EC Council has announced the new Version 10 CEH v10 update to the venerable Certified Ethical Hacker certification. There was also the announcement of a new, additional exam option, the CEH (Practical). Let's take a look at what these updates mean for anyone looking to obtain a CEH v10 certification or those who currently hold their CEH certificate.
The Certified Ethical Hacker certification dates back to 2003 and has been updated regularly to embrace new technologies and standards. This new v10 update is no different and the improvements can be broken down into 5 main changes from the v9 certification which debuted in 2015:
- Addition of a new IoT Security module
- Greater emphasis on Vulnerability Assessment and Analysis
- Addition of emerging attack vectors focusing on the Cloud, AI and Machine Learning
- Addition to the CBK of the complete Malware Analysis Process
- Inclusion of a new pen test platform, EC Council’s STORM Mobile Security Toolkit
These changes allow candidates to stay up to date with current techniques and methodologies used by blackhat hackers so that they can better defend against future attacks. With Version 10, the CEH certification maintains its status and approval as a baseline certification on the United Stated DoD 8570 + 8140 Directives.
The CEH v10 is still an important certification for all Ethical Hackers, System Administrators, Network Administrators and Engineers, Webmanagers, Auditors, and Security Professionals in general.
The CEH v10 Exam remains in the same format as the previous version:
- Number of Questions: 125
- Test Duration: 4 Hours
- Test Format: Multiple Choice
- Test Delivery: ECC EXAM, VUE
- Exam Prefix: 312-50 (ECC EXAM), 312-50 (VUE)
The Certified Ethical Hacker (Practical) is a brand new extension of the CEH certification exam. It is an additional, optional exam that can be taken by candidates who would like to prove their knowledge by applying what they have learned in a real-world security audit challenge.
Professionals that possess the C|EH credential will be able to sit for the exam that will test them to their limits in unearthing vulnerabilities across major operating systems, databases, and networks.
Again, this is a new exam that will be offered as a “next step” for those who already have passed the CEH exam. Candidates will need to be able to:
- Demonstrate the understanding of attack vectors
- Perform network scanning to identify live and vulnerable machines in a network.
- Perform OS banner grabbing, service, and user enumeration.
- Perform system hacking, steganography, steganalysis attacks, and cover tracks.
- Identify and use viruses, computer worms, and malware to exploit systems.
- Perform packet sniffing.
- Conduct a variety of web server and web application attacks including directory traversal, parameter tampering, XSS, etc.
- Perform SQL injection attacks.
- Perform different types of cryptography attacks.
- Perform vulnerability analysis to identify security loopholes in the target organization’s network, communication infrastructure, and end systems etc.
While the CEH exam is multiple choice, the CEH (Practical) exam will be a rigorous 6-hour practical knowledge test on challenges that mimic a real corporate network through the use of live virtual machines, networks, and applications.
The CEH (Practical) Exam specs are:
- Number of Practical Challenges: 20
- Duration: 6 hours
- Availability: Aspen – iLabs
- Test Format: iLabs Cyber Range
- Passing Score: 70%
The highly anticipated launch dates for the CEHv10 and CEH (Practical) exams and related training courses have not yet been announced. SecureNinja is a leading EC Council Accredited Training Center (ATC) and will will be offering updated training as soon as these new certifications become available.