CEHA – Certified Ethical Hacking Associate

The Certified Ethical Hacking Associate (CEHA) is a comprehensive, theory-based cybersecurity certification designed to validate foundational and intermediate knowledge of ethical hacking concepts, tools, techniques, and defensive strategies.

This certification assesses a candidate’s understanding of real-world attack methodologies, system vulnerabilities, network security, and countermeasures through an extensive multiple-choice examination. CEHA is ideal for students, beginners, and professionals seeking structured validation of their ethical hacking knowledge.

Exam Highlights:

• 1500 multiple-choice questions

• 6-hour online examination

• Globally aligned cybersecurity syllabus

• Beginner to intermediate level

• 100% theory-based assessment

📚 CEHA SYLLABUS

(Aligned with modern ethical hacking standards — full coverage, CEH v13 level)

Module 1: Introduction to Ethical Hacking

• Information security overview

• Ethical hacking concepts

• Cybersecurity laws and ethics

• Types of hackers and attack vectors

Module 2: Footprinting and Reconnaissance

• Passive and active reconnaissance

• OSINT techniques

• DNS, WHOIS, and social engineering reconnaissance

• Competitive intelligence gathering

Module 3: Scanning Networks

• Network scanning techniques

• Port scanning and service enumeration

• Firewall and IDS detection

• Vulnerability scanning concepts

Module 4: Enumeration

• User, group, and system enumeration

• SNMP, LDAP, SMB enumeration

• NetBIOS and service enumeration

Module 5: Vulnerability Analysis

• Vulnerability assessment lifecycle

• Vulnerability scanning tools and methods

• CVE, CVSS, and risk scoring

• Patch and configuration management

Module 6: System Hacking

• Password cracking techniques

• Privilege escalation

• Maintaining access

• Covering tracks

Module 7: Malware Threats

• Types of malware

• Trojans, viruses, worms, ransomware

• Malware analysis fundamentals

• Countermeasures and prevention

Module 8: Sniffing

• Packet sniffing techniques

• ARP poisoning and MITM attacks

• Sniffing tools and detection methods

Module 9: Social Engineering

• Psychological principles of social engineering

• Phishing, vishing, and smishing

• Social engineering attack vectors

• Prevention techniques

Module 10: Denial-of-Service

• DoS and DDoS concepts

• Botnets and attack tools

• Detection and mitigation techniques

Module 11: Session Hijacking

• Session management vulnerabilities

• Session hijacking techniques

• Prevention and secure session handling

Module 12: Web Application Hacking

• Web application architecture

• OWASP Top vulnerabilities

• SQL injection, XSS, CSRF

• Secure coding principles

Module 13: Web Server Hacking

• Web server architecture

• Attacks against web servers

• Web server hardening

Module 14: Wireless Network Hacking

• Wireless standards and encryption

• Wi-Fi attacks

• Wireless security tools

• Countermeasures

Module 15: Mobile Platform Security

• Mobile OS security

• Mobile malware and attacks

• Mobile application vulnerabilities

Module 16: IoT and OT Hacking

• IoT architecture and threats

• OT and SCADA security

• IoT attack vectors and defenses

Module 17: Cloud Computing Security

• Cloud service models

• Cloud security threats

• Cloud hardening techniques

Module 18: Cryptography

• Encryption algorithms

• Hashing and digital signatures

• PKI and key management

• Cryptographic attacks

Module 19: Penetration Testing

• Penetration testing methodologies

• Planning and scoping

• Reporting and documentation

Module 20: Security Operations and Incident Response

• SOC concepts

• Incident response lifecycle

• Threat intelligence

• Digital forensics basics

  Module 21: AI, Machine Learning & Security

  • Role of AI and ML in cybersecurity

  • AI-powered attack techniques

  • Adversarial machine learning concepts

  • Defensive use of AI in threat detection

  ---

  Module 22: Container & DevOps Security

  • Docker and container security concepts

  • Kubernetes security risks

  • CI/CD pipeline vulnerabilities

  • DevSecOps principles and best practices

  ---

  Module 23: Zero Trust Architecture

  • Zero Trust security model

  • Identity-centric security

  • Network segmentation

  • Zero Trust implementation challenges

  ---

  Module 24: Digital Forensics Fundamentals

  • Digital forensics process

  • Evidence acquisition and preservation

  • Disk, memory, and log analysis concepts

  • Legal and ethical considerations

  ---

  Module 25: Governance, Risk & Compliance (GRC)

  • Information security governance

  • Risk assessment methodologies

  • Security policies and standards

  • Compliance frameworks and audits

    📝 CEHA Exam Procedure

    • Online, theory-based certification examination

    • Total 1500 multiple-choice questions (MCQs)

    • 6-hour exam duration

    • Covers complete ethical hacking and cybersecurity syllabus

    • Exam navigation may be restricted once 80% of the allotted time has elapsed

    • Candidates are advised to manage time efficiently before the restriction phase

    • Automatic evaluation after final submission

    • Results processed as per certification guidelines