Quick Answer: The CEH v13 (Certified Ethical Hacker) is EC-Council’s flagship ethical hacking certification, built around 20 modules, 5 phases of ethical hacking, and the world’s first AI-integrated ethical hacking curriculum. To sit for the exam without official training, you need 2 or more years of information security experience and must pay a $100 eligibility application fee. The average salary for a CEH holder is $137,654 per year in the United States, according to Glassdoor. This guide covers every requirement, every exam detail, real cost scenarios, and a direct answer to whether CEH is worth it for your specific career stage. When you are ready to practice, CertEmpire’s CEH v13 practice exams are built around the current 312-50 blueprint.
What Is CEH v13 and Why It Matters in 2026
The Certified Ethical Hacker is EC-Council’s core certification for professionals who need to think, act, and operate the way malicious hackers do, legally, in order to find and fix vulnerabilities before attackers exploit them. It has been the dominant ethical hacking credential globally for over 20 years.
CEH v13 is the most comprehensive cyber security program available that balances both breadth and depth to create knowledgeable and skilled ethical hackers. It provides comprehensive hands-on coverage on the 5 phases of ethical hacking across a variety of current day technologies, with AI integrated in every phase.
That AI integration is the defining characteristic of v13 and the reason this version matters more than any previous update. CEH v13 is the world’s first AI-powered ethical hacking certification. The recent CEH v13 update integrates artificial intelligence across all five phases of ethical hacking, empowering professionals in the contemporary security landscape. These AI-powered ethical hacking techniques provide a competitive advantage that typically results in higher compensation from employers seeking cutting-edge protection.
CEH v13 includes 221 hands-on labs providing in-depth simulation of attacks and defenses as categorized by the MITRE ATT&CK Framework.
For the DoD and government contracting community specifically, CEH is on the US Department of Defense DoD 8570/8140 approved baseline list and widely valued by global security teams.
CEH v13 Requirements: Two Pathways to Eligibility
Before you register for the exam, you must qualify through one of two routes. There is no option to skip this step.
Pathway 1: Official EC-Council Training
Alternatively, you can attend official EC-Council training, live, online, or through an accredited partner, which waives the eligibility requirement.
This is the most straightforward route. Enroll in an EC-Council authorized training program, complete the course, and you are automatically eligible to sit for the exam. The training fee typically includes the exam voucher, making the pathway cost-inclusive rather than requiring separate purchases.
Training programs are specifically designed to cover all exam domains. Many courses include CEH study resources and an exam voucher. Some programs offer comprehensive preparation for multiple certifications. Official training pathway: exam voucher typically included in course fee, ranging from $2,500 to $4,500.
Pathway 2: Self-Study with Experience Verification
Applicants who do not attend training must have a minimum of 2 years of work experience in the InfoSec domain and will need to pay $100 as a non-refundable application fee.
The experience must be verifiable. EC-Council requires documentation of your work history including employer contact information that can be verified. The application is reviewed before you are granted permission to purchase an exam voucher.
EC-Council recommends 2 or more years of IT security experience or completion of official EC-Council training. Knowledge of networking, TCP/IP, operating systems including Windows and Linux, and security fundamentals is essential.
The practical preparation baseline most candidates bring to CEH includes understanding of TCP/IP and network protocols, familiarity with Windows and Linux operating systems, experience with at least basic scripting such as Python or Bash, and foundational knowledge of security concepts. Many candidates hold Network+ or Security+ or equivalent experience before attempting CEH.
Who Does Not Need to Verify Experience
If a candidate has completed an official EC-Council training either at an Accredited Training Center, via the iClass platform, or at an approved academic institution, the candidate is eligible to attempt the relevant EC-Council exam without the experience verification requirement.
Additionally, applicants who are instructors, trainers, and PhDs shall also be eligible if they meet the above criteria.
The CEH v13 Exam Format: Everything You Need to Know
Knowledge Exam (CEH ANSI)
The 125 question, 4-hour proctored exam is recognized across the globe as the original and most trusted tactical cyber security certification for ethical hackers.
Scored on a 0 to 100 percent scale, with passing score between 60 and 85 percent depending on the question pool for CEH v13. Results are typically available immediately on screen, with an official digital certificate delivered within days. Questions include multiple choice and interactive items. Partial credit is not given.
The variable passing score reflects EC-Council’s adaptive difficulty system. Different question pools carry different difficulty weightings. A harder pool requires a lower raw percentage to pass. A lighter pool requires a higher raw percentage. You will not know in advance which pool you receive. The practical approach is to aim for 80 percent or above consistently on practice exams to ensure you are prepared regardless of pool difficulty.
CEH Practical Exam
The 6-hour practical exam consists of 20 real-life challenges to earn the CEH Master certification. You complete 20 real-world challenges incorporating a live corporate network of VMs and applications with ethical hacking solutions to uncover any vulnerabilities.
There is no predefined eligibility criteria for those interested in attempting the CEH Practical exam. Anyone can purchase and sit for the practical exam without meeting the knowledge exam prerequisites. However, in practice, candidates should complete the knowledge exam first because the practical exam tests applied skills built on the foundational knowledge the knowledge exam covers.
Certification is awarded when the knowledge exam is passed. In order to achieve CEH Master Level certification, an additional practical exam needs to be taken. The practical exam is optional but will reward you with a higher level of certification.
Exam Delivery Options
Register through EC-Council Exam Portal or authorized Pearson VUE testing centers. Choose online remote proctoring or onsite test center. Remote proctoring requires a webcam and stable internet connection. Online testing is available globally, making CEH one of the most geographically accessible professional certifications in cybersecurity.
The 5 Phases of Ethical Hacking: What CEH v13 Teaches
Knowing these 5 phases of ethical hacking is crucial to any organization, and the more you know of what a hacker can do, keeps you one step ahead of the attacks. CEH v13 has AI integrated in every phase of ethical hacking, empowering a new skill set for AI-driven cybersecurity.
Phase 1: Reconnaissance
Reconnaissance refers to the preparatory phase where an attacker seeks to gather information about a target prior to launching an attack. In v13, this includes AI-assisted OSINT tools that automate data collection from public sources, social media, DNS records, WHOIS data, and network infrastructure maps. The exam tests both passive reconnaissance techniques that involve no direct contact with the target and active reconnaissance that involves direct interaction.
Phase 2: Scanning
Scanning translates reconnaissance intelligence into actionable attack intelligence. This phase covers OSINT techniques, Google dorking, WHOIS, DNS enumeration, social media reconnaissance, Nmap scanning, port states, service detection, and vulnerability scanning. CEH v13 integrates AI-powered vulnerability scanners that can identify and prioritize targets faster than traditional manual scanning methods.
Phase 3: Gaining Access
This is the exploitation phase. Gaining access covers password cracking using brute force, dictionary, and rainbow tables, privilege escalation, maintaining access through backdoors and rootkits, and covering tracks. v13 expands this phase significantly with modern attack vectors including Active Directory exploitation, ransomware deployment techniques, and deepfake-assisted social engineering.
Phase 4: Maintaining Access
After initial exploitation, attackers establish persistence mechanisms to ensure continued access even if the initial vulnerability is patched. CEH v13 covers rootkit installation, backdoor configuration, and covert channel establishment. Understanding these techniques from the attacker’s perspective allows security professionals to detect and remove them during incident response.
Phase 5: Covering Tracks
The final phase covers how attackers remove evidence of their presence. Log manipulation, steganography, and anti-forensics techniques are covered here. CEH v13 connects these techniques to detection evasion in AI-monitored environments, a significant new addition given the proliferation of AI-powered SIEM and behavioral analytics platforms.
CEH v13 Modules: All 20 Covered
The CEH v13 training program curates 20 modules covering a wide variety of technologies, tactics, and procedures providing prospective ethical hackers with the core knowledge needed to thrive in the cyber profession. Concepts covered in the training program are balanced 50/50 with knowledge and hands-on application through the Cyber range.
The curriculum covers over 550 attack techniques across 20 modules.
Here is a complete breakdown of all 20 modules with their exam weight and key topics:
Module 1: Introduction to Ethical Hacking (6%) covers security fundamentals, the CIA triad, types of hackers, ethical hacking methodology, penetration testing types, legal considerations, and compliance frameworks including GDPR, HIPAA, and relevant cyber laws.
Module 2: Footprinting and Reconnaissance (15%) covers passive and active information gathering, Google dorking and advanced search operators, WHOIS and DNS footprinting, social media intelligence, email tracking, competitive intelligence, and AI-powered OSINT automation.
Module 3: Scanning Networks (10%) covers host discovery, port scanning using Nmap and alternatives, service and OS fingerprinting, vulnerability scanning, network mapping, and firewall and IDS evasion during scanning phases.
Module 4: Enumeration (10%) covers extracting detailed information from target systems including NetBIOS enumeration, SNMP enumeration, LDAP enumeration, NFS enumeration, DNS zone transfers, and SMTP enumeration techniques.
Module 5: Vulnerability Analysis (varies) covers vulnerability research methodology, vulnerability scoring systems including CVSS, automated vulnerability assessment tools, manual testing techniques, and vulnerability documentation for reporting purposes.
Module 6: System Hacking (15%) covers the complete attack lifecycle on target systems including password cracking, privilege escalation from standard user to administrator and system, backdoor installation, keylogger deployment, rootkit techniques, and anti-forensics methods.
Module 7: Malware Threats (10%) covers malware classification and analysis, Trojan horse construction and deployment, virus and worm propagation, ransomware mechanics, APT techniques, malware obfuscation, and sandbox evasion. v13 adds coverage of AI-generated malware and deepfake-based social engineering attacks.
Module 8: Sniffing (10%) covers network traffic interception, ARP spoofing, MAC flooding, DHCP starvation, DNS poisoning, session hijacking via sniffing, and countermeasures.
Module 9: Social Engineering (8%) covers psychological manipulation techniques, phishing campaign construction, spear phishing, vishing, smishing, pretexting, baiting, and the increasingly prominent use of deepfake audio and video in social engineering attacks.
Module 10: Denial of Service (5%) covers DoS and DDoS attack categories, botnet infrastructure, amplification attacks, application-layer DoS techniques, and protection mechanisms.
Module 11: Session Hijacking (5%) covers TCP session hijacking, application-level session attacks, cross-site scripting for session theft, network-level session attacks, and countermeasures including secure cookie implementation and token binding.
Module 12: Evading IDS, Firewalls, and Honeypots (7%) covers intrusion detection system evasion, firewall bypass techniques, tunneling protocols, honeypot detection and avoidance, and AI-powered evasion techniques that adapt to security system behavior.
Module 13: Hacking Web Servers (5%) covers web server vulnerability exploitation, banner grabbing and fingerprinting, HTTP response splitting, web cache poisoning, and server-side include injection.
Module 14: Hacking Web Applications (10%) covers SQL injection, XSS, CSRF, command injection, OWASP Top 10, web server attacks, and web application penetration testing. v13 adds AI-assisted fuzzing and modern API security testing.
Module 15: SQL Injection (7%) provides dedicated deep coverage of SQL injection as a standalone module, covering in-band, inferential, and out-of-band SQL injection, blind injection techniques, automated exploitation with SQLMap, and defensive parameterized query implementation.
Module 16: Hacking Wireless Networks (5%) covers wireless security standards including WEP, WPA, WPA2, and WPA3, rogue access point attacks, evil twin configurations, deauthentication attacks, and PMKID-based cracking against WPA3.
Module 17: Hacking Mobile Platforms (4%) covers Android and iOS attack surfaces, mobile device management bypass, malicious app sideloading, mobile malware analysis, and OWASP Mobile Top 10.
Module 18: IoT and OT Hacking (3%) covers IoT attack surface analysis, default credential exploitation, firmware extraction and analysis, operational technology protocol attacks including Modbus and DNP3, and industrial control system security.
Module 19: Cloud Computing (4%) covers cloud service model attack surfaces, AWS S3 bucket misconfiguration exploitation, Azure Active Directory attacks, GCP IAM privilege escalation, serverless security, and container security including Docker and Kubernetes attack paths.
Module 20: Cryptography (5%) covers encryption algorithm fundamentals, PKI attacks, certificate spoofing, hashing vulnerabilities, steganography, and the emerging topic of post-quantum cryptography and its implications for current encryption standards.
CEH v13 Cost: Every Number You Need
Self-Study Pathway
Self-study pathway: $1,199 USD for the exam voucher purchased directly from EC-Council. Additional costs: $100 eligibility application fee if taking the experience-based route.
The minimum self-study cost is therefore $1,299 including the application fee. Add study materials at $50 to $150 for books, and practice test resources, and the realistic self-study budget runs $1,400 to $1,600 before any retake costs.
Official Training Pathway
Official training pathway: exam voucher typically included in course fee, ranging from $2,500 to $4,500. This varies significantly by training provider, delivery format, and whether the CEH Practical exam is included. Boot camp style training over 5 days tends to run toward $3,000 to $4,500. Self-paced online training through EC-Council’s iClass platform typically runs $2,000 to $3,000.
Retake Policy
Retake policy: free retake only if purchased with an Exam Insurance add-on. Otherwise retake fee applies. The retake fee varies but typically runs $499 to $699 for a second attempt. Exam Insurance is worth purchasing if your budget cannot absorb a full retake cost.
Maintenance Costs
CEH certification is valid for 3 years. To maintain it, you must earn 120 ECE credits within the 3-year period and pay an $80 annual membership fee. Over the three-year cycle, maintenance costs total $240 in membership fees plus whatever it costs to earn the 120 ECE credits. Many credits are earned through free activities including attending webinars, writing security articles, and participating in EC-Council’s own training events.
Discounts Worth Knowing
Discounts include student vouchers, government and military discounts, and corporate partner deals. Full-time students can typically receive 30 to 50 percent off the exam voucher with verified student status. Active military and government personnel receive discount pricing through EC-Council’s government programs. Check whether your employer qualifies for a corporate partner discount before purchasing at retail price.
CEH v13 vs. Previous Versions: What Actually Changed
Most candidates searching for CEH information encounter outdated guides written for v11 or v12. The changes in v13 are substantive enough that preparation materials matter.
CEH v13 is among the first ethical hacking certifications to integrate AI across all learning phases. This ensures you are trained on emerging threats, not just traditional ones.
The four most significant changes in v13 compared to v12 are as follows.
First, AI integration across all five phases. Every phase of the ethical hacking methodology now includes AI-assisted tools and techniques. Reconnaissance uses AI-powered OSINT automation. Scanning uses AI-driven vulnerability prioritization. Exploitation uses AI-generated payload creation. The exam tests this integration directly, meaning candidates prepared only on v12 material will encounter unfamiliar question territory.
Second, expanded cloud coverage. CEH v13 introduces expanded cloud security coverage including AWS, Azure, and GCP. Cloud module questions now address multi-cloud environments and cloud-native attack techniques that did not appear in v12.
Third, updated lab environment. With over 221 labs and lab technology, candidates have comprehensive hands-on practice to learn and apply knowledge, including access to specially designed unique labs to practice AI-driven cybersecurity skills. v12 had fewer labs and did not include the AI-specific lab environments.
Fourth, the CEH Compete CTF program. Compete provides year-long access to 12 CTF challenges of 4 hours each to level up skills and stay current on the latest trends. This is new to v13 and does not exist in any previous version.
The April 2026 CISSP Waiver Removal: What CEH Holders Need to Know
This is the development that affects CEH holders the most in 2026, and it was covered in depth in the CertEmpire CISSP requirements guide.
Effective April 1, 2026, CEH was removed from the ISC2 approved credential list for the CISSP one-year experience waiver. Previously, holding an active CEH certification reduced the CISSP experience requirement from five years to four years. That pathway no longer exists for applications submitted on or after April 1, 2026.
This means the traditional career pathway of CEH first then CISSP with a waiver has changed. CEH holders who planned to leverage their certification toward CISSP now need five full years of qualifying experience regardless of their CEH status.
For candidates who already held both certifications or who applied to CISSP before April 1, there is no impact. For candidates planning their sequence going forward, the path is to earn five years of qualifying experience in two or more CISSP CBK domains while building the CEH credential for offensive security skills. The two certifications remain complementary. The waiver is simply no longer available.
CEH Salary Data: What the Market Actually Pays in 2026
Salary data for CEH holders varies significantly across sources because the credential applies to multiple distinct job roles with different compensation bands.
The average salary for a Certified Ethical Hacker is $137,654 per year in the United States according to Glassdoor.
As of early 2026, the average annual pay for a Certified Ethical Hacker in the United States is $161,013 according to ZipRecruiter, with top earners reaching $237,000 annually and the majority of salaries falling between $122,000 and $214,000.
Glassdoor data indicates an average CEH salary between $103,000 and $180,000 annually, and an average total compensation including bonuses and other additional pay of $136,000.
By specific role, the salary ranges in 2026 break down as follows. Penetration testers earn $95,000 to $145,000. Security analysts earn $80,000 to $120,000. Security consultants earn $100,000 to $160,000. SOC analysts earn $70,000 to $100,000.
The employer breakdown reveals the highest-paying organizations for CEH holders. Raytheon averages $140,000, Booz Allen Hamilton averages $148,603, and SAIC averages $120,000 for CEH-certified professionals. Department of Homeland Security averages $110,000. Defense and government contracting consistently pays at the high end for CEH holders because the DoD 8140 compliance requirement creates institutional demand.
The market for ethical hacking services is expanding rapidly, projected to grow from $3.4 billion in 2023 to $10.24 billion by 2028. The 200 percent growth in this market over five years means demand for certified ethical hackers will continue rising throughout the lifetime of the v13 certification.
Is CEH Worth It in 2026? The Honest Answer
The worth question depends on your current position, your target role, and your existing certification portfolio.
CEH is worth it if you are targeting offensive security, penetration testing, or government contracting roles. The DoD 8140 requirement creates institutional demand that makes CEH effectively mandatory for a large segment of cybersecurity jobs. The CEH credential is recognized by the US Department of Defense, mapped to over 45 cybersecurity job roles, and sought by hiring managers across every industry sector that takes digital security seriously. If your target employer or contract requires DoD 8140 compliance, CEH gives you that box checked at the lowest barrier among the approved credentials.
CEH is worth it if you want breadth over depth. CEH is knowledge-based and covers broad security topics. OSCP is 100 percent hands-on practical exam. Many start with CEH for foundational knowledge, then pursue OSCP for hands-on credibility. Both are valuable. If you need a comprehensive map of the attack landscape across all 20 modules before going deep in any specific area, CEH v13 provides that map better than any comparable certification.
CEH is less ideal if you are a senior practitioner who needs hands-on proof of skills. The knowledge exam does not require live exploitation. Experienced penetration testers who already have years of hands-on work may find that OSCP, GPEN, or the CEH Practical exam itself provides more career signal than the knowledge exam alone.
CEH is less ideal if your primary goal is CISSP and you were counting on the waiver. With the April 2026 removal of CEH from the CISSP waiver list, the traditional sequencing argument for doing CEH before CISSP has weakened. CompTIA Security+, CySA+, and CASP+ all remain on the waiver list and are cheaper paths to the one-year waiver if CISSP is your primary target.
The ROI calculation is straightforward at any salary level. If the certification helps you land a job that pays $90,000, a typical starting salary for a certified analyst in the US, and the total cost of the exam and prep was $2,000, you have paid off your investment in your first week of work. For experienced professionals, adding CEH can lead to a salary bump of 10 to 20 percent, as it validates your skills against a global standard.
How to Prepare for CEH v13: 6 to 8 Week Study Plan
Moderate difficulty. With 2 or more years of security experience and 6 to 8 weeks of dedicated study, most pass. The challenge is the breadth of topics. You need to know many tools and techniques at a surface level.
Weeks 1 and 2: Cover Modules 1 through 5. Focus on ethical hacking methodology, the legal framework, footprinting techniques, and scanning fundamentals. These modules form the conceptual foundation everything else builds on. Know the five phases cold.
Weeks 3 and 4: Cover Modules 6 through 11. System hacking, malware, sniffing, social engineering, DoS, and session hijacking. These are the highest-weighted modules collectively and represent the technical core of the exam. Practice with Kali Linux tools including Nmap, Metasploit, Wireshark, and Aircrack-ng.
Weeks 5 and 6: Cover Modules 12 through 20. Evasion, web server and application attacks, SQL injection, wireless, mobile, IoT, cloud, and cryptography. These modules carry lower individual weights but together represent significant exam coverage. Cloud and IoT modules are the most updated in v13 and deserve extra attention if your background is in traditional on-premise environments.
Week 7: Full practice exams. Complete 200 or more practice questions and score 80 percent or higher consistently before scheduling the exam. CertEmpire’s practice exam library provides scenario-based question banks built around the current 312-50 blueprint, with complete answer explanations for every question so you understand the reasoning behind each answer rather than just memorizing answer letters.
Week 8: Review weak areas identified by practice test performance, revisit the AI-integrated content that is unique to v13, and confirm your exam scheduling logistics including ID requirements and testing environment setup for remote proctoring.
CEH vs. Competing Certifications: Where It Fits
CEH vs. CompTIA PenTest+: CompTIA PenTest+ provides a broader entry-level perspective. CEH is more globally recognized and compliance-friendly for DoD 8570/8140 requirements. PenTest+ costs less and has no experience requirement. CEH carries more employer name recognition and directly satisfies DoD compliance requirements.
CEH vs. OSCP: OSCP is the gold standard for hands-on penetration testing proof. It requires passing a 24-hour live exploitation exam against a set of target machines. CEH is multiple choice and tests knowledge breadth. Many organizations require or prefer both, treating CEH as the compliance credential and OSCP as the technical skills proof.
CEH vs. GPEN: GIAC’s GPEN is a respected alternative for penetration testing. It tests similar content at a comparable depth but lacks CEH’s DoD 8140 compliance status and global employer recognition.
The recommended sequence for most candidates: CompTIA Security+ to establish baseline, then CEH v13 for ethical hacking methodology and DoD compliance, then OSCP or CEH Practical for hands-on credibility, then CISSP for senior management and governance roles once experience requirements are met.
CEH Certification Maintenance
CEH certification is valid for 3 years. To maintain it, you must earn 120 ECE credits within the 3-year period and pay an $80 annual membership fee. ECE credits can be earned through training, conferences, teaching, research, and other professional activities.
This works out to 40 ECE credits per year. Active security professionals attending one conference and completing regular training typically accumulate this comfortably. EC-Council’s own webinars, which are free to members, generate ECE credits and are specifically designed to keep certified professionals current on evolving threat landscapes.
Frequently Asked Questions
What are the CEH v13 requirements?
To sit for the CEH exam without official training, you need 2 or more years of information security experience and must pay a $100 eligibility application fee. Alternatively, you can attend official EC-Council training which waives the eligibility requirement.
How many questions is the CEH exam?
The CEH knowledge exam consists of 125 multiple choice questions to be completed in 4 hours.
What is the CEH passing score?
Scored on a 0 to 100 percent scale, with passing score between 60 and 85 percent depending on the question pool for CEH v13. Aim for 80 percent on practice exams to ensure you are prepared for any pool difficulty.
How much does CEH cost?
Self-study pathway costs $1,199 for the exam voucher plus $100 eligibility application fee. Official training pathway ranges from $2,500 to $4,500 with the exam voucher typically included.
How long is CEH valid?
CEH certification is valid for 3 years. To maintain it, you must earn 120 ECE credits within the 3-year period and pay an $80 annual membership fee.
What is the CEH salary in 2026?
The average salary for a Certified Ethical Hacker is $137,654 per year in the United States according to Glassdoor. ZipRecruiter reports an average of $161,013 annually with top earners reaching $237,000.
Is CEH DoD approved?
Yes. CEH is on the US Department of Defense DoD 8570/8140 approved baseline list and widely valued by global security teams.
What is CEH Master?
CEH Master certification is achieved by passing both the knowledge exam and the optional practical exam. The practical exam is a 6-hour test of 20 real-world challenges conducted in a live corporate network environment. It will reward you with a higher level of certification and sets you apart from peers.
Does CEH still count toward CISSP?
No, effective April 1, 2026. CEH was removed from the ISC2 approved credential waiver list. CEH holders can no longer use their credential to reduce the CISSP experience requirement from five years to four years. This full CISSP requirements guide covers this change in detail including which credentials still qualify.
