Certified Ethical Hacking | CEH Exam Cheat Sheet (2023)

Last updated on March 17th, 2023 at 06:10 am

The Certified Ethical Hacker (CEH) certification indicates that you have the skills to understand how hackers think and how they operate. It validates to the employers that you are a valuable asset to the company. The CEH is just one of many certifications available on the market today, but it’s one of the most recognized by employers. It’s an internationally recognized security certification that can be earned through online training, classroom training, or self-study.

Looking to pass the CEH exam on the first attempt? Dive into the details to know more! Want to learn how hackers think? Welcome to the world’s leading ethical hacking certification!

What is the Certified Ethical Hacker (CEH)?

The Certified Ethical Hacker (CEH) certification is a globally recognized security credential to possess the skills and creativity of malicious hackers and validate them by passing EC-Council Certification (CEH v12). The CEH certification is available as an entry-level certification and for professional-level certification that can be achieved with the right preparation and resources.

CEH is a certification that certifies that a person has the knowledge and skills necessary to perform penetration testing, recognized by many employers as a requirement for employment in the field. CEH cheat sheet is a report often used in cases to aid memorization and refresh before the examination.

Why Is CEH Important?

Ethical hackers are security professionals who use their knowledge and skills to test other people’s computer systems. This includes physical security, access control, identity management, and application security. Ethical hacking also involves penetration testing, which involves attacking a system or network with malicious intent in order to find vulnerabilities that can be exploited for malicious purposes.

What is CEH Cheat Sheet?

CEH Cheat Sheet is an online cheat sheet that provides a quick reference guide to all of the common configuration items in the CEH certification exam. It also includes information on some of the more advanced concepts required in order to pass the exam and become certified.

CEH Cheat Sheet is a cheat sheet for the Certified Ethical Hacker (CEH) certification. It contains information about what the exam covers, how to prepare for it, and how to pass the exam. It contains all the main CEH exam objectives in an easy-to-read layout.

This cheat sheet can be used as a reference for your road to success!

How to use CEH Cheat Sheet?

You can find the cheat sheet on our website or download it from here. If you want to use it offline, you can save it to your device and open it later. Cheat sheets for CEH are frequently utilized in these situations to help with memorizing and quickly reviewing material prior to the exam. By doing this, you can be confident that when you read through the full content, you won’t suddenly be overwhelmed with information. Make a copy of our cheat sheet if you need to add anything of your own, just in case.

Why should learners use our CEH Cheat Exam Sheet?

CEH exam sheet is a tool designed to help you learn the exam in a short time. The best part about it is that it was created by someone who took the real exam and passed it. That person was NCCA certified, and now he wants you to pass your certification exam as well.

There are other tools out there that claim to teach you how to pass the CEH certification, but they don’t have the same experience as this one does. They can’t tell you what questions on the exam you’ll see, how many questions there will be, etc. This tool does just that!

Checkout the latest CEH Batch Schedule:

Course Name	Schedule	Mode
CEH Training	April 03 – April 07 – 2023	Online
CEH Training	May 08 – May 12 – 2023	Online
CEH Training	June 05 – June 09 – 2023	Online

Benefits of Having a Certified Ethical Hacker (CEH) Certification

The Certified Ethical Hacker (CEH) certification is one of the most popular and sought-after certifications in the hacking world. With this certification, you can gain valuable insight into the ways that hackers think and what they do to find vulnerabilities in systems. Here are some of the benefits of earning a CEH certification:

1. Gain more insight into risks and vulnerabilities

Having a CEH certification will allow you to gain a deeper understanding of how hackers think and operate. Certified ethical hackers (CEH v12) come with a lot of benefits that can help you to better understand the security landscape and build a higher level of security. The CEH certification helps you to gain more insight into risks and vulnerabilities, which can be beneficial in many ways.

You will have a better understanding of how hackers think, which will let you predict their actions before they actually happen. This is an important element for companies who want to keep their data safe from attackers. This will help you make informed decisions and will give you the ability to identify and mitigate risks before they become an issue.

2. Understand how hackers think

The Certified Ethical Hacker (CEH) certification teaches you about hacking techniques, which means that you’ll be able to understand how criminals think when they’re working on breaking into your network or stealing your credit card numbers online. This knowledge will help you develop new strategies for preventing cyber-attacks by using different tools like firewalls and antivirus software programs.

Hacking isn’t just about breaking into systems — it’s about finding out how they work and then exploiting these weaknesses in order to get access to sensitive information or resources that are valuable to your organization or customers.

3. You’ll earn more money with the CEH

The Certified Ethical Hacker (CEH) certification also helps you earn more money by helping organizations hire better IT professionals who are familiar with cybersecurity issues as well as the latest tools and technologies used by hackers today. Leveraging CEH v12 credential for enhancing career growth.

Certified Ethical Hacking Cheat Sheet

The content of this cheat sheet while not comprehensive, is aimed at covering all exam areas; including tips in order to maintain the practical value of the content. Feel free to make any edits in order to personalize the cheat sheet to your preference, including content additions and mnemonics.

1. Basics

a. Essential Terms

Hack Value: A hacker’s interest in something based on its worth.
Vulnerability: A weakness in a system that can be exploited.
Exploit: Taking advantage of the identified vulnerability.
Payload: Malware or exploit code that the hacker sends to the victim.
Zero-day attack: Exploiting previously unknown unpatched vulnerabilities.
Daisy-chaining: A specific attack carried out by hackers to gain access to a single system and using it to access other systems on the same network.
Doxing: Tracing an individual’s personally identifiable information (PII) with malicious intent.
Bot: A software used to carry out automated tasks.

b. Elements of information security

Confidentiality: Ensures that information is available only to authorized people.
Integrity: Ensures the accuracy of the information.
Availability: Ensuring availability of resources when required by authorized users.
Authenticity: Ensures the quality of being uncorrupted.
Non-repudiation: Ensures report of delivery and receipt by senders and recipient respectively.

c. Phases of Penetration Testing

Reconnaissance
Scanning & Enumeration
Gaining Access
Maintaining Access
Covering Tracks

d. Types of Threats

Network threats: Attacker may break into the channel and steal the information that is being exchanged on a network.
Host threats: Gains access to information from a system.
Application threats: Exploiting unprotected gateways in application itself.

e. Types of Attacks

OS: Attacks the primary OS of the victim.
App level: Application sourced attacks, usually caused by lack of security testing by developers.
Shrink Wrap: Exploiting unpatched libraries and frameworks of the application.
Misconfiguration: Hacks carried out on systems with poorly configured security.

2. Legal

18 U.S.C 1029 & 1030
RFC 1918 – Private IP Standard
RFC 3227 – Data collection and storage
ISO 27002 – InfoSec Guidelines
CAN-SPAM – Email marketing
SPY-Act – License Enforcement
DMCA – Intellectual Property
SOX – Corporate Finance Processes
GLBA – Personal Finance Data
FERPA – Education Records
FISMA – Gov Networks Security Std
CVSS – Common Vulnerability Scoring System
CVE – Common Vulnerabilities and Exposure

3. Reconnaissance

Also called footprinting, refers to preliminary surveying or research about the target.

a. Footprinting information

Network information: Domains, subdomains, IP addresses, Whois and DNS records, VPN firewalls using e.g. ike-scan.
System information: OS of web server, locations of servers, users, usernames, passwords, passcodes.
Organization information: Employee information, organization’s background, Phone numbers, Locations.

b. Footprinting tools

Maltego, Recon-ng (The Recon-ng Framework), FOCA, Recon-dog, Dmitry (DeepMagic Information Gathering Tool).

c. Google Hacking

Google Hacking uses advanced Google search engine operators called dorks to identify specific text errors in search results for the purpose of discovering vulnerabilities.

Common dorks:

site : Only from the specified domain
inurl: Only pages that has the query in its URL
intitle: Only pages that has the query in its title.
cache: Cached versions of the queried page
link : Only pages that contain the queried URL. Discontinued.
filetype: Only results for the given filetype

Google hacking tools:

Google hack honeypot, Google hacking database, metagoofil.

4. Scanning Networks

Involves obtaining additional information about hosts, ports and services in the network of the victim. It’s meant to identify vulnerabilities and then create an attack plan.

a. Scanning types

Port scanning: Checking open ports and services.
Network scanning: A list of IP addresses.
Vulnerability scanning: Known vulnerabilities testing.

b. Common ports to scan

22	TCP	SSH (Secure Shell) (Secure
23	TCP	Telnet
25	TCP	SMTP (Simple Mail (Simple
53	TCP/UDP	DNS (Domain Name (Domain
80	TCP	HTTP (Hypertext Transfer (Hypertext
123	TCP	NTP (Network Time (Network
443	TCP/UDP	HTTPS
500	TCP/UDP	IKE/IPSec (Internet Key (Internet
631	TCP/UDP	IPP (Internet Printing (Internet
3389	TCP/UDP	RDP (Remote Desktop (Remote
9100	TCP/UDP	AppSocket/JetDirect (HP JetDirect, (HP

c. Scanning Tools

Nmap: Network scanning by sending specially crafted packets. Some common Nmap options include:

sA: ACK scan
sF: FIN scan
sS: SYN
sT: TCP scan
sI: IDLS scan
sn: PING sweep
sN: NULL
sS: Stealth Scan
sR: RPC scan
Po: No ping
sW: Window
sX: XMAS tree scan
PI: ICMP ping
PS: SYN ping
PT: TCP ping
oN: Normal output
oX: XML output
A OS/Vers/Script -T<0-4>: Slow – Fast

Hping: Port scanner. Open source. Hping is lower level and stealthier than Nmap as nmap can scan a range of IP addresses while hping can only port scan one individual IP address.

d. Techniques include

Scanning ICMP: Broadcast ICMP ping, ICMP ping sweep.
Scanning TCP: TCP connect, SYN scanning, RFC 793 scans, ACK scanning, IDLE scan.
Scanning UDP: It exploits the UDP behavior of the recipient sending an ICMP packet containing an error code when the port is unreachable.
List Scanning: Reverse DNS resolution in order to identify the names of the hosts.
SSDP Scanning: Detecting UPnP vulnerabilities following buffer overflow or DoS attacks.
ARP Scan: Useful when scanning an ethernet LAN.

5. Enumeration

Engaging with a system and querying it for required information. Involves uncovering and exploiting vulnerabilities.

a. Enumeration techniques:

Windows enumeration
Windows user account enumeration
NetBIOS enumeration
SNMP enumeration
LDAP enumeration
NTP enumeration
SMTP enumeration
Brute forcing Active Directory

b. DNS enumeration:

DNS stands for “Domain Name System”. A DNS record is database record used to map a URL to an IP address. Common DNS records include:

DNS enumeration tools: dnsrecon, nslookup, dig, host.

c. DHCP:

Client —Discovers–> Server
Client ßOffers à Server
Client …. Request …> Server
Client <…Ack…> Server
IP is removed from pool

6. Sniffing

Involves obtaining packets of data on a network using a specific program or a device.

a. Sniffing types

Passive sniffing: No requirement for sending any packets.
Active sniffing: Require a packet to have a source and destination addresses.

b. Sniffer

Are packet sniffing applications designed to capture packets that contain information such as passwords, router configuration, traffic.

c. Wiretapping

Refers to telephone and Internet-based conversations monitoring by a third party.

d. Sniffing Tools

Cain and Abel
Libpcap
TCPflow
Tcpdump
Wireshark
Kismet

e. Sniffing Attacks

MAC flooding: Send large number of fake MAC addresses to the switch until CAM table becomes full. This causes the switch to enter fail-open mode where it broadcasts the incoming traffic to all ports on the network. Attacker can then starts sniffing the traffic passing through the network.
DHCP attacks: A type of Denial-of-Service attack which exhaust all available addresses from the server.
DNS poisoning: Manipulating the DNS table by replacing a legitimate IP address with a malicious one.
VLAN hopping: Attacking host on a VLAN to gain access to traffic on other VLANs.
OSPF attacks: Forms a trusted relationship with the adjacent router.

7. Attacking a System

a. LM Hashing

7 spaces hashed: AAD3B435B51404EE

b. Attack types

Passive Online: Learning about system vulnerabilities without affecting system resources
Active Online: Password guessing
Offline: Password stealing, usually through the SAM file.
Non-electronic: Social Engineering

c. Sidejacking

Stealing access to a website, usually through cookie hijacking.

d. Authentication Types

Type 1: When you know something
Type 2: When you have something
Type 3: When you are something

e. Session Hijacking

Established session hijacking involves:

Targeting and sniffing traffic between client and server
Traffic monitoring and predicting sequence
Desynchronize session with client
Take over session by predicting session token
Inject packets to the target server

If you feel like you’re lagging in the fundamentals of cybersecurity, Check out our best cyber security courses at any time.

8. Social engineering

Social engineering refers to compelling individuals of target organization to reveal confidential and sensitive information.

a. Steps of social engineering

Research: Gather enough information about the target company
Select target: Choose a target employee
Relationship: Earn the target employee’s trust e.g. by creating a relationship
Exploit: Extract information from the target employee
Identity theft

Stealing an employee’s personally identifiable information to pose as that person.

b. Types of Social Engineers

Insider Associates: Limited authorized access
Insider Affiliates: Insiders who can spoof identity.
Outsider Affiliates: Outsider who makes use of a vulnerable access point.

9. Physical Security

Physical measures: E.g., air quality, power concerns, humidity-control systems
Technical measures: E.g., smart cards and biometrics
Operational measures: E.g., security policies and procedures.
Access control:
1. False rejection rate (FRR): When a biometric rejects a valid user
2. False acceptance rate (FAR): When a biometric accepts an invalid user
3. Crossover error rate (CER): Combination of the FRR ad FAR; determines how good a system is
Environmental disasters: E.g., hurricanes, tornadoes, floods.

10. Web Based Hacking

a. Web server hacking

A web server is a system used for storing, processing, and delivering websites. Web server hacking involves:

Information gathering: Acquiring robots.txt to see directories/files that are hidden from web crawlers.
Footprinting: Enumerate common web apps nmap –script http-enum -p80
Mirroring.
Discover vulnerabilities.
Perform session hijacking and password cracking attacks.

b. Web server hacking tools

Wfetch, THC Hydra, HULK DoS, w3af, Metasploit

c. Web application hacking

Web Application is user interface to interact with web servers. Web application hacking methodology includes:

Web infrastructure footprinting
Web server attack.

d. SQL Injection

Injecting malicious SQL queries into the application. Allows attacker to gain unauthorized access to system e.g. logging in without credentials. Steps involve:

Information gathering: E.g. database structure, name, version, type.
SQL injection: Attacks to extract information from database such as name, column names, and records.
Advanced SQL injection: Goal is to compromise underlying OS and network

Tools:

Sqlmap, jSQL Injection, SQL Power Injector, The Mole, OWASP SQLiX tool.

11. Cryptography

Cryptography Is the process of hiding sensitive information.

a. Terms:

Cipher: encryption and decryption algorithm.
Clear text / plaintext: unencrypted data
Cipher text: encrypted data

Encryption algorithms

DES (Data Encryption Standard): Block cipher, 56-bit key, 64-bit block size
3DES (Triple Data Encryption Standard): Block cipher, 168-bit key
AES: Iterated block cipher.
RC (Rivest Cipher): Symmetric-key algorithm.
Blowfish: fast symmetric block cipher, 64-bit block size, 32 to 448 bits key
Twofish: Symmetric-key block cipher
RSA (Rivest–Shamir–Adleman): Achieving strong encryption through the use of two large prime numbers.
Diffie–Hellman: Used for generating a shared key between two entities over an insecure channel.
DSA (Digital Signature Algorithm): Private key tells who signed the message. Public key verifies the digital signature

12. Cloud security

Cloud providers implement limited access and access policies with logs and the ability to require access reason against repudiation.

Cloud computing attacks

Wrapping attack: Changes the unique sign while still maintaining validity of the signature.
Side channel attacks: Attacker controls a VM on same physical host (by compromising one or placing own)
Cloud Hopper attack: Goal is to compromise the accounts of staff or cloud service firms to obtain confidential information.
Cloudborne attack: Done by exploiting a specific BMC vulnerability
Man-In-The-Cloud (MITC) attack: Done by using file synchronization services (e.g. Google Drive and Dropbox) as infrastructure.

13. Malware and Other Attacks

Malware is a malicious program designed to cause damage to systems and give system access to its creators. Mainly include:

a. Trojans:

Malware contained inside seemingly harmless programs. Types include:

Remote access trojans (RATs): Malware that includes a back door for administrative control over the target computer.
Backdoor Trojans: Uninterrupted access to attackers by installing a backdoor on the target system.
Botnet Trojans: Installation of Boot programs on target system.
Rootkit Trojans: enable access to unauthorized areas in a software.
E-banking Trojans: Intercepts account information before encryption and sends to attacker.
Proxy-server Trojans: Allows attacker to use victim’s computers as proxy to connect to the Internet.

b. Viruses:

Stealth virus: Virus takes active steps to conceal infection from antivirus
Logic Bomb virus: Not self-replicating, zero population growth, possibly parasitic.
Polymorphic virus: Modifies their payload to avoid signature detection.
Metamorphic virus: Viruses that can reprogram/rewrite itself.
Macro virus: MS Office product macro creation.
File infectors: Virus infects executables
Boot sector infectors: Malicious code executed on system startup.
Multipartite viruses: Combines file infectors and boot record infectors.

Wrap Up

CEH Cheat Sheet is a quick reference guide for the Certified Ethical Hacker (CEH) certification exam. It contains all of the test questions, answers, and explanations needed to prepare for the exam. Vinsys aims to bring the best to the learners. We offer a wide range of related courses for better guidance and professional growth. You will get access to the pdf and other course material even after the course completion. So, it’s high time to enroll because Vinsys is ready to provide you with compelling and exciting learning experiences. You will enjoy the following:

Hands-on training experience

Inquiry-based classroom approach
Regular Mock tests
24*7 Assistance
After-course follow-ups
A self-paced and instructor-led training program

The CEH Cheat Sheet is designed to be used as a supplement to your study materials, not as the sole source of information on the topic. The CEH Cheat Sheet covers all topics on the exam and provides detailed explanations of each question type. In addition to providing information about each question type, we also provide an overview of some common attacks, their purpose, and analysis techniques. Be confident in your preparation with Vinsys curated tool when preparing for your CEH certification exam!

0 Shares