CEH Exam Cheat Sheet
Certified Ethical Hacking

Certified Ethical Hacking | CEH Exam Cheat Sheet (2023)

The Certified Ethical Hacker (CEH) certification indicates that you have the skills to understand how hackers think and how they operate. It validates to the employers that you are a valuable asset to the company. The CEH is just one of many certifications available on the market today, but it’s one of the most recognized by employers. It’s an internationally recognized security certification that can be earned through online training, classroom training, or self-study.

Looking to pass the CEH exam on the first attempt? Dive into the details to know more! Want to learn how hackers think? Welcome to the world’s leading ethical hacking certification!

What is the Certified Ethical Hacker (CEH)?

The Certified Ethical Hacker (CEH) certification is a globally recognized security credential to possess the skills and creativity of malicious hackers and validate them by passing EC-Council Certification (CEH v12). The CEH certification is available as an entry-level certification and for professional-level certification that can be achieved with the right preparation and resources.

CEH is a certification that certifies that a person has the knowledge and skills necessary to perform penetration testing, recognized by many employers as a requirement for employment in the field. CEH cheat sheet is a report often used in cases to aid memorization and refresh before the examination.

Why Is CEH Important?

Ethical hackers are security professionals who use their knowledge and skills to test other people’s computer systems. This includes physical security, access control, identity management, and application security. Ethical hacking also involves penetration testing, which involves attacking a system or network with malicious intent in order to find vulnerabilities that can be exploited for malicious purposes.

What is CEH Cheat Sheet?

CEH Cheat Sheet is an online cheat sheet that provides a quick reference guide to all of the common configuration items in the CEH certification exam. It also includes information on some of the more advanced concepts required in order to pass the exam and become certified.

CEH Cheat Sheet is a cheat sheet for the Certified Ethical Hacker (CEH) certification. It contains information about what the exam covers, how to prepare for it, and how to pass the exam. It contains all the main CEH exam objectives in an easy-to-read layout.

This cheat sheet can be used as a reference for your road to success!

How to use CEH Cheat Sheet?

You can find the cheat sheet on our website or download it from here. If you want to use it offline, you can save it to your device and open it later. Cheat sheets for CEH are frequently utilized in these situations to help with memorizing and quickly reviewing material prior to the exam. By doing this, you can be confident that when you read through the full content, you won’t suddenly be overwhelmed with information. Make a copy of our cheat sheet if you need to add anything of your own, just in case.

Why should learners use our CEH Cheat Exam Sheet?

CEH exam sheet is a tool designed to help you learn the exam in a short time. The best part about it is that it was created by someone who took the real exam and passed it. That person was NCCA certified, and now he wants you to pass your certification exam as well.

There are other tools out there that claim to teach you how to pass the CEH certification, but they don’t have the same experience as this one does. They can’t tell you what questions on the exam you’ll see, how many questions there will be, etc. This tool does just that!

Checkout the latest CEH Batch Schedule:

Course NameScheduleMode
CEH TrainingFeb 06 – Feb 10 – 2023Online

Benefits of Having a Certified Ethical Hacker (CEH) Certification

The Certified Ethical Hacker (CEH) certification is one of the most popular and sought-after certifications in the hacking world. With this certification, you can gain valuable insight into the ways that hackers think and what they do to find vulnerabilities in systems. Here are some of the benefits of earning a CEH certification:

1. Gain more insight into risks and vulnerabilities

Having a CEH certification will allow you to gain a deeper understanding of how hackers think and operate. Certified ethical hackers (CEH v12) come with a lot of benefits that can help you to better understand the security landscape and build a higher level of security. The CEH certification helps you to gain more insight into risks and vulnerabilities, which can be beneficial in many ways.

You will have a better understanding of how hackers think, which will let you predict their actions before they actually happen. This is an important element for companies who want to keep their data safe from attackers. This will help you make informed decisions and will give you the ability to identify and mitigate risks before they become an issue.

2. Understand how hackers think

The Certified Ethical Hacker (CEH) certification teaches you about hacking techniques, which means that you’ll be able to understand how criminals think when they’re working on breaking into your network or stealing your credit card numbers online. This knowledge will help you develop new strategies for preventing cyber-attacks by using different tools like firewalls and antivirus software programs.

Hacking isn’t just about breaking into systems — it’s about finding out how they work and then exploiting these weaknesses in order to get access to sensitive information or resources that are valuable to your organization or customers.

3. You’ll earn more money with the CEH

The Certified Ethical Hacker (CEH) certification also helps you earn more money by helping organizations hire better IT professionals who are familiar with cybersecurity issues as well as the latest tools and technologies used by hackers today. Leveraging CEH v12 credential for enhancing career growth.

Certified Ethical Hacking Cheat Sheet

The content of this cheat sheet while not comprehensive, is aimed at covering all exam areas; including tips in order to maintain the practical value of the content. Feel free to make any edits in order to personalize the cheat sheet to your preference, including content additions and mnemonics.

1. Basics

a. Essential Terms 

  • Hack Value: A hacker’s interest in something based on its worth.
  • Vulnerability: A weakness in a system that can be exploited.
  • Exploit: Taking advantage of the identified vulnerability.
  • Payload: Malware or exploit code that the hacker sends to the victim.
  • Zero-day attack: Exploiting previously unknown unpatched vulnerabilities. 
  • Daisy-chaining: A specific attack carried out by hackers to gain access to a single system and using it to access other systems on the same network.
  • Doxing: Tracing an individual’s personally identifiable information (PII) with malicious intent.
  • Bot: A software used to carry out automated tasks.

b. Elements of information security 

  • Confidentiality: Ensures that information is available only to authorized people.
  • Integrity: Ensures the accuracy of the information. 
  • Availability: Ensuring availability of resources when required by authorized users. 
  • Authenticity: Ensures the quality of being uncorrupted. 
  • Non-repudiation: Ensures report of delivery and receipt by senders and recipient respectively.

c. Phases of Penetration Testing 

  1. Reconnaissance 
  2. Scanning & Enumeration 
  3. Gaining Access 
  4. Maintaining Access 
  5. Covering Tracks 

d. Types of Threats 

  • Network threats: Attacker may break into the channel and steal the information that is being exchanged on a network.
  • Host threats: Gains access to information from a system. 
  • Application threats: Exploiting unprotected gateways in application itself.

e. Types of Attacks 

  • OS: Attacks the primary OS of the victim. 
  • App level: Application sourced attacks, usually caused by lack of security testing by developers.
  • Shrink Wrap: Exploiting unpatched libraries and frameworks of the application. 
  • Misconfiguration: Hacks carried out on systems with poorly configured security.

2. Legal

  • 18 U.S.C 1029 & 1030 
  • RFC 1918 – Private IP Standard 
  • RFC 3227 – Data collection and storage 
  • ISO 27002 – InfoSec Guidelines 
  • CAN-SPAM – Email marketing 
  • SPY-Act – License Enforcement 
  • DMCA – Intellectual Property 
  • SOX – Corporate Finance Processes 
  • GLBA – Personal Finance Data 
  • FERPA – Education Records 
  • FISMA – Gov Networks Security Std 
  • CVSS – Common Vulnerability Scoring System 
  • CVE – Common Vulnerabilities and Exposure 

3. Reconnaissance

Also called footprinting, refers to preliminary surveying or research about the target.

a. Footprinting information 

  • Network information: Domains, subdomains, IP addresses, Whois and DNS records, VPN firewalls using e.g. ike-scan. 
  • System information: OS of web server, locations of servers, users, usernames, passwords, passcodes. 
  • Organization information: Employee information, organization’s background, Phone numbers, Locations. 

b. Footprinting tools 

Maltego, Recon-ng (The Recon-ng Framework), FOCA, Recon-dog, Dmitry (DeepMagic Information Gathering Tool).

c. Google Hacking 

Google Hacking uses advanced Google search engine operators called dorks to identify specific text errors in search results for the purpose of discovering vulnerabilities.

Common dorks: 

  • site : Only from the specified domain 
  • inurl: Only pages that has the query in its URL 
  • intitle: Only pages that has the query in its title. 
  • cache: Cached versions of the queried page 
  • link : Only pages that contain the queried URL. Discontinued. 
  • filetype: Only results for the given filetype 

Google hacking tools: 

Google hack honeypot, Google hacking database, metagoofil. 

4. Scanning Networks

Involves obtaining additional information about hosts, ports and services in the network of the victim. It’s meant to identify vulnerabilities and then create an attack plan.

a. Scanning types 

  • Port scanning: Checking open ports and services.
  • Network scanning: A list of IP addresses.
  • Vulnerability scanning: Known vulnerabilities testing. 

b. Common ports to scan 

22 TCP SSH (Secure Shell)  (Secure 
23 TCP Telnet     
25 TCP SMTP (Simple Mail (Simple 
53 TCP/UDP DNS (Domain Name (Domain 
80 TCP HTTP (Hypertext Transfer (Hypertext 
123 TCP NTP (Network Time (Network 
443 TCP/UDP HTTPS     
500 TCP/UDP IKE/IPSec (Internet Key (Internet 
631 TCP/UDP IPP (Internet Printing (Internet 
3389 TCP/UDP RDP (Remote Desktop (Remote 
9100 TCP/UDPAppSocket/JetDirect (HP JetDirect, (HP 

c. Scanning Tools 

Nmap: Network scanning by sending specially crafted packets. Some common Nmap options include: 

  • sA: ACK scan 
  • sF: FIN scan 
  • sS: SYN 
  • sT: TCP scan 
  • sI: IDLS scan 
  • sn: PING sweep 
  • sN: NULL 
  • sS: Stealth Scan 
  • sR: RPC scan 
  • Po: No ping 
  • sW: Window 
  • sX: XMAS tree scan 
  • PI: ICMP ping 
  • PS: SYN ping 
  • PT: TCP ping 
  • oN: Normal output 
  • oX: XML output 
  • A OS/Vers/Script -T<0-4>: Slow – Fast 

Hping: Port scanner. Open source. Hping is lower level and stealthier than Nmap as nmap can scan a range of IP addresses while hping can only port scan one individual IP address.

d. Techniques include 

  • Scanning ICMP: Broadcast ICMP ping, ICMP ping sweep. 
  • Scanning TCP: TCP connect, SYN scanning, RFC 793 scans, ACK scanning, IDLE scan. 
  • Scanning UDP: It exploits the UDP behavior of the recipient sending an ICMP packet containing an error code when the port is unreachable. 
  • List Scanning: Reverse DNS resolution in order to identify the names of the hosts. 
  • SSDP Scanning: Detecting UPnP vulnerabilities following buffer overflow or DoS attacks.
  • ARP Scan: Useful when scanning an ethernet LAN. 

5. Enumeration 

Engaging with a system and querying it for required information. Involves uncovering and exploiting vulnerabilities. 

a. Enumeration techniques: 

  • Windows enumeration 
  • Windows user account enumeration 
  • NetBIOS enumeration 
  • SNMP enumeration 
  • LDAP enumeration 
  • NTP enumeration 
  • SMTP enumeration 
  • Brute forcing Active Directory 

b. DNS enumeration: 

DNS stands for “Domain Name System”. A DNS record is database record used to map a URL to an IP address. Common DNS records include: 

DNS enumeration tools: dnsrecon, nslookup, dig, host. 

c. DHCP: 

  • Client —Discovers–> Server 
  • Client ßOffers à Server 
  • Client …. Request …> Server 
  • Client <…Ack…> Server 
  • IP is removed from pool 

6. Sniffing

Involves obtaining packets of data on a network using a specific program or a device. 

a. Sniffing types 

  • Passive sniffing: No requirement for sending any packets.
  • Active sniffing: Require a packet to have a source and destination addresses. 

b. Sniffer 

Are packet sniffing applications designed to capture packets that contain information such as passwords, router configuration, traffic. 

c. Wiretapping 

Refers to telephone and Internet-based conversations monitoring by a third party. 

d. Sniffing Tools 

  • Cain and Abel 
  • Libpcap 
  • TCPflow 
  • Tcpdump 
  • Wireshark 
  • Kismet 

e. Sniffing Attacks 

  • MAC flooding: Send large number of fake MAC addresses to the switch until CAM table becomes full. This causes the switch to enter fail-open mode where it broadcasts the incoming traffic to all ports on the network. Attacker can then starts sniffing the traffic passing through the network. 
  • DHCP attacks: A type of Denial-of-Service attack which exhaust all available addresses from the server. 
  • DNS poisoning: Manipulating the DNS table by replacing a legitimate IP address with a malicious one. 
  • VLAN hopping: Attacking host on a VLAN to gain access to traffic on other VLANs. 
  • OSPF attacks: Forms a trusted relationship with the adjacent router. 

7. Attacking a System

a. LM Hashing 

7 spaces hashed: AAD3B435B51404EE 

b. Attack types 

  • Passive Online: Learning about system vulnerabilities without affecting system resources 
  • Active Online: Password guessing 
  • Offline: Password stealing, usually through the SAM file.
  • Non-electronic: Social Engineering 

c. Sidejacking 

Stealing access to a website, usually through cookie hijacking.

d. Authentication Types 

  • Type 1: When you know something 
  • Type 2: When you have something 
  • Type 3: When you are something 

e. Session Hijacking 

Established session hijacking involves: 

  1. Targeting and sniffing traffic between client and server 
  2. Traffic monitoring and predicting sequence 
  3. Desynchronize session with client 
  4. Take over session by predicting session token 
  5. Inject packets to the target server 

If you feel like you’re lagging in the fundamentals of cybersecurity, Check out our best cyber security courses at any time. 

8. Social engineering

Social engineering refers to compelling individuals of target organization to reveal confidential and sensitive information.

a. Steps of social engineering 

  1. Research: Gather enough information about the target company 
  2. Select target: Choose a target employee 
  3. Relationship: Earn the target employee’s trust e.g. by creating a relationship 
  4. Exploit: Extract information from the target employee 
  5. Identity theft 

Stealing an employee’s personally identifiable information to pose as that person. 

b. Types of Social Engineers 

  • Insider Associates: Limited authorized access 
  • Insider Affiliates: Insiders who can spoof identity. 
  • Outsider Affiliates: Outsider who makes use of a vulnerable access point. 

9. Physical Security

  • Physical measures: E.g., air quality, power concerns, humidity-control systems 
  • Technical measures: E.g., smart cards and biometrics 
  • Operational measures: E.g., security policies and procedures. 
  • Access control:
    1. False rejection rate (FRR): When a biometric rejects a valid user 
    2. False acceptance rate (FAR): When a biometric accepts an invalid user 
    3. Crossover error rate (CER): Combination of the FRR ad FAR; determines how good a system is 
  • Environmental disasters: E.g., hurricanes, tornadoes, floods. 

10. Web Based Hacking

a. Web server hacking 

A web server is a system used for storing, processing, and delivering websites. Web server hacking involves:

  • Information gathering: Acquiring robots.txt to see directories/files that are hidden from web crawlers. 
  • Footprinting: Enumerate common web apps nmap –script http-enum -p80 
  • Mirroring. 
  • Discover vulnerabilities. 
  • Perform session hijacking and password cracking attacks. 

b. Web server hacking tools 

Wfetch, THC Hydra, HULK DoS, w3af, Metasploit 

c. Web application hacking 

Web Application is user interface to interact with web servers. Web application hacking methodology includes:

  • Web infrastructure footprinting 
  • Web server attack. 

d. SQL Injection 

Injecting malicious SQL queries into the application. Allows attacker to gain unauthorized access to system e.g. logging in without credentials. Steps involve: 

  • Information gathering: E.g. database structure, name, version, type. 
  • SQL injection: Attacks to extract information from database such as name, column names, and records. 
  • Advanced SQL injection: Goal is to compromise underlying OS and network 

Tools: 

Sqlmap, jSQL Injection, SQL Power Injector, The Mole, OWASP SQLiX tool.

11. Cryptography

Cryptography Is the process of hiding sensitive information. 

a. Terms: 

  • Cipher: encryption and decryption algorithm.
  • Clear text / plaintext: unencrypted data 
  • Cipher text: encrypted data 

Encryption algorithms 

  • DES (Data Encryption Standard): Block cipher, 56-bit key, 64-bit block size 
  • 3DES (Triple Data Encryption Standard): Block cipher, 168-bit key 
  • AES: Iterated block cipher. 
  • RC (Rivest Cipher): Symmetric-key algorithm. 
  • Blowfish: fast symmetric block cipher, 64-bit block size, 32 to 448 bits key 
  • Twofish: Symmetric-key block cipher 
  • RSA (Rivest–Shamir–Adleman): Achieving strong encryption through the use of two large prime numbers. 
  • Diffie–Hellman: Used for generating a shared key between two entities over an insecure channel. 
  • DSA (Digital Signature Algorithm): Private key tells who signed the message. Public key verifies the digital signature 

12. Cloud security

Cloud providers implement limited access and access policies with logs and the ability to require access reason against repudiation. 

Cloud computing attacks 

  • Wrapping attack: Changes the unique sign while still maintaining validity of the signature. 
  • Side channel attacks: Attacker controls a VM on same physical host (by compromising one or placing own) 
  • Cloud Hopper attack: Goal is to compromise the accounts of staff or cloud service firms to obtain confidential information. 
  • Cloudborne attack: Done by exploiting a specific BMC vulnerability 
  • Man-In-The-Cloud (MITC) attack: Done by using file synchronization services (e.g. Google Drive and Dropbox) as infrastructure. 

13. Malware and Other Attacks

Malware is a malicious program designed to cause damage to systems and give system access to its creators. Mainly include: 

a. Trojans: 

Malware contained inside seemingly harmless programs. Types include: 

  • Remote access trojans (RATs): Malware that includes a back door for administrative control over the target computer. 
  • Backdoor Trojans: Uninterrupted access to attackers by installing a backdoor on the target system. 
  • Botnet Trojans: Installation of Boot programs on target system. 
  • Rootkit Trojans: enable access to unauthorized areas in a software. 
  • E-banking Trojans: Intercepts account information before encryption and sends to attacker. 
  • Proxy-server Trojans: Allows attacker to use victim’s computers as proxy to connect to the Internet. 

b. Viruses: 

  • Stealth virus: Virus takes active steps to conceal infection from antivirus 
  • Logic Bomb virus: Not self-replicating, zero population growth, possibly parasitic. 
  • Polymorphic virus: Modifies their payload to avoid signature detection.
  • Metamorphic virus: Viruses that can reprogram/rewrite itself. 
  • Macro virus: MS Office product macro creation.
  • File infectors: Virus infects executables 
  • Boot sector infectors: Malicious code executed on system startup.
  • Multipartite viruses: Combines file infectors and boot record infectors. 
Wrap Up

CEH Cheat Sheet is a quick reference guide for the Certified Ethical Hacker (CEH) certification exam. It contains all of the test questions, answers, and explanations needed to prepare for the exam. Vinsys aims to bring the best to the learners. We offer a wide range of related courses for better guidance and professional growth. You will get access to the pdf and other course material even after the course completion. So, it’s high time to enroll because Vinsys is ready to provide you with compelling and exciting learning experiences. You will enjoy the following:

  • Hands-on training experience
  • Inquiry-based classroom approach
  • Regular Mock tests
  • 24*7 Assistance
  • After-course follow-ups
  • A self-paced and instructor-led training program

The CEH Cheat Sheet is designed to be used as a supplement to your study materials, not as the sole source of information on the topic. The CEH Cheat Sheet covers all topics on the exam and provides detailed explanations of each question type. In addition to providing information about each question type, we also provide an overview of some common attacks, their purpose, and analysis techniques. Be confident in your preparation with Vinsys curated tool when preparing for your CEH certification exam!