• Exam Title: Certified Ethical Hacker (Practical)
• Number of Practical Challenges: 20
• Duration: 6 hours
• Availability: Aspen – iLabs
• Test Format: iLabs Cyber Range
• Passing Score: 70% (14 Questions)

Exam Tips

• Vulnerability analysis to identify security loopholes in the target organization’s network, communication infrastructure, and end systems, etc;
• System hacking, steganography;
• Network scanning to identify live and vulnerable machines in a network;
• OS banner grabbing, service, and user enumeration;
• Different types of cryptography attacks;
• SQL injection attacks;
• Packet sniffing;

Format

• Realized Test with Web Browser iLabs
• One Kali Linux (No Update) and Windows Server 2016 to perform the pentest
• Five machines to compromise on an isolated network from the internet
• Search in Google? (Yes!)
• Talk to someone during the race? (No!)

• Nmap
• Hydra
• Sqlmap
• Wpscan
• Nikto
• John
• Hashcat
• Metasploit
• Responder LLMNR
• Wireshark or Tcpdump
• Steghide
• OpenStego
• QuickStego
• Dirb
• Searchsploit
• Crunch
• Cewl
• Veracrypt
• Hashcalc
• Rainbow Crack

• Reddit Exam Reviews
• Medium Exam Reviews
• Professionals Certificate
• Hack The Box (Challenges Steganography and Web) (https://www.hackthebox.eu/)
• Vulnhub (Machines Easy to Medium) (https://www.vulnhub.com/)
• Labs PenTest Brazil (CEH Course made in Major Eder ft ACADI-TI) (https://acaditi.com.br/ceh-v10-treinamento-certified-ethical-hacker/)
• TryHackMe (https://tryhackme.com/) / https://tryhackme.com/room/wirectf / https://tryhackme.com/room/wirectf / https://tryhackme.com/room/hydra / https://tryhackme.com/room/sqli / https://tryhackme.com/room/crackthehash / https://medium.com/@kyryloren/jack-writeup-by-kyryloren-tryhackme-e41cff4e1c55
• iLabs CEH (https://ilabs.eccouncil.org/ethical-hacking-exercises/)

• What is the IP of the Windows X machine?
• What is the version of the Linux Kernel?
• How many Windows machines are there?
• What is the password for user X of the FTP server?
• What is user X's IBAN number?
• Which user X's phone number?
• What is the password hidden in the .jpeg file?

https://www.upguard.com/blog/attack-vector

https://searchsecurity.techtarget.com/definition/attack-vector

https://www.balbix.com/insights/attack-vectors-and-breach-methods/

https://attack.mitre.org/

https://searchsecurity.techtarget.com/definition/attack-vector#:~:text=An%20attack%20vector%20is%20a,vulnerabilities%2C%20including%20the%20human%20element.

https://www.youtube.com/watch?v=LsuoJb7n3co

https://www.youtube.com/watch?v=rcB4EZLfi7I

https://www.youtube.com/watch?v=dz7Ntp7KQGA

https://nmap.org/man/pt_BR/index.html

https://nmap.org/docs.html

https://hackertarget.com/nmap-cheatsheet-a-quick-reference-guide/

https://hackertarget.com/nmap-tutorial/

https://www.stationx.net/nmap-cheat-sheet/

https://media.x-ra.de/doc/NmapCheatSheetv1.1.pdf

https://www.100security.com.br/netdiscover

https://kalilinuxtutorials.com/netdiscover-scan-live-hosts-network/

https://www.youtube.com/watch?v=PS677owUk-c

https://www.stationx.net/nmap-cheat-sheet/

https://redteamtutorials.com/2018/10/14/nmap-cheatsheet/

https://resources.infosecinstitute.com/nmap-cheat-sheet/#gref

https://medium.com/@infosecsanyam/nmap-cheat-sheet-nmap-scanning-types-scanning-commands-nse-scripts-868a7bd7f692

https://resources.infosecinstitute.com/network-discovery-tool/#gref

https://null-byte.wonderhowto.com/how-to/enumerate-smb-with-enum4linux-smbclient-0198049/

https://www.hackingarticles.in/a-little-guide-to-smb-enumeration/

https://0xdf.gitlab.io/2018/12/02/pwk-notes-smb-enumeration-checklist-update1.html

https://medium.com/@arnavtripathy98/smb-enumeration-for-penetration-testing-e782a328bf1b

https://www.redsiege.com/blog/2020/04/user-enumeration-part-3-windows/

https://nmap.org/nsedoc/scripts/smb-enum-users.html

https://github.com/sensepost/UserEnum

https://linuxconfig.org/password-cracking-with-john-the-ripper-on-linux

https://securitytutorials.co.uk/brute-forcing-passwords-with-thc-hydra/

https://securitytutorials.co.uk/brute-forcing-passwords-with-thc-hydra/

https://redteamtutorials.com/2018/10/25/hydra-brute-force-https/

https://null-byte.wonderhowto.com/how-to/hack-like-pro-crack-online-passwords-with-tamper-data-thc-hydra-0155374/

https://laconicwolf.com/2018/09/29/hashcat-tutorial-the-basics-of-cracking-passwords-with-hashcat/

https://medium.com/@sc015020/how-to-crack-passwords-with-john-the-ripper-fdb98449ff1

https://www.varonis.com/blog/john-the-ripper/

http://www.phenoelit.org/dpl/dpl.html

https://datarecovery.com/rd/default-passwords/

https://github.com/Dormidera/WordList-Compendium

https://github.com/danielmiessler/SecLists

https://www.kaggle.com/wjburns/common-password-list-rockyoutxt

https://hackertarget.com/sqlmap-tutorial/

https://www.binarytides.com/sqlmap-hacking-tutorial/

https://www.hackingarticles.in/database-penetration-testing-using-sqlmap-part-1/

https://medium.com/@rafaelrenovaci/dvwa-solution-sql-injection-blind-sqlmap-cd1461ad336e

https://medium.com/hacker-toolbelt/dvwa-1-9-viii-blind-sql-injection-with-sqlmap-ee8d59fbdea7

https://www.exploit-db.com/docs/english/13701-easy-methodblind-sql-injection.pdf

https://gracefulsecurity.com/sql-injection-filter-evasion-with-sqlmap/

https://medium.com/@drag0n/sqlmap-tamper-scripts-sql-injection-and-waf-bypass-c5a3f5764cb3

https://owasp.org/www-community/attacks/SQL_Injection_Bypassing_WAF

https://www.1337pwn.com/use-sqlmap-to-bypass-cloudflare-waf-and-hack-website-with-sql-injection/

https://resources.infosecinstitute.com/steganography-and-tools-to-perform-steganography/#gref

https://flylib.com/books/en/1.36.1/steganography.html

https://blog.eccouncil.org/what-is-steganography-and-what-are-its-popular-techniques/

https://www.edureka.co/blog/steganography-tutorial

https://www.tutorialspoint.com/image-based-steganography-using-python

https://medium.com/@KamranSaifullah/da-vinci-stenography-challenge-solution-90122a59822

https://medium.com/@chrisdare/steganography-in-computer-forensics-6d6e87d85c0a

https://www.telegraph.co.uk/culture/art/art-news/8197896/Mona-Lisa-painting-contains-hidden-code.html

https://medium.com/write-ups-hackthebox/tagged/steganography

http://moinkhans.blogspot.com/2015/06/steghide-beginners-tutorial.html

https://www.2daygeek.com/easy-way-hide-information-inside-image-and-sound-objects/

https://www.notsosecure.com/pwning-with-responder-a-pentesters-guide/

https://www.ivoidwarranties.tech/posts/pentesting-tuts/responder/cheatsheet/

https://blog.rapid7.com/2017/03/21/combining-responder-and-psexec-for-internal-penetration-tests/

https://www.4armed.com/blog/llmnr-nbtns-poisoning-using-responder/

https://medium.com/@hninja049/how-to-easy-find-exploits-with-searchsploit-on-linux-4ce0b82c82fd

https://www.offensive-security.com/offsec/edb-searchsploit-update-2020/

https://www.youtube.com/watch?v=29GlfaH5qCM

https://www.hackingloops.com/maintaining-access-metasploit/

https://resources.infosecinstitute.com/information-gathering-using-metasploit/

https://www.youtube.com/watch?v=s6rwS7UuMt8

https://null-byte.wonderhowto.com/how-to/exploit-eternalblue-windows-server-with-metasploit-0195413/

https://www.youtube.com/watch?v=joT8NxlXxVY

https://attack.mitre.org/techniques/T1557/001/

https://www.youtube.com/watch?v=0TBCzaBklcE

https://www.youtube.com/watch?v=FfoQFKhWUr0

https://www.youtube.com/watch?v=Fg2gvk0qgjM

https://www.youtube.com/watch?v=rjRDsXp_MNk

https://www.sternsecurity.com/blog/local-network-attacks-llmnr-and-nbt-ns-poisoning

https://medium.com/@subhammisra45/llmnr-poisoning-and-relay-5477949b7bef

https://www.hackingarticles.in/get-reverse-shell-via-windows-one-liner/

https://blog.clusterweb.com.br/?p=1297

https://hackertarget.com/nikto-tutorial/

https://geekflare.com/nikto-webserver-scanner/

https://www.youtube.com/watch?v=K78YOmbuT48

https://blog.sucuri.net/2015/12/using-wpscan-finding-wordpress-vulnerabilities.html

https://www.hackingtutorials.org/web-application-hacking/hack-a-wordpress-website-with-wpscan/

https://linuxhint.com/wpscan_wordpress_vulnerabilities_scan/

https://www.youtube.com/watch?v=SS991k5Alp0

https://www.youtube.com/watch?v=MtyhOrBfG-E

https://www.youtube.com/watch?v=sQ4TtFdaiRA

https://www.exploit-db.com/docs/english/45556-wordpress-penetration-testing-using-wpscan-and-metasploit.pdf?rss

https://www.wpwhitesecurity.com/strong-wordpress-passwords-wpscan/

https://www.youtube.com/watch?v=BTGP5sZfJKY

https://null-byte.wonderhowto.com/how-to/hack-like-pro-crack-passwords-part-5-creating-custom-wordlist-with-cewl-0158855/

https://medium.com/tech-zoom/dirb-a-web-content-scanner-bc9cba624c86

https://www.hackingarticles.in/comprehensive-guide-on-dirb-tool/

https://www.youtube.com/watch?v=TkCSr30UojM

https://www.varonis.com/blog/how-to-use-wireshark/

https://hackertarget.com/wireshark-tutorial-and-cheat-sheet/

https://www.lifewire.com/wireshark-tutorial-4143298

https://www.comparitech.com/net-admin/wireshark-cheat-sheet/

https://medium.com/hacker-toolbelt/wireshark-filters-cheat-sheet-eacdc438969c

https://github.com/security-cheatsheet/wireshark-cheatsheet

https://www.cellstream.com/resources/2013-09-10-11-55-21/cellstream-public-documents/wireshark-related/83-wireshark-display-filter-cheat-sheet/file

https://www.howtogeek.com/104278/how-to-use-wireshark-to-capture-filter-and-inspect-packets/

https://www.youtube.com/watch?v=4_7A8Ikp5Cc

https://www.guru99.com/wireshark-passwords-sniffer.html

https://danielmiessler.com/study/tcpdump/

https://hackertarget.com/tcpdump-examples/

https://opensource.com/article/18/10/introduction-tcpdump

https://www.linkedin.com/pulse/my-jouney-ceh-practical-joas-antonio-dos-santos (My Review)

https://forums.itpro.tv/topic/2604/ceh-practical/2

https://www.linkedin.com/pulse/considera%C3%A7%C3%B5es-sobre-o-exame-ceh-practical-leandro-cortiz/

https://infayer.com/archivos/65

https://medium.com/@jonaldallan/passed-ec-councils-certified-ethical-hacker-practical-20634b6f0f2

https://www.reddit.com/r/CEH/comments/c69fou/passed_ceh_practicalpost_exam_writeup/

https://www.reddit.com/r/CEH/comments/eeu3cx/ceh_practical_handson_exam_passed_with_2020_score/

https://www.reddit.com/r/CEH/comments/8wk2ve/ceh_vs_ceh_practical/

https://www.reddit.com/r/CEH/comments/dfa1y8/passed_ceh_practical/

https://www.reddit.com/r/CEH/comments/b1wgbs/ceh_v10_practical/

https://www.youtube.com/watch?v=ZYEo2AQdgcg

https://www.youtube.com/watch?v=MEYjyr65bJE

https://www.reddit.com/r/CEH/comments/ek0gzp/ceh_practical_passed_2020/

https://www.reddit.com/r/CEH/comments/evuztj/ceh_practical/

https://www.reddit.com/r/CEH/comments/f6t80r/can_ceh_practical_be_regarded_as_a/

https://www.reddit.com/r/CEH/comments/g6z6vn/just_passed_ceh_practical_1920/

https://medium.com/@jonathanchelmus/c-eh-practical-exam-review-42755546c82e

https://www.reddit.com/r/CEH/comments/hk6880/passing_ceh_practical/

https://www.reddit.com/r/CEH/comments/f629zk/ceh_practical_vs_ejpt_vs_ecppt/

https://www.youtube.com/watch?v=o1u69KvSFmQ&list=PLmQBbrHGk7jQbsvF3_xJp720yaUgeYCkj

https://www.youtube.com/watch?v=oYgtePf0z44

https://www.youtube.com/watch?v=9g5gdhoDotg&list=PLWGnVet-gN_kGHSHbWbeI0gtfYx3PnDZO

https://www.youtube.com/watch?v=LHU0OFcWSBk

https://medium.com/@mruur/ceh-practical-exam-review-918e76f831ff

https://www.youtube.com/c/XanderBilla/videos

https://www.youtube.com/watch?v=YZf5xmeaU58

https://newhorizons.com.sg/ceh-master/

https://www.iitlearning.com/certified-ethical-hacker-practical.php

https://medium.com/@anontuttuvenus/ceh-practical-exam-review-185ea4cef82a

https://www.cyberprotex.com/ceh.html

https://www.infosec4tc.com/product/ceh-master-exam1-exam2-practical/

https://sysaptechnologies.com/certified-ethical-hacker-ceh-v10-practical/

https://jensoroger.wordpress.com/2019/02/09/oscp-ceh-practical/

https://khroot.com/2020/06/20/certified-ethical-hacker-practical-review/

https://github.com/Samsar4/Ethical-Hacking-Labs

https://www.reddit.com/r/CEH/comments/jg0y6u/ceh_practical/

https://www.reddit.com/r/CEH/comments/dfa1y8/passed_ceh_practical/

https://www.reddit.com/r/CEH/comments/cgualo/ceh_practical_tell_me_about_it/

https://www.reddit.com/r/CEH/comments/c69fou/passed_ceh_practicalpost_exam_writeup/