Friday, 16 March 2018

What's new in the CEH v10? (Certified Ethical Hacker Certification)

CEH v10 announced, ethical hacking course

EC-Council has announced the CEH v10 – the tenth edition of the popular Certified Ethical Hacker certification.

Unveiled amongst other huge updates at the Scaling the unscalable mountain of cyber capability webinar, CEH v10 marks a new chapter for the certification as it aims to maintain its status as the world’s top ethical hacking certification.

The CEH dates back to 2003 and has been updated regularly to embrace evolving technologies. As a reminder, the CEH certification was last updated in 2015, with the launch of the CEH v9. This update increased the number of modules to 18 and introduced a greater focus on cloud computing.

Alongside other EC-Council partners, Firebrand attended the announcement webinar to give our students their first look at these important updates.

What’s new in the CEH v10?

EC-Council is continuing to update CEH to meet the demands of employers across the world. Here’s what’s new in the CEH v10:

  • A module on the Internet of Things (IoT) security 
  • Upgraded vulnerability assessment material 
  • A focus on cloud attack vectors, AI and Machine Learning 
  • Introduction of the CEH Practical

In response to the escalating threat of unsecured IoT devices – like 2017’s Mirai botnet attack - CEH v10 will introduce a new module focusing on Internet of Things (IoT) security.

This module will provide professionals with the knowledge they need to test, deploy and manage the security of IoT devices.

CEH v10 announced, ethical hacking course

The new version of CEH will also introduce upgraded vulnerability assessment content. Vulnerability assessment is a critical element of the hacking life-cycle and v10 will increase the depth of application vulnerability analysis in real-world environments. Students will cover the tools required to assess systems, the tools hackers use and how to fix vulnerabilities.

Professionals can expect an increased focus on emerging attacks vectors, like cloud technologies, AI and machine learning. Students will find themselves studying AI and Machine Learning to conduct vulnerability assessments in an effort to defend against malware attacks.

The CEH v10 will also introduce students to the malware analysis process – the method for determining the functionality, origin and impact of malware through reverse engineering.

The new CEH exam maintains the same format as its predecessors:

  • Number of Questions: 125
  • Test Duration: 4 Hours
  • Test Format: Multiple Choice
  • Test Delivery: ECC EXAM, VUE
  • Exam Prefix: 312-50 (ECC EXAM), 312-50 (VUE)

What's the CEH Practical?

The Certified Ethical Hacker (Practical) is an extension of the CEH certification. It's an additional and optional exam, available to candidates aiming to prove their practical knowledge by applying the skills taught within the CEH to a real-world security challenge.

If you possess the CEH, you'll be able to sit the exam and EC-Council suggest this will test the limits of their student's abilities. The Practical exam is a rigorous 6-hour test designed to mimic a real corporate network by using live virtual machines, networks and applications.

The CEH Practical exam is separate to the existing CEH exam and is an opportunity for students to continue building their knowledge. To pass this challenging test, you'll need to:

  • Demonstrate the understanding of attack vectors
  • Perform network scanning to identify live and vulnerable machines in a network.
  • Perform OS banner grabbing, service, and user enumeration.
  • Perform system hacking, steganography, steganalysis attacks, and cover tracks.
  • Identify and use viruses, computer worms, and malware to exploit systems.
  • Perform packet sniffing.
  • Conduct a variety of web server and web application attacks including directory traversal, parameter tampering, XSS, etc.
  • Perform SQL injection attacks.
  • Perform different types of cryptography attacks.
  • Perform vulnerability analysis to identify security loopholes in the target organisation's network, communication infrastructure and end systems 

The CEH Practical exam details are:

  • Number of Practical Challenges: 20
  • Duration: 6 hours
  • Availability: Aspen – iLabs
  • Test Format: iLabs Cyber Range
  • Passing Score: 70%

How can I take the CEH v10?

While you can’t take on and achieve the CEH v10 yet, Firebrand is already moving to incorporate the new curriculum into accelerated CEH courses. Stay tuned for an official release date for the CEH v10.