of malicious hackers and validate them by passing EC-Council Certification (CEH v12). The CEH certification is available as an entry-level certification and for professional-level certification that can be achieved with the right preparation and resources.

CEH is a certification that certifies that a person has the knowledge and skills necessary to perform penetration testing, recognized by many employers as a requirement for employment in the field. CEH cheat sheet is a report often used in cases to aid memorization and refresh before the examination.

 

Why Is CEH Important?

 

Ethical hackers are security professionals who use their knowledge and skills to test other people's computer systems. This includes physical security, access control, identity management, and application security. Ethical hacking also involves penetration testing, which involves attacking a system or network with malicious intent in order to find vulnerabilities that can be exploited for malicious purposes.

 

What is CEH Cheat Sheet?

 

CEH Cheat Sheet is an online cheat sheet that provides a quick reference guide to all of the common configuration items in the CEH certification exam. It also includes information on some of the more advanced concepts required in order to pass the exam and become certified.

CEH Cheat Sheet is a cheat sheet for the Certified Ethical Hacker (CEH) certification. It contains information about what the exam covers, how to prepare for it, and how to pass the exam. It contains all the main CEH exam objectives in an easy-to-read layout.

 

This cheat sheet can be used as a reference for your road to success!

 

How to use CEH Cheat Sheet?

 

You can find the cheat sheet on our website or download it from here. If you want to use it offline, you can save it to your device and open it later. Cheat sheets for CEH are frequently utilized in these situations to help with memorizing and quickly reviewing material prior to the exam. By doing this, you can be confident that when you read through the full content, you won't suddenly be overwhelmed with information. Make a copy of our cheat sheet if you need to add anything of your own, just in case.

 

Why should learners use our CEH Cheat Exam Sheet?

 

CEH exam sheet is a tool designed to help you learn the exam in a short time. The best part about it is that it was created by someone who took the real exam and passed it. That person was NCCA certified, and now he wants you to pass your certification exam as well.

There are other tools out there that claim to teach you how to pass the CEH certification, but they don't have the same experience as this one does. They can't tell you what questions on the exam you'll see, how many questions there will be, etc. This tool does just that!

 

Benefits of Having a Certified Ethical Hacker (CEH) Certification

 

The Certified Ethical Hacker (CEH) certification is one of the most popular and sought-after certifications in the hacking world. With this certification, you can gain valuable insight into the ways that hackers think and what they do to find vulnerabilities in systems. Here are some of the benefits of earning a CEH certification:

 

1. Gain more insight into risks and vulnerabilities

 

Having a CEH certification will allow you to gain a deeper understanding of how hackers think and operate. Certified ethical hackers (CEH v12) come with a lot of benefits that can help you to better understand the security landscape and build a higher level of security. The CEH certification helps you to gain more insight into risks and vulnerabilities, which can be beneficial in many ways.

You will have a better understanding of how hackers think, which will let you predict their actions before they actually happen. This is an important element for companies who want to keep their data safe from attackers. This will help you make informed decisions and will give you the ability to identify and mitigate risks before they become an issue.

 

2. Understand how hackers think

 

The Certified Ethical Hacker (CEH) certification teaches you about hacking techniques, which means that you'll be able to understand how criminals think when they're working on breaking into your network or stealing your credit card numbers online. This knowledge will help you develop new strategies for preventing cyber-attacks by using different tools like firewalls and antivirus software programs.

Hacking isn't just about breaking into systems — it's about finding out how they work and then exploiting these weaknesses in order to get access to sensitive information or resources that are valuable to your organization or customers.

 

3. You'll earn more money with the CEH

The Certified Ethical Hacker (CEH) certification also helps you earn more money by helping organizations hire better IT professionals who are familiar with cybersecurity issues as well as the latest tools and technologies used by hackers today. Leveraging CEH v12 credential for enhancing career growth.

 

Certified Ethical Hacking Cheat Sheet

 

The content of this cheat sheet while not comprehensive, is aimed at covering all exam areas; including tips in order to maintain the practical value of the content. Feel free to make any edits in order to personalize the cheat sheet to your preference, including content additions and mnemonics.

1. Basics

a. Essential Terms 

• Hack Value: A hacker's interest in something based on its worth.
• Vulnerability: A weakness in a system that can be exploited.
• Exploit: Taking advantage of the identified vulnerability.
• Payload: Malware or exploit code that the hacker sends to the victim.
• Zero-day attack: Exploiting previously unknown unpatched vulnerabilities. 
• Daisy-chaining: A specific attack carried out by hackers to gain access to a single system and using it to access other systems on the same network.
• Doxing: Tracing an individual's personally identifiable information (PII) with malicious intent.
• Bot: A software used to carry out automated tasks.

b. Elements of information security 

• Confidentiality: Ensures that information is available only to authorized people.
• Integrity: Ensures the accuracy of the information. 
• Availability: Ensuring availability of resources when required by authorized users. 
• Authenticity: Ensures the quality of being uncorrupted. 
• Non-repudiation: Ensures report of delivery and receipt by senders and recipient respectively.

c. Phases of Penetration Testing 

1. Reconnaissance 
2. Scanning & Enumeration 
3. Gaining Access 
4. Maintaining Access 
5. Covering Tracks 

d. Types of Threats 

• Network threats: Attacker may break into the channel and steal the information that is being exchanged on a network.
• Host threats: Gains access to information from a system. 
• Application threats: Exploiting unprotected gateways in application itself.

e. Types of Attacks 

• OS: Attacks the primary OS of the victim. 
• App level: Application sourced attacks, usually caused by lack of security testing by developers.
• Shrink Wrap: Exploiting unpatched libraries and frameworks of the application. 
• Misconfiguration: Hacks carried out on systems with poorly configured security.

2. Legal

• 18 U.S.C 1029 & 1030 
• RFC 1918 - Private IP Standard 
• RFC 3227 – Data collection and storage 
• ISO 27002 - InfoSec Guidelines 
• CAN-SPAM - Email marketing 
• SPY-Act - License Enforcement 
• DMCA - Intellectual Property 
• SOX - Corporate Finance Processes 
• GLBA - Personal Finance Data 
• FERPA - Education Records 
• FISMA - Gov Networks Security Std 
• CVSS - Common Vulnerability Scoring System 
• CVE - Common Vulnerabilities and Exposure 

3. Reconnaissance

Also called footprinting, refers to preliminary surveying or research about the target.

a. Footprinting information 

• Network information: Domains, subdomains, IP addresses, Whois and DNS records, VPN firewalls using e.g. ike-scan. 
• System information: OS of web server, locations of servers, users, usernames, passwords, passcodes. 
• Organization information: Employee information, organization's background, Phone numbers, Locations. 

b. Footprinting tools 

Maltego, Recon-ng (The Recon-ng Framework), FOCA, Recon-dog, Dmitry (DeepMagic Information Gathering Tool).

c. Google Hacking 

Google Hacking uses advanced Google search engine operators called dorks to identify specific text errors in search results for the purpose of discovering vulnerabilities.

Common dorks: 

• site : Only from the specified domain 
• inurl: Only pages that has the query in its URL 
• intitle: Only pages that has the query in its title. 
• cache: Cached versions of the queried page 
• link : Only pages that contain the queried URL. Discontinued. 
• filetype: Only results for the given filetype 

Google hacking tools: 

Google hack honeypot, Google hacking database, metagoofil. 

4. Scanning Networks

Involves obtaining additional information about hosts, ports and services in the network of the victim. It's meant to identify vulnerabilities and then create an attack plan.

a. Scanning types 

• Port scanning: Checking open ports and services.
• Network scanning: A list of IP addresses.
• Vulnerability scanning: Known vulnerabilities testing. 

b. Common ports to scan 

22	TCP	SSH (Secure Shell)  (Secure
23	TCP	Telnet
25	TCP	SMTP (Simple Mail (Simple
53	TCP/UDP	DNS (Domain Name (Domain
80	TCP	HTTP (Hypertext Transfer (Hypertext
123	TCP	NTP (Network Time (Network
443	TCP/UDP	HTTPS
500	TCP/UDP	IKE/IPSec (Internet Key (Internet
631	TCP/UDP	IPP (Internet Printing (Internet
3389	TCP/UDP	RDP (Remote Desktop (Remote
9100	TCP/UDP	AppSocket/JetDirect (HP JetDirect, (HP

c. Scanning Tools 

Nmap: Network scanning by sending specially crafted packets. Some common Nmap options include: 

• sA: ACK scan 
• sF: FIN scan 
• sS: SYN 
• sT: TCP scan 
• sI: IDLS scan 
• sn: PING sweep 
• sN: NULL 
• sS: Stealth Scan 
• sR: RPC scan 
• Po: No ping 
• sW: Window 
• sX: XMAS tree scan 
• PI: ICMP ping 
• PS: SYN ping 
• PT: TCP ping 
• oN: Normal output 
• oX: XML output 
• A OS/Vers/Script -T<0-4>: Slow – Fast 

Hping: Port scanner. Open source. Hping is lower level and stealthier than Nmap as nmap can scan a range of IP addresses while hping can only port scan one individual IP address.

d. Techniques include 

• Scanning ICMP: Broadcast ICMP ping, ICMP ping sweep. 
• Scanning TCP: TCP connect, SYN scanning, RFC 793 scans, ACK scanning, IDLE scan. 
• Scanning UDP: It exploits the UDP behavior of the recipient sending an ICMP packet containing an error code when the port is unreachable. 
• List Scanning: Reverse DNS resolution in order to identify the names of the hosts. 
• SSDP Scanning: Detecting UPnP vulnerabilities following buffer overflow or DoS attacks.
• ARP Scan: Useful when scanning an ethernet LAN. 

5. Enumeration 

Engaging with a system and querying it for required information. Involves uncovering and exploiting vulnerabilities. 

a. Enumeration techniques: 

• Windows enumeration 
• Windows user account enumeration 
• NetBIOS enumeration 
• SNMP enumeration 
• LDAP enumeration 
• NTP enumeration 
• SMTP enumeration 
• Brute forcing Active Directory 

b. DNS enumeration: 

DNS stands for "Domain Name System". A DNS record is database record used to map a URL to an IP address. Common DNS records include: 

DNS enumeration tools: dnsrecon, nslookup, dig, host. 

c. DHCP: 

• Client —Discovers--> Server 
• Client ßOffers à Server 
• Client …. Request …> Server 
• Client <…Ack…> Server 
• IP is removed from pool 

6. Sniffing

Involves obtaining packets of data on a network using a specific program or a device. 

a. Sniffing types 

• Passive sniffing: No requirement for sending any packets.
• Active sniffing: Require a packet to have a source and destination addresses. 

b. Sniffer 

Are packet sniffing applications designed to capture packets that contain information such as passwords, router configuration, traffic. 

c. Wiretapping 

Refers to telephone and Internet-based conversations monitoring by a third party. 

d. Sniffing Tools 

• Cain and Abel 
• Libpcap 
• TCPflow 
• Tcpdump 
• Wireshark 
• Kismet 

e. Sniffing Attacks 

• MAC flooding: Send large number of fake MAC addresses to the switch until CAM table becomes full. This causes the switch to enter fail-open mode where it broadcasts the incoming traffic to all ports on the network. Attacker can then starts sniffing the traffic passing through the network. 
• DHCP attacks: A type of Denial-of-Service attack which exhaust all available addresses from the server. 
• DNS poisoning: Manipulating the DNS table by replacing a legitimate IP address with a malicious one. 
• VLAN hopping: Attacking host on a VLAN to gain access to traffic on other VLANs. 
• OSPF attacks: Forms a trusted relationship with the adjacent router. 

7. Attacking a System

a. LM Hashing 

7 spaces hashed: AAD3B435B51404EE 

b. Attack types 

• Passive Online: Learning about system vulnerabilities without affecting system resources 
• Active Online: Password guessing 
• Offline: Password stealing, usually through the SAM file.
• Non-electronic: Social Engineering 

c. Sidejacking 

Stealing access to a website, usually through cookie hijacking.

d. Authentication Types 

• Type 1: When you know something 
• Type 2: When you have something 
• Type 3: When you are something 

e. Session Hijacking 

Established session hijacking involves: 

1. Targeting and sniffing traffic between client and server 
2. Traffic monitoring and predicting sequence 
3. Desynchronize session with client 
4. Take over session by predicting session token 
5. Inject packets to the target server 

If you feel like you're lagging in the fundamentals of cybersecurity, Check out our best cyber security courses at any time. 

8. Social engineering

Social engineering refers to compelling individuals of target organization to reveal confidential and sensitive information.

a. Steps of social engineering 

1. Research: Gather enough information about the target company 
2. Select target: Choose a target employee 
3. Relationship: Earn the target employee's trust e.g. by creating a relationship 
4. Exploit: Extract information from the target employee 
5. Identity theft 

Stealing an employee's personally identifiable information to pose as that person. 

b. Types of Social Engineers 

• Insider Associates: Limited authorized access 
• Insider Affiliates: Insiders who can spoof identity. 
• Outsider Affiliates: Outsider who makes use of a vulnerable access point. 

9. Physical Security

• Physical measures: E.g., air quality, power concerns, humidity-control systems 
• Technical measures: E.g., smart cards and biometrics 
• Operational measures: E.g., security policies and procedures. 
• Access control:
  1. False rejection rate (FRR): When a biometric rejects a valid user 
  2. False acceptance rate (FAR): When a biometric accepts an invalid user 
  3. Crossover