Most CEH study guides are recycled from v10 or v11 - they cover the same hacking phases and tools without addressing the fundamental shift CEH v13 introduces: artificial intelligence integrated throughout every domain. If you are studying from outdated material, you are preparing for a different exam than the one EC-Council is now delivering.
This guide is built on the current EC-Council CEH certification page specifications. It covers what changed, what the adaptive scoring system means for your prep strategy, and how to approach the 221 hands-on labs that now define what a CEH holder actually knows.
The Problem With Most CEH Study Guides
The certification industry has a content lag problem. When EC-Council updates a certification, third-party study guides take 12–18 months to catch up. For CEH v13, that lag is particularly damaging because the exam's AI integration is not a cosmetic update - it changes the skills being tested.
Candidates who prepare using v12 materials will know the 19 hacking domains and the standard tool set (Nmap, Wireshark, Metasploit). What they will not know is how those attacks are now conducted using AI-generated payloads, how machine learning is used to evade detection, and how to operate inside EC-Council's cloud-based AI Cyber Range for the practical component.
CEH v13 solves for a specific problem: ethical hackers who cannot operate in AI-augmented threat environments are increasingly unemployable in enterprise security roles.
What Is the CEH v13 Certification?
The Certified Ethical Hacker (CEH) is EC-Council's flagship penetration testing and ethical hacking certification. CEH v13 - now branded as CEH AI by EC-Council - is the current version as of 2026. According to the EC-Council CEH page, the key specifications are:
CEH v13 (CEH AI) Quick Facts
|
Spec |
Detail |
|---|---|
|
Knowledge Exam Questions |
125 multiple-choice |
|
Knowledge Exam Duration |
4 hours |
|
Practical Exam Challenges |
20 real-world challenges |
|
Practical Exam Duration |
6 hours |
|
Adaptive Passing Score |
60% to 85% (varies by question difficulty) |
|
Attack Techniques Covered |
550+ |
|
Hands-On Labs |
221 labs in cloud-based cyber range |
|
Eligibility |
2 years IT security experience OR official EC-Council training |
|
Credential Validity |
3 years (36 ECE credits required for renewal) |
The Two-Part CEH Exam Structure
CEH v13 has two separate assessment tracks:
-
Knowledge Exam (Exam 312-50) - 125 multiple-choice questions in 4 hours. Tests conceptual and theoretical understanding of ethical hacking techniques across 20 modules.
-
CEH Practical - 20 real-world challenges in 6 hours inside EC-Council's iLabs cyber range. Tests live execution of hacking techniques in a controlled virtual environment. Required to earn the full CEH (Master) designation.
Most job postings that list "CEH required" accept the knowledge exam alone. The CEH (Master) designation requires passing both.
CEH v13 Exam Domains: The 20 Modules
CEH v13 covers 20 ethical hacking modules that span the full attack lifecycle. The AI integration is embedded across multiple modules rather than siloed in a single AI domain:
|
Module |
Topic |
AI Integration |
|---|---|---|
|
1 |
Introduction to Ethical Hacking |
AI in the threat landscape |
|
2 |
Footprinting and Reconnaissance |
AI-assisted OSINT, automated recon |
|
3 |
Scanning Networks |
AI-powered port scanning and evasion |
|
4 |
Enumeration |
ML-assisted enumeration techniques |
|
5 |
Vulnerability Analysis |
AI vulnerability prioritization |
|
6 |
System Hacking |
AI-generated password attacks |
|
7 |
Malware Threats |
AI-generated malware, polymorphic code |
|
8 |
Sniffing |
AI traffic analysis and anomaly detection evasion |
|
9 |
Social Engineering |
AI-generated phishing, deepfakes |
|
10 |
Denial of Service |
AI-amplified DDoS techniques |
|
11 |
Session Hijacking |
AI-assisted session prediction |
|
12 |
Evading IDS/Firewalls |
AI evasion techniques |
|
13 |
Hacking Web Servers |
AI-powered web exploitation |
|
14 |
Hacking Web Applications |
AI-assisted injection and OWASP attacks |
|
15 |
SQL Injection |
AI-automated SQL injection |
|
16 |
Hacking Wireless Networks |
AI-assisted wireless attacks |
|
17 |
Hacking Mobile Platforms |
AI mobile threat vectors |
|
18 |
IoT and OT Hacking |
AI in operational technology attacks |
|
19 |
Cloud Computing |
AI attacks on cloud infrastructure |
|
20 |
Cryptography |
AI-assisted cryptanalysis |
What this means for your prep: You cannot prepare for CEH v13 by memorizing tool names and attack names alone. The exam now asks how AI changes the execution and detection of these techniques. Candidates who think in terms of "what does the tool do" rather than "how does AI modify this attack vector" will struggle on questions in modules 2, 3, 7, 9, and 12.
Understanding the Adaptive Passing Score (60%-85%)
The CEH v13 passing score of 60% to 85% is the single most misunderstood element of the exam. This is not a mistake in the study guide - it is EC-Council's adaptive cut-score methodology.
Here is how it works: EC-Council uses standard-setting methodology to determine the passing score for each exam form. Different exam versions (different question sets) have slightly different difficulty profiles. A harder question set has a lower cut score (closer to 60%). An easier question set has a higher cut score (closer to 85%). The goal is that "minimum competency" maps to the same level regardless of which form you receive.
What this means for your prep:
-
Target 75%+ on practice exams - this puts you safely above the highest possible cut score
-
Do not study to just "barely pass" - the cut score floor of 60% is for the hardest possible question set, and you have no way to know which form you will receive
-
Consistency across all 20 modules matters more than mastering a few domains
CEH v13 AI Labs: What They Are and How to Prepare
EC-Council's 221 hands-on labs in CEH v13 represent the most significant expansion from previous versions. These labs run in EC-Council's cloud-based iLabs cyber range - a fully virtualized environment where you execute real attacks against controlled targets.
What the CEH v13 AI Labs Cover
The AI-integrated labs include:
-
AI-generated payload creation - using AI tools to craft attack payloads that evade signature-based detection
-
ML-assisted reconnaissance - automated OSINT data aggregation and target profiling
-
Deepfake social engineering - creating AI-generated voice and video for targeted phishing
-
AI-powered vulnerability scanning - using AI prioritization to identify high-value targets in complex network environments
-
Adversarial AI - understanding how attackers manipulate ML models used in security products
How to Prepare Without Official iLabs Access
The iLabs environment is included in EC-Council's official CEH training ($850–$2,000+ depending on delivery format). For self-study candidates, these alternatives build equivalent hands-on skills:
-
TryHackMe - structured learning paths that mirror CEH modules; the "Jr Penetration Tester" path covers reconnaissance, scanning, exploitation, and post-exploitation
-
HackTheBox - more advanced; good for candidates with existing security experience preparing for the practical exam
-
SANS Cyber Aces - free foundational labs for Linux, Windows, and networking
-
VulnHub - downloadable vulnerable VMs for offline practice
According to EC-Council's 2026 certification survey data, 78% of CEH holders report that hands-on lab practice was more valuable than textbook study in preparing for the practical exam. Candidates who complete 100+ hours of lab time pass the practical exam at significantly higher rates than those who rely on theory alone.
CEH v13 Study Resources 2026: Ranked
|
Resource |
Cost |
Best For |
Coverage |
|---|---|---|---|
|
Affordable |
High-volume CEH question practice with explanations |
★★★★ |
|
|
TryHackMe "Jr Penetration Tester" path |
$14/mo |
Hands-on labs for practical exam prep |
★★★★ |
|
HackTheBox (starting tier) |
$14/mo |
Advanced practical skills; realistic machines |
★★★★ |
|
Jason Dion Udemy CEH course |
$15-$30 |
Video-based domain walkthroughs; good for beginners |
★★★ |
|
EC-Council CodeRed (official) |
Free-$29/mo |
Some free ethical hacking courses from EC-Council |
★★★ |
Study approach that works: Knowledge exam prep (4-6 weeks using EduSum practice tests) → hands-on lab practice (2-4 weeks on TryHackMe or HackTheBox) → official practice tests → schedule exam.
CEH v13 Study Plan: 10-Week Schedule
|
Phase |
Weeks |
Daily Focus |
Hours/Week |
|---|---|---|---|
|
Phase 1: Foundations |
1-2 |
Modules 1–5 (recon, scanning, enumeration, vulnerability analysis) |
8-10 hrs |
|
Phase 2: System Attacks |
3-4 |
Modules 6–11 (system hacking, malware, sniffing, social engineering, DoS, session hijacking) |
8-10 hrs |
|
Phase 3: Advanced Attacks |
5-6 |
Modules 12–16 (evasion, web servers, web apps, SQL injection, wireless) |
8-10 hrs |
|
Phase 4: Emerging Threats |
7-8 |
Modules 17–20 (mobile, IoT/OT, cloud, cryptography) + AI module integration |
10-12 hrs |
|
Phase 5: Lab Practice |
9 |
TryHackMe or HackTheBox full-time; 20+ hours of live exploitation |
15-20 hrs |
|
Phase 6: Mock Exams |
10 |
Full timed practice exams; target 75%+; schedule after two consecutive passing scores |
10-12 hrs |
CEH v13 vs CompTIA Security+ vs OSCP: Which Path Is Right?
|
Factor |
CEH v13 |
CompTIA Security+ |
OSCP |
|---|---|---|---|
|
Level |
Mid |
Entry |
Expert |
|
Focus |
Ethical hacking methodology + AI |
Security concepts + operations |
Hands-on penetration testing |
|
Exam Format |
125 MCQ + 20 practical challenges |
90 MCQ + PBQs |
24-hour practical exam only |
|
Passing Score |
60-85% (adaptive) |
750/900 |
Pass/fail (minimum score) |
|
Cost |
~$950–$1,200 |
~$392 |
~$1,499 |
|
Experience Needed |
2 years IT security |
Recommended: 2 years |
Strong practical experience |
|
Industry Recognition |
High - government, banking, defense |
Very high - broad industry |
Very high - offensive security |
|
AI Integration |
Yes - built into v13 curriculum |
No |
No |
|
DoD 8570 |
CSSP Inspector/Auditor |
IAT Level II |
Not listed |
|
Best For |
Pentesters needing recognized credential; DoD roles |
Entry-level security generalist |
Dedicated penetration testers |
The honest recommendation: CEH is the most recognized ethical hacking credential in corporate and government environments. OSCP is more respected among professional penetration testers and red teams. If your goal is a government or corporate pentesting role, start with CEH. If you want to move into dedicated red team or bug bounty work, OSCP is the stronger technical credential - but CEH is a better stepping stone given the career entry requirements.
For candidates comparing Security+ vs CEH, explore EduSum's Security+ resources alongside the CEH materials to make an informed decision about your path.
Is CEH v13 Worth It in 2026?
The CEH's value has been debated for years. The honest answer in 2026 is: it depends on your target role.
CEH is worth it if:
-
You are targeting government or federal contractor pentesting roles (DoD 8570 compliance makes CEH required or strongly preferred)
-
You are in a corporate security role and need a recognized credential to move into offensive security
-
You are in Asia-Pacific or Middle East markets where CEH recognition is very strong
CEH may not be your best choice if:
-
You are targeting elite red team or independent bug bounty work (OSCP or CRTO carry more weight)
-
You already have 3+ years of hands-on offensive security experience (the credential may add less marginal value than OSCP)
According to Bureau of Labor Statistics data, information security analyst salaries median at $120,360 annually, with penetration testers often commanding 20-30% above that median. CEH holders in government roles frequently cite DoD 8570 compliance as the primary driver of their certification investment. For the full CEH practice question bank, test your knowledge at EduSum's EC-Council preparation hub.
Frequently Asked Questions
Q: What is the CEH v13 passing score?
A: The CEH v13 (CEH AI) uses an adaptive passing score of 60% to 85%, as confirmed by EC-Council's official certification page. The exact cut score per exam form is determined by EC-Council's standard-setting methodology - target 75%+ on practice exams to ensure a safe margin above the highest possible cut score.
Q: How many questions are on the CEH v13 exam?
A: The CEH knowledge exam (Exam 312-50) has 125 multiple-choice questions delivered over 4 hours. A separate CEH Practical exam has 20 real-world challenges completed in 6 hours inside EC-Council's cyber range.
Q: What is new in CEH v13 compared to v12?
A: CEH v13 (CEH AI) adds comprehensive AI integration across all 20 modules, expands the attack technique library to 550+ techniques, includes 221 hands-on labs (up from previous versions), and adds AI-specific scenarios including deepfake social engineering, ML-assisted reconnaissance, and AI-generated payload creation.
Q: Do I need the official EC-Council training to take CEH?
A: Not necessarily. You can sit the exam without official training if you have at least 2 years of verified IT security experience. However, if you lack the experience requirement, you must complete EC-Council's official training to qualify for the exam.
Q: Is CEH harder than CompTIA Security+?
A: Yes. CEH is significantly harder than Security+. Security+ is an entry-level certification testing broad security concepts. CEH tests in-depth knowledge of ethical hacking techniques, attack methodologies, and tools across 20 domains, plus hands-on practical skills for the CEH Practical component.
Q: Can I self-study for CEH v13?
A: Yes, for the knowledge exam. Matt Walker's All-In-One CEH book, video courses, and platforms like TryHackMe provide solid self-study preparation. However, the CEH Practical exam is significantly harder to prepare for without access to live lab environments - TryHackMe and HackTheBox are the best self-study substitutes for EC-Council's iLabs.
Q: How long does CEH certification last?
A: CEH certification is valid for 3 years. Renewal requires earning 120 EC-Council Continuing Education (ECE) credits over the 3-year period, with an annual maintenance fee. ECE credits are earned through professional development, training, and security industry activities.
Q: Is CEH recognized by DoD 8570?
A: Yes. CEH is recognized under DoD 8570.01-M for CSSP Inspector and CSSP Auditor roles, and under certain IAM and IASAE categories. CEH is one of the few ethical hacking certifications that satisfies DoD compliance requirements, which is a major driver of its continued corporate and government adoption.
Q: CEH vs OSCP - which should I get?
A: CEH for corporate, government, and broader industry recognition, especially if DoD 8570 compliance applies. OSCP for elite penetration testing credibility and offensive security specialist roles. Both are valid - the choice depends on your target employer type and career goals.
Q: What tools does the CEH v13 exam test?
A: CEH v13 tests knowledge of tools including Nmap, Wireshark, Metasploit, Burp Suite, Aircrack-ng, SQLMap, John the Ripper, and Maltego, among many others. CEH v13 adds AI-assisted tools and techniques that were not in previous versions. Focus on understanding when and why each tool is used, not just what it does.
Q: What is the CEH exam cost in 2026?
A: The CEH knowledge exam (Exam 312-50) purchased through EC-Council's ECC Exam Center costs approximately $950-$1,200 USD depending on region and whether you purchase through an authorized training center. The official training bundle (which includes exam voucher and iLabs access) ranges from $850 to $2,000+.
Q: How do I prepare for CEH v13 AI labs without official iLabs?
A: Use TryHackMe's "Jr Penetration Tester" and "Red Teaming" paths, HackTheBox's starting point machines, VulnHub VMs, and SANS Cyber Aces for foundational skills. These cover the core techniques tested in CEH practical - recon, scanning, exploitation, post-exploitation - at a fraction of the official iLabs cost.
Begin Your CEH v13 Prep With Confidence
The CEH v13 shift to AI-integrated ethical hacking is not a marketing change - it is a curriculum realignment to match how attacks are actually conducted in 2026. Candidates who understand how AI changes each attack phase will answer exam questions more accurately than those who rely on v12 study materials.
Build your knowledge with EduSum's CEH practice question bank covering all 20 CEH modules, then validate your practical skills with live lab work. For the broader comparison of CEH versus Security+ as a career path, see EduSum's CEH exam preparation tips and use that alongside this guide for full exam readiness.
