This sheet maps the full CEH v13 (CEH AI) exam from EC-Council, the 125-question, 4-hour assessment built around 20 modules and the five phases of ethical hacking (reconnaissance, scanning, gaining access, maintaining access, and covering tracks). It distills every testable concept across footprinting, scanning, enumeration, system and web hacking, wireless, mobile, IoT/OT, cloud, and cryptography into recall-ready rows, with the exam's preferred framings and the misconceptions candidates fall for called out explicitly. CEH is criterion-referenced: the graded answer is the technique, tool, or countermeasure EC-Council teaches, so the focus throughout is recognizing the method, not memorizing trivia. Treat every payload here as a concept to identify, never a weapon to run.
What This Cheat Sheet Covers
This topic spans 60 focused tables and 701 indexed concepts. Below is a complete table-by-table outline of this topic, spanning foundational concepts through advanced details.
Table 1: Information Security Fundamentals, Attack Classification, and Hacker Classes
CEH v13 Module 01 (Introduction to Ethical Hacking) foundations: the elements of information security, EC-Council's five-category attack classification, the hacker-class taxonomy, and the three threat categories every candidate must recognize.
| Concept | Example | Description |
|---|---|---|
Encryption protects confidentiality hashing protects integrity redundancy protects availability | The three core elements of information security. • Confidentiality: only authorized parties can read data • Integrity: data is not altered without authorization • Availability: systems and data are accessible when needed | |
A digital signature confirms a file genuinely came from its claimed sender | Assurance that a message, file, or user genuinely is what it claims to be. Confirms origin and identity, not accountability. Not to be confused with non-repudiation, which proves an action cannot be denied later | |
A timestamped digital signature stops a signer denying they approved a payment | Protection against someone falsely denying they performed an action. Guarantees a party cannot deny sending a message or making a transaction. Often confused with authenticity (which only proves identity, not deniability) | |
Sniffing traffic on open Wi-Fi traffic analysis eavesdropping | Monitoring or intercepting communication without altering data. Targets confidentiality and is hard to detect because the system is unchanged. Not to be confused with active attacks, which modify data | |
Man-in-the-middle altering a transaction DoS masquerade | Modifying, disrupting, or destroying data or services through direct interaction with the target. Affects integrity and availability and is easier to detect than a passive attack | |
Shoulder surfing a PINdropping a malicious USBevil twin Wi-Fi | An attack requiring physical proximity to the target. The attacker must be near the person, system, or facility. Bypasses digital defenses by exploiting physical security gaps | |
A disgruntled employee leaks or deletes confidential records | An attack by someone with authorized access who misuses their privileges. Hardest category to detect because the actor is already trusted and has bypassed authentication | |
Malware pre-installed on software or modified hardware before delivery | Tampering with hardware or software during the supply chain or distribution stage, so the system is compromised before it reaches the user. Also called a supply-chain attack | |
Breaching a network to steal data or deploy ransomware for profit | A malicious hacker who attacks without authorization for personal, financial, or political gain. Defined by lack of consent plus harmful intent |