🚀 Launch Special: $29/mo for life --d --h --m --s Claim Your Price →
312-50
Coming Soon
Expected availability announced soon

This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.

Notify me
312-50 EC-Council Coming Soon

ECCouncil CEH®

Provides professionals with AI‑enhanced ethical hacking techniques, covering reconnaissance, scanning, system intrusion, and malware analysis, enabling them to secure networks and comply with industry standards.

240
Minutes
125
Questions
70/100
Passing Score
$1199
Exam Cost

Who Should Take This

Network engineers, security analysts, and penetration testers with at least two years of experience in OS and networking fundamentals benefit from this certification. They seek to validate AI‑augmented hacking skills, deepen threat‑modeling expertise, and advance career prospects in enterprise cybersecurity. The exam aligns with CEH v13 standards.

What's Covered

1 Information Security and Ethical Hacking
2 Reconnaissance and Footprinting
3 Scanning and Enumeration
4 System Hacking
5 Malware Threats
6 Sniffing and Social Engineering
7 Web Application Hacking
8 Wireless and Mobile Hacking
9 Cloud Computing and Cryptography
10 AI-Driven Ethical Hacking
11 Reporting and Remediation

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

67 learning goals
1 Information Security and Ethical Hacking
2 topics

Threat landscape and methodology

  • Apply threat modeling methodologies including STRIDE PASTA and attack trees to identify potential attack vectors against enterprise systems.
  • Analyze cyber kill chain phases including reconnaissance weaponization delivery exploitation installation command-and-control and actions on objectives in attack scenarios.
  • Apply ethical hacking methodology phases including reconnaissance scanning enumeration exploitation post-exploitation and reporting within authorized scope.
  • Analyze MITRE ATT&CK framework tactics techniques and procedures to map observed adversary behaviors to known threat actor profiles and campaign patterns.

Legal and compliance

  • Apply rules of engagement documentation including scope definitions authorization boundaries escalation procedures and liability protections for penetration testing.
  • Analyze legal frameworks including CFAA GDPR HIPAA and PCI-DSS to determine permissible testing activities reporting obligations and evidence handling requirements.
2 Reconnaissance and Footprinting
2 topics

Passive reconnaissance

  • Apply OSINT techniques using search engines WHOIS DNS records social media and public code repositories to gather target organization intelligence.
  • Apply Google dorking advanced operators Shodan Censys and certificate transparency logs to discover exposed assets and leaked credentials.
  • Apply email harvesting and metadata extraction from public documents to enumerate employee names email patterns and internal software versions.
  • Analyze passive reconnaissance findings to build comprehensive target profiles including network ranges technology stacks and organizational hierarchy.

Active reconnaissance

  • Apply Nmap scanning to discover live hosts open ports running services OS fingerprints and firewall filtering rules across target network ranges.
  • Apply DNS enumeration techniques including zone transfers subdomain brute-forcing DNS cache snooping and DNSSEC verification for infrastructure mapping.
  • Analyze scan results to identify high-value targets prioritize attack vectors and construct network topology maps for exploitation planning.
3 Scanning and Enumeration
2 topics

Network scanning techniques

  • Apply TCP connect SYN stealth FIN XMAS NULL and ACK scan techniques to identify open filtered and closed ports while evading detection mechanisms.
  • Apply vulnerability scanning using Nessus OpenVAS and Qualys to identify known CVEs misconfigurations and missing patches on target infrastructure.
  • Apply IDS evasion techniques including packet fragmentation decoy scanning timing manipulation and source routing to bypass network security controls.
  • Analyze vulnerability scan output to differentiate true positives from false positives and prioritize findings by CVSS score exploitability and business impact.

Service enumeration

  • Apply SMB NetBIOS and RPC enumeration to extract user lists share permissions group memberships and domain trust relationships from Windows targets.
  • Apply LDAP SNMP NFS and SMTP enumeration to extract directory objects community strings exported shares and valid email addresses from target services.
  • Apply banner grabbing and service fingerprinting to identify application versions configurations and potential vulnerabilities for targeted exploitation.
  • Analyze enumeration results to identify weak credentials default configurations exploitable service versions and attack surface prioritization.
4 System Hacking
3 topics

Gaining access

  • Apply password cracking techniques including dictionary brute-force rainbow table rule-based and hybrid attacks using Hashcat John the Ripper and CeWL.
  • Apply exploitation frameworks including Metasploit to select exploits configure payloads deliver shells and establish initial access on vulnerable systems.
  • Apply buffer overflow exploitation including stack-based heap-based and SEH overwrite techniques to achieve code execution on vulnerable applications.

Privilege escalation

  • Apply Linux privilege escalation including kernel exploits SUID abuse cron job manipulation writable PATH injection and sudo misconfigurations for root access.
  • Apply Windows privilege escalation including token impersonation UAC bypass unquoted service paths DLL hijacking and registry abuse for SYSTEM access.
  • Analyze post-exploitation position to identify lateral movement paths additional credentials and high-value targets accessible from compromised systems.

Maintaining access and covering tracks

  • Apply persistence mechanisms including backdoors rootkits scheduled tasks registry run keys web shells and implant frameworks for maintained access.
  • Apply anti-forensic techniques including log clearing timestamp modification file hiding and evidence destruction to understand adversary evasion capabilities.
  • Analyze post-exploitation artifacts to identify persistence mechanisms data staging indicators and exfiltration evidence for comprehensive incident reporting.
5 Malware Threats
2 topics

Malware analysis

  • Apply static malware analysis using file hashing string extraction PE header inspection import table analysis and YARA rule matching for threat classification.
  • Apply dynamic malware analysis using sandboxed execution behavioral monitoring network traffic capture API call tracing and memory inspection.
  • Analyze malware propagation techniques including fileless attacks living-off-the-land binaries polymorphic code and supply chain infection vectors.

Evasion and countermeasures

  • Apply payload obfuscation encoding encryption and packing techniques to bypass antivirus EDR and network-based detection during authorized testing.
  • Analyze defense evasion techniques including process injection DLL sideloading AMSI bypass and ETW patching to assess detection capability gaps.
6 Sniffing and Social Engineering
2 topics

Network sniffing

  • Apply packet capture using Wireshark tcpdump and network TAPs to intercept analyze and reconstruct network sessions for credential extraction.
  • Apply ARP spoofing MAC flooding DHCP starvation and DNS poisoning to redirect traffic through attacker-controlled systems for man-in-the-middle interception.
  • Analyze captured traffic to extract credentials session tokens and sensitive data from HTTP FTP SMTP POP3 and other cleartext protocols.

Social engineering

  • Apply social engineering techniques including phishing spear-phishing vishing smishing pretexting and physical access attacks within authorized engagements.
  • Design social engineering campaigns including pretext development target profiling delivery mechanism selection and success metric tracking for awareness assessment.
  • Analyze social engineering test results to identify human vulnerability patterns recommend targeted training and measure organizational resilience improvement.
7 Web Application Hacking
2 topics

Injection attacks

  • Apply SQL injection techniques including union-based blind boolean-based time-based and second-order injection using SQLMap and manual methods.
  • Apply command injection LDAP injection XXE and SSTI to exploit input validation weaknesses and achieve server-side code execution.
  • Apply XSS attacks including reflected stored and DOM-based cross-site scripting to demonstrate session hijacking cookie theft and client-side code execution.
  • Apply SSRF file inclusion path traversal and insecure deserialization attacks to access internal resources and escalate privileges in web applications.

Web application assessment

  • Apply web application scanning using Burp Suite OWASP ZAP and Nikto to identify OWASP Top 10 vulnerabilities and API security weaknesses.
  • Apply session management attacks including cookie manipulation session fixation CSRF JWT exploitation and OAuth flow abuse to bypass authentication.
  • Analyze web application architecture to identify authentication flaws authorization bypasses business logic vulnerabilities and API misconfigurations.
8 Wireless and Mobile Hacking
2 topics

Wireless attacks

  • Apply wireless reconnaissance using aircrack-ng to discover access points capture handshakes identify hidden SSIDs and enumerate client associations.
  • Apply WPA2 WPA3 cracking including PMKID capture four-way handshake dictionary attacks and evil twin AP deployment for wireless assessment.
  • Analyze wireless security posture to identify rogue APs weak encryption misconfigured enterprise authentication and Bluetooth attack surfaces.

Mobile and IoT hacking

  • Apply mobile security testing including APK decompilation traffic interception insecure storage detection and runtime manipulation on Android and iOS.
  • Apply IoT security assessment including firmware extraction default credential testing protocol analysis MQTT exploitation and physical interface attacks.
  • Analyze mobile and IoT attack surfaces to identify insecure communication channels hardcoded secrets and exploitable firmware vulnerabilities.
9 Cloud Computing and Cryptography
2 topics

Cloud security testing

  • Apply cloud enumeration to discover misconfigured S3 buckets exposed Azure blobs open GCP storage overly permissive IAM policies and exposed metadata services.
  • Apply cloud exploitation including SSRF metadata abuse container escapes serverless injection and cross-tenant attacks on AWS Azure and GCP environments.
  • Analyze cloud security configurations to identify privilege escalation paths lateral movement opportunities and data exfiltration risks across services.

Cryptography attacks

  • Apply cryptanalysis techniques including padding oracle hash collision exploitation weak key detection certificate impersonation and protocol downgrade attacks.
  • Analyze cryptographic implementations to identify deprecated algorithms insufficient key lengths insecure RNG and certificate validation bypasses.
10 AI-Driven Ethical Hacking
2 topics

AI-augmented testing

  • Apply AI-powered reconnaissance tools to automate target profiling vulnerability correlation attack surface mapping and exploit suggestion at scale.
  • Apply ML-assisted exploit generation fuzzing payload optimization and automated vulnerability chaining to discover novel weaknesses in target systems.
  • Analyze adversarial ML techniques including prompt injection model poisoning data exfiltration and LLM-specific vulnerabilities in AI-integrated applications.

AI threats and countermeasures

  • Apply deepfake detection voice cloning identification and AI-generated phishing recognition to counter AI-augmented social engineering threats.
  • Design security assessment methodologies incorporating AI-driven vulnerability discovery automated exploitation validation and intelligent report generation.
11 Reporting and Remediation
1 topic

Penetration test reporting

  • Apply structured reporting including executive summary technical findings risk ratings proof-of-concept evidence and remediation recommendations.
  • Design remediation strategies prioritized by risk severity business impact exploitability and resource requirements for identified vulnerabilities.
  • Analyze remediation effectiveness through retesting verification scanning and regression analysis to confirm vulnerability closure and risk reduction.

Scope

Included Topics

  • All domains in EC-Council CEH v13 AI covering ethical hacking methodology reconnaissance scanning enumeration exploitation and AI-driven security testing.
  • Footprinting and reconnaissance including passive OSINT active scanning DNS enumeration and target profiling for penetration test planning.
  • System hacking including password attacks exploitation frameworks privilege escalation persistence mechanisms and anti-forensic techniques.
  • Web application hacking including OWASP Top 10 injection attacks XSS CSRF session management flaws and API security testing.
  • Network attacks including sniffing ARP spoofing wireless exploitation cloud security testing and cryptographic vulnerability analysis.
  • AI-augmented ethical hacking including AI-powered tools adversarial ML prompt injection deepfake detection and automated vulnerability discovery.

Not Covered

  • Advanced multi-network penetration testing pivoting and 24-hour practical labs covered by CPENT and LPT.
  • Digital forensic evidence collection chain of custody and court-admissible analysis covered by CHFI.
  • SOC operations SIEM management and continuous monitoring workflows covered by CSA.
  • Enterprise security program governance budgeting and board communication covered by CCISO.
  • Secure software development lifecycle and code-level vulnerability remediation covered by CASE and ECSP.

Official Exam Page

Learn more at EC-Council

Visit

312-50 is coming soon

Adaptive learning that maps your knowledge and closes your gaps.

Create Free Account to Be Notified

Trademark Notice

EC-Council®, CEH®, and all EC-Council certification marks are registered trademarks of the International Council of Electronic Commerce Consultants. EC-Council does not endorse this product.

AccelaStudy® and Renkara® are registered trademarks of Renkara Media Group, Inc. All third-party marks are the property of their respective owners and are used for nominative identification only.