EC-Council CEH

CEH v4 Domain #3: System Hacking Phases and Attack Techniques

Greg Belding
November 24, 2021 by
Greg Belding

Organizations that want to maximize the chances of not being another statistic of malicious hacking can hire a certified ethical hacker. These "white hat" hackers test an organization's systems, networks, and overall information security. The Certified Ethical Hacker, or CEH, certification is a well-renowned cert that verifies the knowledge and skills of these "white hat" heroes.

The CEH certification is currently on Exam Blueprint v4.0, which has changed how the domains of knowledge are presented. This article will detail Domain #3 of CEH Exam Blueprint v4.0, System Hacking Phases and Attack Techniques. It will explore what the CEH certification is, changes since the last exam version, the target audience, and the content that domain #3 of the CEH exam certification will cover.

Earn your CEH, guaranteed!

Earn your CEH, guaranteed!

Get hands-on hacking experience and live expert, instruction. Enroll now to claim your Exam Pass Guarantee!

What is the CEH certification?

The CEH certification verifies that the holder has a practical understanding of the phases of ethical hacking, the various attack vectors, and the preventative countermeasures used by ethical hackers. It certifies that the holder knows how to think and act like a malicious hacker to better position your organization's information security measures and defend against real-world attacks. It is premised on the idea that if you understand vulnerabilities and system weaknesses your organization faces, you can better strengthen system security controls in the face of malicious activity and attacks.

Who is the target audience for CEH?

From a high-level view, any information security professional wants their organization to be better positioned in the face of attacks and malicious activity. Below is a list of roles that typically earn this certification:

  • Information Security Analyst
  • Information Assurance Security Officer
  • Information Security Manager/Specialist
  • Information Systems Security Engineer/Manager
  • Information Security Professionals/Officers
  • Risk/Threat/Vulnerability Analyst
  • Information Security/IT Auditors

What has changed since CEH Exam Blueprint v3?

They say that the only thing constant in life is change, which applies to the new CEH Exam Blueprint. Usually, I offer a side-by-side comparison of the old and new exam versions, but in the case of CEH, so much has changed we will keep it brief. Domain #3 of CEH Exam Blueprint v3.0 was entitled "Security." It consisted of three subdomains, making up 23.73% of CEH exam content and accounting for 30 CEH certification exam questions.

In comparison, CEH Exam Blueprint v4.0 has now titled "System Hacking Phases and Attack Techniques," covering 17% of CEH exam content and accounts for 21 of the CEH certification exam questions. The subdomains of domain #3 are as follows:

  • Vulnerability Analysis
  • System Hacking
  • Malware Threats

Let's explore this content below.

Vulnerability analysis

  • Vulnerability Assessment Concepts
  • Vulnerability Classification and Assessment Types
    • Vulnerability Assessment
      • Active Assessment
      • Passive Assessment
      • External Assessment
      • Internal Assessment

    • Vulnerability Assessment Life Cycle
      •  Phases
        • Creating a Baseline
        • Vulnerability Assessment
        • Risk Assessment
        • Remediation
        • Verification
        • Monitor

  • Vulnerability Assessment Solutions and Tools
    • Solutions
      • Product-based Solution Vs. Service-based Solution
      • Tree-based Assessment vs. Inference-based Assessment
    • Vulnerability Scoring Systems
    • Vulnerability Scanning Tools
  • Vulnerability Assessment Reports

System hacking

  • System Hacking Concepts
  • Gaining Access
  • Cracking Passwords
    • Authentication Factors
      • Something you know
      • Something you are
      • Something you possess/have

    • Types of Password Attacks
      • Non-Electronic Attacks
      • Active Online Attacks
      • Passive Online Attacks
      • Default Password
      • Offline Attacks
  • Vulnerability Exploitation
  • Escalating Privileges
  • Maintaining Access
  • Executing Applications
    • RemoteExec
    • PDQ Deploy
    • Keyloggers
    • Spyware

  • Hiding Files
    • Rootkits
    • DTFS Data Stream
    • Alternate Data Stream
    • NTFS Streams Countermeasures
    • Steganography
  • Clearing Logs

Malware threats

  • Malware Concepts
    • Malware Propagation Methods
      • Free Software
      • File-Sharing Services
      • Removable Media
      • Email Communication
      • Not using a Firewall or Anti-Virus

  • APT Concepts
    • Lazarus Group
    • Cobalt Group

  • Trojan Concepts
    • The Purpose of a Trojan
      • Creating a Backdoor
      • Gaining Unauthorized Access
      • Stealing Information
      • Infecting Connected Devices
      • Ransomware Attacks
      • Using Victims for Spamming
    • Trojan Construction Kit
    • Droppers
    • Wrappers
    • Crypters
    • Types of Trojans
      • Command Shell Trojans
      • Defacement Trojans
      • HTTP/HTTPS Trojans
      • Botnet Trojans
      • Proxy Server Trojans
      • Remote Access Trojans (RAT)
    • Trojan Countermeasures

  • Virus and Worm Concepts
    • Ransomware
      • Cryptobit Ransomware
      • CryptoLocker Ransomware
      • CryptoDefense Ransomware
      • CryptoWall Ransomware
      • Police-themed Ransomware

    • Types of Viruses
      • System or Boot Sector Viruses
      • File and Multipartite Viruses
      • Macro Viruses
      • Cluster Viruses
      • Stealth/Tunneling Viruses
      • Logic Bombs
      • Encryption Virus
    • Computer Worms

  • File-less Malware Concepts
    • Characteristics of Fileless Malware
      • Leverages Approved applications that are already on the targeted system
      • Traditional AV solutions can detect no identifiable code or signature
      • Heuristics scanners can detect no particular behavior
      • Memory-based — lives in the system memory
      • Uses processes that are built into the operating system
      • It can be paired with other types of malware
      • May remain in the environment despite allowlisting and sandboxing measures

  • Malware Analysis
    • Goals of Malware Analysis
      • Diagnostics of threat severity or level of attack
      • Diagnostics of the type of malware
      • Scope the attack's impact
      • Built defense to secure organization's network and systems
      • Find a root cause
      • Built incident response actions
      • Develop anti-malware
  • Malware Countermeasures
  • Anti-Malware Software

Earn your CEH, guaranteed!

Earn your CEH, guaranteed!

Get hands-on hacking experience and live expert, instruction. Enroll now to claim your Exam Pass Guarantee!

Understanding CEH domain 3

Certified Ethical Hacker, or CEH, is a certification intended for information security professionals who want to bring ethical hacking benefits to their organization. You have to pass the CEH certification exam to earn this certification, which is now operating under the v4.0 Exam Blueprint and has significantly changed the material covered in CEH domain #3, System Hacking Phases and Attack Techniques. Use this article as your roadmap to this Domain of the CEH exam that you will have to master to earn this ethical hacking certification. 



Greg Belding
Greg Belding

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.