CEH Certification Exam Cheat Sheet

CEH Certification

The most popular ethical hacking certification in the world and the one that cybersecurity experts choose is still CEH Certification from the EC Council. Employers around the world trust it because of its in-depth and current understanding of system vulnerabilities, penetration testing, and malware countermeasures, making it one of the most sought-after ethical hacking credentials on the market. The abilities of malevolent hackers are assumed to be possessed by those considering becoming Certified Ethical Hackers, and they must be verified by passing the CEH exam offered by the EC-Council.

Even though this four-hour exam is focused on multiple-choice questions, it is still manageable with the correct planning, practice, and resources. However, those who have taken the exam frequently state that it is challenging to fully understand the vocabulary, processes, and tools. Cheat sheets for CEH are frequently utilized in these situations to help with memorizing and quickly reviewing material prior to the exam.

Despite the fact that they are not exhaustively detailed guides, they are sufficient for allowing one to approach questions on instinct and better grasp them. This guide aims to give readers access to such a resource that is also current with the v12 standards. You can get a head start on the exam and get a firm understanding of the terms by using the Certified Ethical Hacking [CEH] Exam Cheat Sheet (2023) found below.

What is a cheat sheet for CEH?

With the newest strategies, methodologies, and technology, CEH has released the 12th version of the exam, also known as v12. The majority of the key phrases and topics that you’ll encounter on the exam are covered in the CEH v12 cheat sheet that is provided below.

From the fundamental five steps of ethical hacking to more sophisticated networking, cloud, and encryption tools and terms made available for the first time in v12. This study guide was created using information taken straight from CEH v12 exam dumps, taking into account every CEH v12 exam question.

The Best Way to Use a Cheat Sheet

Every phrase is correctly nested in its appropriate heading and sub-header across the whole document, allowing for broad use of the search function. Start by reading over the definitions of the basic terms that are listed initially. Following through with the CEH certification modules and looking up new phrases as you come across them is another approach to move through the cheat sheet.

This makes sure that as you begin to read through the complete content, you won’t suddenly feel overwhelmed with information. Please feel free to make a copy of our cheat sheet in case you need to add anything of your own. To avoid a mess, always keep it brief and to the point so that you can immediately access the terms when needed and add extra information without having to rewrite it.

Importance of CEH Certification

One of the most current and comprehensive ethical hacking courses available, CEH is an obvious choice for anybody wishing to launch an ethical hacking profession. Getting certified has significant professional and technical advantages, but the certification itself carries a lot of weight:

  • Organizations all around the world are beginning to recognize the serious threat posed by cyberattacks and the necessity of employing trained personnel in their defense. The hiring process is made considerably simpler and clearer thanks to CEH, which gives them a crystal-clear understanding of the skill set of a certified worker. The significance of the CEH credential is rising as more and more organizations start requiring it for job applications.
  • New methods, instruments, and systems are constantly being developed in the IT security industry. Unlike other certifications, CEH is regularly updated to match current industry standards. Along with employment stability, earning the certificate will give you the best opportunity to stay current with industry changes.
  • By exposing you to the tools and methods used in reputable ethical hacking activities, CEH trains people realistically. To obtain hands-on experience with the frequently used tools, we strongly advise checking out CEH certification and CEH v12 mock examinations online before taking the CEH v12 exam. Check out our online Ethical Hacking certification for more information.

Cheat sheet for Certified Ethical Hacking

This cheat sheet’s information, while not exhaustive, aims to cover all exam topics and includes hints to keep the information useful. Feel free to add new information and mnemonics to the cheat sheet in order to tailor it to your preferences.

1. Basics

a. Essential Terms

  • Hack Value: An object’s value as measured by a hacker’s interest in it.
  • A system’s vulnerability is a weakness that can be used against it.
  • exploit: Making use of the vulnerability that has been found.
  • The payload of a hack is the malicious software or exploit code that is sent to the target.
  • Exploiting recently discovered, unpatched vulnerabilities is known as a zero-day attack.
  • A specific method used by hackers to access one system and then use it to access other systems connected to the same network is known as “daisy-chaining.”
  • Doxing: The malicious tracking of a person’s personally identifying information (PII).
  • Bot: A piece of software that performs automated tasks.

b. Information security components

  • Ensuring confidentiality means limiting access to information to those who are authorized.
  • Integrity: Assures the truthfulness of the data.
  • Availability: Ensuring that resources are available when needed by authorized users.
  • Authenticity: Assures that something is pure and unadulterated.
  • Non-repudiation: Ensures that senders and recipients, respectively, report delivery and reception.

c. Penetration Testing Phases

1. Reconnaissance

2. Scanning & Enumeration

3. Gaining Access

4. Maintaining Access

5. Covering Tracks

d. Types of Threats

  • Network threats: An attacker could enter a channel and take the data being exchanged on the network.
  • hosts are at risk since it gathers data from a system.
  • Application-specific dangers include the exploitation of unsecured gateways.

e. Types of Attacks

  • Attacks the victim’s main operating system.
  • Attacks originate from applications, typically as a result of developers skipping security testing.
  • Shrink Wrap: Taking use of the application’s unpatched frameworks and libraries.
  • Misconfiguration: Hacks committed on systems with inadequate security configuration.
CEH Certification

2. Legal

  • 18 U.S.C 1029 & 1030
  • RFC 1918 – Private IP Standard
  • RFC 3227 – Data collection and storage
  • ISO 27002 – InfoSec Guidelines
  • CAN-SPAM – Email marketing
  • SPY-Act – License Enforcement
  • DMCA – Intellectual Property
  • SOX – Corporate Finance Processes
  • GLBA – Personal Finance Data
  • FERPA – Education Records
  • FISMA – Gov Networks Security Std
  • CVSS – Common Vulnerability Scoring System
  • CVE – Common Vulnerabilities and Exposure

3. Reconnaissance

The term “footprinting,” which also refers to the preliminary study or surveying the target, is used.

a. Information on footprints

  • Domains, subdomains, IP addresses, DNS, and Whois information, as well as VPN firewalls, utilizing, for example, like-scan, are only a few of the network’s informational components.
  • System details include the web server’s operating system, server locations, users, usernames, passwords, and passcodes.
  • Information about the organization, including its history, phone numbers, and locations.

b. Tools for measuring footprints

Maltego, FOCA, Recon-ng (The Recon-ng Framework), Recon-dog, and Dmitry (DeepMagic Information Gathering Tool).

c. Google Hacking

Google Hacking exploits sophisticated Google search engine operators known as “dorks” to find weaknesses by spotting particular text problems in search results.

Typical nerds:

  • site: Only pages with the requested query in their URLs inurl: Only pages from the given domain
  • only pages with the query in their titles are listed in the title.
  • cache: Archived copies of the requested page
  • link: Only webpages with the requested URL. Discontinued.
  • only outcomes for the specified filetype

Google hacking instruments:

Google’s database hack, honeypot hack, and metagoofil.

4. Network scanning

Involves gathering further details about the victims’ network’s hosts, ports, and services. Its purpose is to locate weak points before developing an offensive strategy.

a. Sorting by kind

  • Checking open ports and services is known as port scanning.
  • IP addresses found during network scanning.
  • Testing for known flaws is called vulnerability scanning.

b. Usual ports for scanning

22 TCP SSH (Secure Shell)  (Secure 
23 TCP Telnet     
25 TCP SMTP (Simple Mail (Simple 
53 TCP/UDP DNS (Domain Name (Domain 
80 TCP HTTP (Hypertext Transfer (Hypertext 
123 TCP NTP (Network Time (Network 
443 TCP/UDP HTTPS     
500 TCP/UDP IKE/IPSec (Internet Key (Internet 
631 TCP/UDP IPP (Internet Printing (Internet 
3389 TCP/UDP RDP (Remote Desktop (Remote 
9100 TCP/UDPAppSocket/JetDirect (HP JetDirect, (HP 

c. Scanning Equipment

Nmap: Sends specially constructed packets to scan the network. Typical Nmap choices include:

  • sA: ACK scan
  • sF: FIN scan
  • sS: SYN
  • sT: TCP scan
  • sI: IDLS scan
  • sn: PING sweep
  • sN: NULL
  • sS: Stealth Scan
  • sR: RPC scan
  • Po: No ping
  • sW: Window
  • sX: XMAS tree scan
  • PI: ICMP ping
  • PS: SYN ping
  • PT: TCP ping
  • oN: Normal output
  • oX: XML output
  • A OS/Vers/Script -T<0-4>: Slow – Fast

scanning ports with ping. open source Nmap can port scan a variety of IP addresses, however, Hping can only port scan one specific IP address, making Hping lower level and stealthier than Nmap.

d. Methods consist of

  • ICMP ping sweep and broadcast are two types of ping scanning.
  • TCP connection, SYN scan, RFC 793 scans, ACK scan, and IDLE scan are all examples of TCP scanning.
  • When a port is inaccessible, scanning UDP takes advantage of the recipient’s UDP behavior by delivering an ICMP packet with an error code.
  • Reverse DNS resolution is used in list scanning to determine the names of the hosts.
  • Finding UPnP vulnerabilities after buffer overflow or DoS attacks using SSDP scanning.
  • An Ethernet LAN can be scanned using the ARP Scan tool.

5. Enumeration

Using a system and asking it to provide the necessary data. involves finding flaws and exploiting them.

a. Methods of counting:

  • Windows list-building
  • Enumerating Windows user accounts
  • Enumeration of NetBIOS
  • Enumeration of SNMP
  • Enumeration of LDAP
  • Enumeration of NTP
  • Enumeration of SMTP
  • crudely imposing Dynamic Directory

b. DNS enumeration:

“Domain Name System” is what DNS stands for. To translate a URL to an IP address, a DNS record is a database entry. Popular DNS records are:

DNS enumeration tools include dig, host, nslookup, and dnsrecon.

c. DHCP:

  • Client —Discovers–> Server
  • Client ßOffers à Server
  • Client …. Request …> Server
  • Client <…Ack…> Server
  • IP is removed from the pool

6. Sniffing

Involves employing a particular application or equipment to gather data packets on a network.

a. Sniffing types

  • There is no need to send any packets when passively sniffing.
  • Active sniffing: Demand that a packet has a source and destination address.

b. Sniffer

Programs for “packet sniffing” are made to capture packets including data like traffic, router configuration, and passwords.

c. Wiretapping

Refers to the surveillance of phone and Internet communications by a third party.

d. Sniffing Tools

  • Cain and Abel
  • Libpcap
  • TCPflow
  • Tcpdump
  • Wireshark
  • Kismet

e. Sniffing Attacks

  • Send as many fake MAC addresses to the switch as possible until the CAM table is full. As a result, the switch switches into fail-open mode and broadcasts the incoming traffic to all network ports. After then, the attacker can begin sniffing the network traffic.
  • DHCP attacks: A kind of Denial-of-Service attack that uses up every address the server has to provide.
  • DNS poisoning: Using a malicious IP address to replace a reliable one in order to alter the DNS table.
  • VLAN hopping is the process of attacking a host on one VLAN to get access to traffic on another VLAN.
  • Attacks using OSPF: Establishes a trustworthy connection with the neighboring router.
CEH Certification

7. Attacking a System

a. LM Hashing

7 spaces hashed: AAD3B435B51404EE

b. Attack types

  • Learning about system flaws passively online without consuming system resources
  • Online activity: guessing passwords
  • Offline: Password theft, typically done through the SAM file.
  • Non-electronic: Sidejacking

c. Sidejacking

Gaining unauthorized access to a website, frequently through cookie hijacking.

d. Types of Authentication

  • Type 1: When you are informed
  • Type 2: When anything is available.
  • Type 3: When something is you

e. Session Hijacking

Known session hijacking includes:

1. Targeting and eavesdropping on client-server traffic

2. Monitoring and predicting the sequence of traffic

3. Desynchronize the client session.

4. By anticipating the session token, you can control the session.

5. Send data packets to the target server.

Check out our top cybersecurity courses whenever you feel you are falling behind in the foundations of cybersecurity.

8. Social engineering

Social engineering is the practice of persuading members of the target organization to divulge sensitive and private information.

a. Social engineering techniques

1. Research: Obtain sufficient knowledge about the intended business

2. Choose a target: Select a targeted worker

3. Relationship: Establishing a relationship with the target employee can help you win their trust.

4. Exploit: Find out what the target employee knows.

5. Identity fraud

Obtaining personally identifiable data from a worker and using it to pass for that individual.

b. Social engineers’ various forms

  • Insider Associates: Authorized access is restricted
  • Affiliate Insiders: Insiders have identity-faking capabilities.
  • Affiliates from the Outside: An outsider who uses a weak access point.

9. Physical Protection

  • Physical measures, such as humidity-control systems, power issues, and air quality
  • Technical measures, such as biometrics and smart cards
  • Operational measures include things like security protocols and rules.
  • Access management
  • False rejection rate (FRR): When a biometric disqualifies a legitimate person
  • False acceptance rate (FAR) measures how frequently a biometric accepts an incorrect user.
  • (CER) Crossover error rate How well a system performs is determined by combining the FRR and FAR.
  • Environmental catastrophes example: floods, tornadoes, and hurricanes.

10. Online hacking

a. Hacking of web servers.

A web server is a device used to store, process, and distribute websites. Hacking a web server involves:

  • Obtaining robots.txt allows you to see directories and files that are hidden from web crawlers, which is a step in the hacking of a web server.
  • Footprinting: List popular web applications http-enum -p80 nmap —script
  • Mirroring.
  • Discover weak points.
  • Attempt password cracking and session hijacking.

b. Tools for hacking web servers

HULK DoS, w3af, Wfetch, THC Hydra, and Metasploit

c. Hacking into web applications

The user interfaces for interacting with web servers is a web application. Hacking techniques for web applications include:

  • Web server assault using web infrastructure footprinting.

d. Injection of SQL

Harmful SQL queries being injected into the program. allows an attacker to log in without using their credentials and get unauthorized access to the system. The steps consist of:

  • Information gathering, for example, the name, version, and kind of the database.
  • Attacks using SQL injection to retrieve data from databases, including names, column names, and records.
  • sophisticated SQL injection: To compromise the network and underlying operating system.


SQL Power Injector, The Mole, jSQL Injection, sqlmap, and the OWASP SQLiX tool.

11. Cryptography

The act of concealing sensitive information is known as cryptography.

a. terms

An encryption and decryption algorithm is referred to as a cipher.

  • Unencrypted data in clear text or plaintext
  • Cipher text is coded information.

encryption techniques

  • Block cipher, 64-bit block size, 56-bit key, Data Encryption Standard
  • Block cipher, 168-bit key, 3DES (Triple Data Encryption Standard).
  • An iterated block cipher, AES.
  • Symmetric-key algorithm for the Rivset Cipher.
  • Blowfish is a fast symmetric block cipher with a 64-bit block size and a 32 to 448-bit key.
  • Symmetric-key block cipher Twofish
  • RSA (Rivest-Shamir-Adleman): Using two huge prime numbers to create robust encryption.
  • For creating a shared key between two entities via an insecure channel, use Diffie-Hellman.
  • Digital Signature Algorithm: The message’s signer is identified by their private key. The public key is used to validate the digital signature.

12. Cloud security

Cloud providers implement access restrictions with logs, the ability to demand a valid access justification to prevent repudiation, and limited access.

Attacks on cloud computing

  • Wrapping attack: Modifies the distinctive sign while preserving the reliability of the signature.
  • The attacker controls a VM on the same physical host in side channel assaults (by compromising one or placing own)
  • Attack using the Cloud Hopper protocol aims to gain access to private information by infiltrating employees’ or cloud service providers’ accounts.
  • Attack conducted through the use of a specific BMC vulnerability
  • Man-In-The-Cloud (MITC) attack: Conducted by utilizing the infrastructure of file synchronization services (such as Google Drive and Dropbox).

13. Malware and other assaults

A destructive program known as malware is made to harm computers and grant access to their authors. mainly consist of

a. Trojans

Malware is hidden within ostensibly safe apps. Types consist of:

  • Malware that incorporates a back door enabling administrative access to the target machine is known as remote access trojans (RATs).
  • Trojans open a backdoor on the target machine, giving attackers uninterrupted access.
  • Boot programs are installed on the target system by botnet Trojans.
  • Trojans known as rootkits allow users to access restricted parts of the software.
  • Trojans for electronic banking: intercept and transfer to attacker account information before encryption.
  • Trojans that employ a proxy server let an attacker connect to the Internet by using the victim’s computer as a proxy.

b. Viruses

  • Stealth virus: A virus actively works to hide infection from antivirus software
  • Not self-replicating, population growth is zero, and the Logic Bomb virus may be parasitic.
  • A virus that is polymorphic will alter its payload to evade signature detection.
  • Viruses with metamorphic properties can change their own code or structure.
  • MS Office product macro generation is a macro virus.
  • viruses that contaminate executable files
  • Malicious code is executed when the system boots up.
  • Combines boot record infectors and file infectors to form multipartite viruses.


Although a significant number of applicants did find the CEH v12 exam to be a little challenging, it is absolutely possible to pass the exam with a good grade if you have sufficient preparation. The four hours allotted are sufficient to finish the test.

Avoid panicking and be assured in your planning. To make sure you’ve studied everything, you may always review our ethical hacking cheat sheet and take CEH v12 practice exams before the exam.

We strongly advise you to enroll in the CEH certification offered by Microtek Learning if you’re interested in learning more about CEH.

Good luck with the exam!

Frequently Asked Questions (FAQs)

Does CEH offer instruction in hacking?

The CEH certification teaches people white hat or ethical hacking through penetration testing. This includes educating people on how to think like malicious hackers, searching for flaws in target systems, and employing malicious tools—but in a legal and acceptable way—to evaluate a system’s security.

Which is superior, PenTest+ or CEH?

Although you can’t go wrong with either, EC-Council has a better reputation and is seen as more reliable by companies than PenTest+. While CEH primarily uses techniques used by hostile hackers, PenTest+ covers aspects of vulnerability management, making it more useful for assessing cybersecurity. For more information, see our Ethical Hacking certification offered by Microtek Learning.

What does a hacker cheat sheet entail?

A cheat sheet provides additional information to help in memorization. It contains a condensed version of each concept, technique, or tool you’ll encounter on the CEH v12 exam, gathered in one place.

Where can I find free CEH v12 exam dump questions?

Online sources abound where you may find the most recent CEH v12 exam dumps that include CEH v12 questions and answers. Check out this for a quick start.

What requirements must be met for CEH?

To take training classes and sit for the CEH exam, you must meet a few conditions. These include having to be at least 18 years old and having either equal training or experience working in an infosec environment. Coding knowledge is advantageous but not required.

You might also like

Leave a Reply

Your email address will not be published. Required fields are marked *