For enquiries call:

Phone

+1-469-442-0620

April flash sale-mobile

HomeBlogSecurityCertified Ethical Hacking [CEH] Exam Cheat Sheet (2024)

Certified Ethical Hacking [CEH] Exam Cheat Sheet (2024)

Published
27th Dec, 2023
Views
view count loader
Read it in
15 Mins
In this article
    Certified Ethical Hacking [CEH] Exam Cheat Sheet (2024)

    The EC Council’s Certified Ethical Hacking (CEH) remains as the world’s leading ethical hacking certification preferred by cybersecurity professionals. Its in-depth and up-to-date knowledge of penetration testing, system vulnerabilities, and malware countermeasures makes it trusted by employers globally resulting in one of the most in-demand ethical hacking credential in the market. Individuals considering Certified Ethical Hacking certification are expected to possess the skills and creativity of malicious hackers and validate them by passing the EC-Council’s CEH examination (CEH v11).

    This four-hour MCQ-based exam is an intermediate-level challenge but still achievable with the right preparation, practice, and resources. However, individuals who have taken the exam often report difficulty in getting a proper grasp of the terminology, methods, and tools. CEH cheat sheets are often used in such cases to aid memorization and to quickly refresh before the examination.

    While they are not complete comprehensive guides, they’re enough for instinctively accessing questions in order to better understand them. The goal of this guide is to provide such a resource that is also updated to the latest v11 standards. Below you’ll find our Certified Ethical Hacking [CEH] Exam Cheat Sheet (2024) that’s enough to give you a head start and establish a grasp of the terms on hand.

    What is CEH Cheat Sheet?

    In this newly introduced 11th version of the exam (hence termed v11), CEH continues to progress with the latest tactics, methodologies, and technology. The CEH v11 cheat sheet below contains most of the important terms and topics that you’ll come across during your exam.

    From the basic five ethical hacking stages to more advanced networking, cloud, and cryptography tools and terms introduced for the first time in v11. This cheat sheet was designed from material extracted directly from CEH v11 dumps, considering each CEH v11 exam question.

    How to Use a Cheat Sheet?

    The entire material is properly categorized, with each term nested in its proper heading and sub-heading, making extensive use of the search function feasible. Start by going through the basic terminologies which are listed first. Another way to go through the cheat sheet is by following along with CEH credential modules; searching for unfamiliar terms as you come across them.

    This ensures that you’re not suddenly overburdened with information as you start to scroll through the entire content. If in case you need to make any additions of your own, feel free to make a copy of our cheat sheet. But always remember to make it concise and to the point, so you can quickly access the terms when needed and add more content to it without making a mess.

    Importance of CEH Certification

    The fact that CEH is one of the most updated and comprehensive ethical hacking courses out there makes it an obvious choice for individuals looking to kick start their career in ethical hacking. While there are major benefits in pursuing the certification, both professionally and technically; the importance of the certificate itself is considerable: 

    • Organizations all over the world are starting to understand the critical threat of cyberattacks and the need for qualified individuals in protecting against them. CEH provides them with a very clear outlook of a certified individual’s skill set and makes the hiring process much easier and straightforward. For the same reason, more and more companies are starting to make the CEH certificate a requirement for their job applications, surging its importance.
    • The IT security sector is constantly evolving and advancing with new techniques, tools, and systems. Compared to other certifications, CEH is constantly being updated to meet the industry standards of today. Completing the certificate not only offers job security but also offers you the perfect chance to catch up with the latest trends in the industry.
    • CEH trains individuals practically; introducing you to tools and systems used in professional ethical hacking practices. We highly recommend checking out CEH training courses and CEH v11 practice exams online before attempting the CEH v11 exam, in order to gain practical experience with the commonly used tools. For details, check out our Ethical Hacking certification online

    Certified Ethical Hacking Cheat Sheet

    The content of this cheat sheet while not comprehensive, is aimed at covering all exam areas; including tips in order to maintain the practical value of the content. Feel free to make any edits in order to personalize the cheat sheet to your preference, including content additions and mnemonics.

    1. Basics

    a. Essential Terms 

    • Hack Value: A hacker’s interest in something based on its worth.
    • Vulnerability: A weakness in a system that can be exploited.
    • Exploit: Taking advantage of the identified vulnerability.
    • Payload: Malware or exploit code that the hacker sends to the victim.
    • Zero-day attack: Exploiting previously unknown unpatched vulnerabilities. 
    • Daisy-chaining: A specific attack carried out by hackers to gain access to a single system and using it to access other systems on the same network.
    • Doxing: Tracing an individual’s personally identifiable information (PII) with malicious intent.
    • Bot: A software used to carry out automated tasks.

    b. Elements of information security 

    • Confidentiality: Ensures that information is available only to authorized people.
    • Integrity: Ensures the accuracy of the information. 
    • Availability: Ensuring availability of resources when required by authorized users. 
    • Authenticity: Ensures the quality of being uncorrupted. 
    • Non-repudiation: Ensures report of delivery and receipt by senders and recipient respectively.

    c. Phases of Penetration Testing 

    1. Reconnaissance
    2. Scanning & Enumeration 
    3. Gaining Access 
    4. Maintaining Access 
    5. Covering Tracks 

    d. Types of Threats 

    • Network threats: Attacker may break into the channel and steal the information that is being exchanged on a network.
    • Host threats: Gains access to information from a system. 
    • Application threats: Exploiting unprotected gateways in application itself.

    e. Types of Attacks 

    • OS: Attacks the primary OS of the victim. 
    • App level: Application sourced attacks, usually caused by lack of security testing by developers.
    • Shrink Wrap: Exploiting unpatched libraries and frameworks of the application. 
    • Misconfiguration: Hacks carried out on systems with poorly configured security.

    2. Legal

    • 18 U.S.C 1029 & 1030 
    • RFC 1918 - Private IP Standard 
    • RFC 3227 – Data collection and storage 
    • ISO 27002 - InfoSec Guidelines 
    • CAN-SPAM - Email marketing 
    • SPY-Act - License Enforcement 
    • DMCA - Intellectual Property 
    • SOX - Corporate Finance Processes 
    • GLBA - Personal Finance Data 
    • FERPA - Education Records 
    • FISMA - Gov Networks Security Std 
    • CVSS - Common Vulnerability Scoring System 
    • CVE - Common Vulnerabilities and Exposure 

    3. Reconnaissance

    Also called footprinting, refers to preliminary surveying or research about the target.

    a. Footprinting information 

    • Network information: Domains, subdomains, IP addresses, Whois and DNS records, VPN firewalls using e.g. ike-scan. 
    • System information: OS of web server, locations of servers, users, usernames, passwords, passcodes. 
    • Organization information: Employee information, Organization's background, Phone numbers, Locations. 

    b. Footprinting tools 

    Maltego, Recon-ng (The Recon-ng Framework), FOCA, Recon-dog, Dmitry (DeepMagic Information Gathering Tool).

    c. Google Hacking

    Google Hacking uses advanced Google search engine operators called dorks to identify specific text errors in search results for the purpose of discovering vulnerabilities.

    Common dorks: 

    • site : Only from the specified domain 
    • inurl: Only pages that has the query in its URL 
    • intitle: Only pages that has the query in its title. 
    • cache: Cached versions of the queried page 
    • link : Only pages that contain the queried URL. Discontinued. 
    • filetype: Only results for the given filetype 

    Google hacking tools: 

    Google hack honeypot, Google hacking database, metagoofil. 

    4. Scanning Networks

    Involves obtaining additional information about hosts, ports and services in the network of the victim. It’s meant to identify vulnerabilities and then create an attack plan.

    a. Scanning types 

    • Port scanning: Checking open ports and services.
    • Network scanning: A list of IP addresses.
    • Vulnerability scanning: Known vulnerabilities testing

    b. Common ports to scan 

    22 

    TCP 

    SSH (Secure Shell)  (Secure 

    23 

    TCP 

    Telnet     

    25 

    TCP 

    SMTP (Simple Mail (Simple 

    53 

    TCP/UDP 

    DNS (Domain Name (Domain 

    80 

    TCP 

    HTTP (Hypertext Transfer (Hypertext 

    123 

    TCP 

    NTP (Network Time (Network 

    443 

    TCP/UDP 

    HTTPS     

    500 

    TCP/UDP 

    IKE/IPSec (Internet Key (Internet 

    631 

    TCP/UDP 

    IPP (Internet Printing (Internet 

    3389 

    TCP/UDP 

    RDP (Remote Desktop (Remote 

    9100 

    TCP/UDP

    AppSocket/JetDirect (HP JetDirect, (HP 

    c. Scanning Tools 

    Nmap: Network scanning by sending specially crafted packets. Some common Nmap options include: 

    • sA: ACK scan 
    • sF: FIN scan 
    • sS: SYN 
    • sT: TCP scan 
    • sI: IDLS scan 
    • sn: PING sweep 
    • sN: NULL 
    • sS: Stealth Scan 
    • sR: RPC scan 
    • Po: No ping 
    • sW: Window 
    • sX: XMAS tree scan 
    • PI: ICMP ping 
    • PS: SYN ping 
    • PT: TCP ping 
    • oN: Normal output 
    • oX: XML output 
    • A OS/Vers/Script -T<0-4>: Slow – Fast 

    Hping: Port scanner. Open source. Hping is lower level and stealthier than Nmap as nmap can scan a range of IP addresses while hping can only port scan one individual IP address.

    d. Techniques include 

    • Scanning ICMP: Broadcast ICMP ping, ICMP ping sweep.
    • Scanning TCP: TCP connect, SYN scanning, RFC 793 scans, ACK scanning, IDLE scan.
    • Scanning UDP: It exploits the UDP behavior of the recipient sending an ICMP packet containing an error code when the port is unreachable.
    • List Scanning: Reverse DNS resolution in order to identify the names of the hosts.
    • SSDP Scanning: Detecting UPnP vulnerabilities following buffer overflow or DoS attacks.
    • ARP Scan: Useful when scanning an ethernet LAN.

    5. Enumeration 

    Engaging with a system and querying it for required information. Involves uncovering and exploiting vulnerabilities. 

    a. Enumeration techniques: 

    • Windows enumeration 
    • Windows user account enumeration 
    • NetBIOS enumeration 
    • SNMP enumeration 
    • LDAP enumeration 
    • NTP enumeration 
    • SMTP enumeration 
    • Brute forcing Active Directory

    b. DNS enumeration: 

    DNS stands for "Domain Name System". A DNS record is database record used to map a URL to an IP address. Common DNS records include:

    DNS enumeration tools: dnsrecon, nslookup, dig, host.

    c. DHCP: 

    • Client —Discovers--> Server
    • Client ßOffers à Server
    • Client …. Request …> Server
    • Client <…Ack…> Server
    • IP is removed from pool

    6. Sniffing

    Involves obtaining packets of data on a network using a specific program or a device.

    a. Sniffing types

    • Passive sniffing: No requirement for sending any packets.
    • Active sniffing: Require a packet to have a source and destination addresses. 

    b. Sniffer

    Are packet sniffing applications designed to capture packets that contain information such as passwords, router configuration, traffic. 

    c. Wiretapping

    Refers to telephone and Internet-based conversations monitoring by a third party. 

    d. Sniffing Tools

    • Cain and Abel 
    • Libpcap 
    • TCPflow 
    • Tcpdump 
    • Wireshark 
    • Kismet 

    e. Sniffing Attacks

    • MAC flooding: Send large number of fake MAC addresses to the switch until CAM table becomes full. This causes the switch to enter fail-open mode where it broadcasts the incoming traffic to all ports on the network. Attacker can then starts sniffing the traffic passing through the network. 
    • DHCP attacks: A type of Denial-of-Service attack which exhaust all available addresses from the server. 
    • DNS poisoning: Manipulating the DNS table by replacing a legitimate IP address with a malicious one. 
    • VLAN hopping: Attacking host on a VLAN to gain access to traffic on other VLANs. 
    • OSPF attacks: Forms a trusted relationship with the adjacent router. 

    7. Attacking a System

    a. LM Hashing 

    7 spaces hashed: AAD3B435B51404EE

    b. Attack types 

    • Passive Online: Learning about system vulnerabilities without affecting system resources 
    • Active Online: Password guessing 
    • Offline: Password stealing, usually through the SAM file.
    • Non-electronic: Social Engineering 

    c. Sidejacking 

    Stealing access to a website, usually through cookie hijacking.

    d. Authentication Types 

    • Type 1: When you know something 
    • Type 2: When you have something 
    • Type 3: When you are something 

    e. Session Hijacking 

    Established session hijacking involves: 

    1. Targeting and sniffing traffic between client and server 
    2. Traffic monitoring and predicting sequence 
    3. Desynchronize session with client 
    4. Take over session by predicting session token 
    5. Inject packets to the target server 

    If you feel like you’re lagging in the fundamentals of cybersecurity, Check out our best cyber security courses at any time. 

    8. Social engineering

    Social engineering refers to compelling individuals of target organization to reveal confidential and sensitive information.

    a. Steps of social engineering

    1. Research: Gather enough information about the target company 
    2. Select target: Choose a target employee 
    3. Relationship: Earn the target employee's trust e.g. by creating a relationship 
    4. Exploit: Extract information from the target employee 
    5. Identity theft 

    Stealing an employee’s personally identifiable information to pose as that person. 

    b. Types of Social Engineers 

    • Insider Associates: Limited authorized access
    • Insider Affiliates: Insiders who can spoof identity. 
    • Outsider Affiliates: Outsider who makes use of a vulnerable access point. 

    9. Physical Security

    • Physical measures: E.g., air quality, power concerns, humidity-control systems 
    • Technical measures: E.g., smart cards and biometrics 
    • Operational measures: E.g., security policies and procedures.
    • Access control: 
      1. False rejection rate (FRR): When a biometric rejects a valid user 
      2. False acceptance rate (FAR): When a biometric accepts an invalid user 
      3. Crossover error rate (CER): Combination of the FRR ad FAR; determines how good a system is 
    • Environmental disasters: E.g., hurricanes, tornadoes, floods. 

    10. Web Based Hacking

    a. Web server hacking 

    A web server is a system used for storing, processing, and delivering websites. Web server hacking involves:

    • Information gathering: Acquiring robots.txt to see directories/files that are hidden from web crawlers. 
    • Footprinting: Enumerate common web apps nmap --script http-enum -p80 
    • Mirroring. 
    • Discover vulnerabilities. 
    • Perform session hijacking and password cracking attacks. 

    b. Web server hacking tools 

    Wfetch, THC Hydra, HULK DoS, w3af, Metasploit 

    c. Web application hacking 

    Web Application is user interface to interact with web servers. Web application hacking methodology includes:

    • Web infrastructure footprinting 
    • Web server attack. 

    d. SQL Injection 

    Injecting malicious SQL queries into the application. Allows attacker to gain unauthorized access to system e.g. logging in without credentials. Steps involve: 

    • Information gathering: E.g. database structure, name, version, type.
    • SQL injection: Attacks to extract information from database such as name, column names, and records. 
    • Advanced SQL injection: Goal is to compromise underlying OS and network 

    Tools: 

    Sqlmap, jSQL Injection, SQL Power Injector, The Mole, OWASP SQLiX tool.

    11. Cryptography

    Cryptography Is the process of hiding sensitive information. 

    a. Terms: 

    • Cipher: encryption and decryption algorithm.
    • Clear text / plaintext: unencrypted data 
    • Cipher text: encrypted data 

    Encryption algorithms 

    • DES (Data Encryption Standard): Block cipher, 56-bit key, 64-bit block size 
    • 3DES (Triple Data Encryption Standard): Block cipher, 168-bit key
    • AES: Iterated block cipher. 
    • RC (Rivest Cipher): Symmetric-key algorithm. 
    • Blowfish: fast symmetric block cipher, 64-bit block size, 32 to 448 bits key 
    • Twofish: Symmetric-key block cipher 
    • RSA (Rivest–Shamir–Adleman): Achieving strong encryption through the use of two large prime numbers. 
    • Diffie–Hellman: Used for generating a shared key between two entities over an insecure channel. 
    • DSA (Digital Signature Algorithm): Private key tells who signed the message. Public key verifies the digital signature 

    12. Cloud security

    Cloud providers implement limited access and access policies with logs and the ability to require access reason against repudiation. 

    Cloud computing attacks 

    • Wrapping attack: Changes the unique sign while still maintaining validity of the signature.
    • Side channel attacks: Attacker controls a VM on same physical host (by compromising one or placing own) 
    • Cloud Hopper attack: Goal is to compromise the accounts of staff or cloud service firms to obtain confidential information. 
    • Cloudborne attack: Done by exploiting a specific BMC vulnerability 
    • Man-In-The-Cloud (MITC) attack: Done by using file synchronization services (e.g. Google Drive and Dropbox) as infrastructure. 

    13. Malware and Other Attacks

    Malware is a malicious program designed to cause damage to systems and give system access to its creators. Mainly include: 

    a. Trojans: 

    Malware contained inside seemingly harmless programs. Types include: 

    • Remote access trojans (RATs): Malware that includes a back door for administrative control over the target computer. 
    • Backdoor Trojans: Uninterrupted access to attackers by installing a backdoor on the target system. 
    • Botnet Trojans: Installation of Boot programs on target system. 
    • Rootkit Trojans: enable access to unauthorized areas in a software. 
    • E-banking Trojans: Intercepts account information before encryption and sends to attacker. 
    • Proxy-server Trojans: Allows attacker to use victim’s computers as proxy to connect to the Internet.

    b. Viruses: 

    • Stealth virus: Virus takes active steps to conceal infection from antivirus 
    • Logic Bomb virus: Not self-replicating, zero population growth, possibly parasitic. 
    • Polymorphic virus: Modifies their payload to avoid signature detection.
    • Metamorphic virus: Viruses that can reprogram/rewrite itself. 
    • Macro virus: MS Office product macro creation.
    • File infectors: Virus infects executables 
    • Boot sector infectors: Malicious code executed on system startup.
    • Multipartite viruses: Combines file infectors and boot record infectors. 

    For next steps, check out our blog posts about Certified Ethical Hacker Exam Dump

    Conclusion

    While it’s true that a good portion of the applicants found the CEH v11 exam a little difficult, it’s entirely possible to clear the exam with a good score; provided you’ve practiced enough. The time limit of 4 hours is also enough to clear the exam.

    Be confident in your preparation and avoid panicking. You can always revise our ethical hacking cheat sheet and take CEH v11 mock tests before the exam to make sure you’ve covered everything.

    If you are interested in exploring CEH in-depth, we encourage you to sign up for Ethical Hacking certification online by KnowledgeHut and upskill yourself. Best of luck for the exam!

    Frequently Asked Questions (FAQs)

    1Does CEH teach you how to hack?

    CEH is a penetration testing certification that teaches individuals white-hat or ethical hacking. This consists of teaching individuals how to think like a malicious hacker; looking for vulnerabilities in target systems and using malicious tools, but in a lawful and legitimate manner to assess the security of a system.

    2Which is better CEH or PenTest+?

    While you cannot go wrong with both, EC-Council’s CEH is more reputed among employers and more credible than PenTest+. PenTest+ covers areas of vulnerability management while CEH focuses primarily on using approaches of malicious hackers, making it more effective in cybersecurity assessment. For more information, check out our KnowledgeHut’s Ethical Hacking certification. 

    3What is a cheat sheet in hacking?

    A cheat sheet is supplementary material to aid in memorization. It consists of a concentrated version of every term, method, or tool that you’ll come across in your CEH v11 exam, all in one central location. 

    4Where can I get free dump questions for CEH v11 exam?

    There are plenty of resources online to obtain the latest CEH v11 exam dumps containing CEH v11 questions and answers. For a quick start, check this out.

    5What are the requirements for CEH?

    A few requirements are necessary in order to attend the CEH exam and take training courses. These include an applicant age requirement of at least 18 years, and experience working in an InfoSec environment or equivalent training. Coding skills are also useful but aren’t necessary. 

    Profile

    Sulaiman Asif

    Author

    Sulaiman Asif is an information security professional with 4+ years of experience in Ethical Hacking and a degree of Master in Information Security, he is an EC- Council CEH Certified and has also been engaged with University of Karachi and Institute of Business Management as a cyber security faculty.

    Share This Article
    Ready to Master the Skills that Drive Your Career?

    Avail your free 1:1 mentorship session.

    Select
    Your Message (Optional)

    Upcoming Cyber Security Batches & Dates

    NameDateFeeKnow more
    Course advisor icon
    Course Advisor
    Whatsapp/Chat icon