Announcements

EC-Council Certified Incident Handler (ECIH), Blueprint Change Announcement

Effective Dec 1st, 2023, EC-Council will be introducing a new version of the ECIH v2 exam blueprint.

An exam blueprint is a framework that helps break down the sections of the test making it easier for the test taker to focus his/ her study as they prepare for the exam. It dictates how many questions in various areas of practice should go on an exam.

As a reputed certification body, we always strive to keep updated of the latest technological advancements in the field of ethical hacking and information system security audits. Our new exam blueprint is an outcome of the same effort.

For those who are scheduled to take the ECIH exam on or after Dec 1st, 2023, here are the major changes you can expect to see:

New segmentation of topics among exam domains.
Removal and addition of some key topics.

Summary of the updated blueprint:

Domains	Sub Domain	Weightage (%)
1. Incident Response and Handling Process	1.1 Information Security Incidents 1.2 Incident Management 1.3 Incident Response Automation and Orchestration 1.4 Incident Handling Standards and Frameworks 1.5 Incident Handling Laws and Acts 1.6 Incident Response and Handling Process a ) Preparation b ) Incident Recording and Assignment c ) Incident Triage d ) Notification e ) Containment f ) Evidence Gathering and Forensics Analysis g ) Eradication h ) Recovery i ) Post-Incident Activities	11%
2. First Response	2.1 First Responder 2.2 Securing and Documenting the Crime Scene 2.3 Collecting Evidence at the Crime Scene 2.4 Preserving, Packaging, and Transporting the Evidence	11%
3. Malware Incidents	3.1 Malware Incidents Handling Preparation 3.2 Malware Incidents Detection 3.3 Malware Incidents Containment and Eradication 3.4 Recovery after Malware Incidents 3.5 Guidelines for Preventing Malware Incidents	11%
4. Email Security Incidents	4.1 Types of Email Security Incidents 4.2 Preparation for Handling Email Security Incidents 4.3 Detection and Containment of Email Security Incidents 4.4 Eradication of Email Security Incidents 4.5 Recovery after Email Security Incidents 4.6 Best Practices against Email Security Incidents	12%
5. Network Level Incidents	5.1 Preparation for Handling Network Security Incidents 5.2 Network Security Incidents Detection and Validation 5.3 Handling Unauthorized Access Incidents 5.4 Handling Inappropriate Usage Incidents 5.5 Handling Denial-of-Service Incidents 5.6 Handling Wireless Network Security Incidents	12%
6. Application Level Incidents	6.1 Preparation for Handling Web Application Security Incidents 6.2 Web Application Security Incidents Detection and Analysis 6.3 Containment and Eradication of Web Application Security Incidents 6.4 Recovery from Web Application Security Incidents 6.5 Best Practices for Securing Web Applications	11%
7. Cloud Security Incidents	7.1 Challenges in Cloud Incident Handling and Response 7.2 Handling Cloud Security Incidents 7.3 Handling Azure Security Incidents 7.4 Handling AWS Security Incidents 7.5 Handling Google Cloud Security Incidents 7.6 Best Practices Against Cloud Security Incidents	10%
8. Insider Threats	8.1 Types of Insider Threats 8.2 Preparation Steps for Handling Insider Threats 8.3 Detection, Containment, and Eradication of Insider Threats 8.4 Recovery After Insider Attacks 8.5 Best Practices against Insider Threats	11%
9. Endpoint Security Incidents	9.1 Need for Endpoint Security Incident Handling and Response 9.2 Preparation for Handling Endpoint Security Incidents 9.3 Detection and Validation of Endpoint Security Incidents 9.4 Handling Mobile-based Security Incidents 9.5 Handling IoT-based Security Incidents 9.6 Handling OT-based Security Incidents	11%

You can find the existing exam blueprint here, the current blueprint is valid till Nov 30th, 2023.

Note: This announcement is limited to the ECIH multiple choice exam and there are no changes to any other aspect of the exam such as the eligibility criteria, exam duration or exam availability.

Should you have any further questions you can write to [email protected]

Administrative Fee for EC-Council Certificate Verification

Effective April 1st, 2023, EC-Council will be charging an administrative fee for all certificate verification requests made by third parties (Non-Academic Institutions).

Certified Chief Information security officer (CCISO), Blueprint Change Announcement

Effective May 1st, 2021, EC-Council will be introducing a new version of the CCISO v2 exam blueprint.

For those who are scheduled to take the CCISO exam on or after May 1st, 2021, here are the major changes you can expect to see:

New segmentation of topics among exam domains.
Removal and addition of some key topics.

Summary of the updated blueprint:

Domains	Sub Domain	Description	Number of Questions	Weightage (%)
1. Governance, Risk, Compliance	Governance	Define, implement, manage and maintain an information security governance program that includes leadership, organizational structures, and processes. Align information security governance framework with organizational goals and governance, i.e., leadership style, philosophy, values, standards, and policies. Establish information security management structure. Establish a framework for information security governance monitoring (considering cost/benefits analyses of controls and ROI). Understand standards, procedures, directives, policies, regulations, and legal issues that affect the information security program. Understand the enterprise information security compliance program and manage the compliance team.	11	21%
	Risk Management	Create a risk management program policy and charter Create a risk assessment methodology and framework Create and manage risk register Create risk assessment schedule and check lists Create risk reporting metrics and processes	11
	Compliance	Analyze and understand common external laws, regulations, standards, best practices applicable to the organization, and organizational ethics. Be familiar with international security and risk standards such as ISO 27000 and 31000 series Implement and manage information security strategies, plans, policies, and procedures to reduce regulatory risk Understand the importance of regulatory information security organizations and appropriate industry groups and stakeholders Understand information security changes, trends, and best practices Understand and manage enterprise compliance program controls, information security compliance process and procedures, compliance auditing, and certification programs Understand the information security compliance process and procedures Compile, analyze, and report compliance programs Understand the compliance auditing and cortication programs Follow organizational ethics	10
2. Information Security Controls and Audit Management	Information Security Management Controls	Identify the organization’s operational process and objectives Design information systems controls in alignment with the operational needs and goals and conduct testing prior to implementation to ensure effectiveness Identify and select the resources required to effectively implement and maintain information systems controls. Such resources can include human capital, information, infrastructure, and architecture (e.g., platforms, operating systems, networks, databases, applications) Design and implement information systems controls to mitigate risk. Monitor and document the information systems control performance in meeting organizational objectives by identifying and measuring metrics and key performance indicators Design and conduct testing of information security controls to ensure effectiveness, discover deficiencies, and ensure alignment with the organization’s risk management program Design and implement processes to appropriately remediate deficiencies and evaluate problem management practices to ensure that errors are recorded, analyzed, and resolved in a timely manner Assess and implement tools and techniques to automate information systems control processes. Measure, manage, and report on security control implementation and effectiveness	16	20%
	Audit Management	Understand the IT audit process and be familiar with IT audit standards Apply information systems audit principles, skills and techniques in reviewing and testing information systems technology and applications to design and implement a thorough risk-based IT audit strategy Execute the audit process in accordance with established standards and interpret results against defined criteria to ensure that the information systems are protected, controlled and effective in supporting organization’s objectives Evaluate audit results, weighing the relevancy, accuracy, and perspective of conclusions against the accumulated audit evidence Assess the exposures resulting from ineffective or missing control practices and formulate a practical and cost-effective plan to improve those areas Develop an IT audit documentation process and share reports with relevant stakeholders as the basis for decision-making Ensure that the necessary changes based on the audit findings are effectively implemented in a timely manner	14
3. Security Program Management & Operations	Security Program Management	For each information systems project develop a clear project scope statement in alignment with organizational objectives Define activities needed to successfully execute the information systems program, estimate activity duration, and develop a schedule and staffing plan Develop, manage and monitor the information systems program budget, estimate and control costs of individual projects Identify, negotiate, acquire and manage the resources needed for successful design and implementation of the information systems program (e.g., people, infrastructure, and architecture) Acquire, develop and manage information security project team Assign clear information security personnel job functions and provide continuous training to ensure effective performance and accountability Direct information security personnel and establish communications, and team activities, between the information systems team and other security-related personnel (e.g., technical support, incident management, security engineering)	16	21%
	Security Program Operations	Resolve personnel and teamwork issues within time, cost, and quality constraints Identify, negotiate and manage vendor agreement and community Participate with vendors and stakeholders to review/assess recommended solutions; identify incompatibilities, challenges, or issues with proposed solutions Evaluate the project management practices and controls to determine whether business requirements are achieved in a cost-effective manner while managing risks to the organization Develop a plan to continuously measure the effectiveness of the information systems projects to ensure optimal system performance Identify stakeholders, manage stakeholders’ expectations, and communicate effectively to report progress and performance Ensure that necessary changes and improvements to the information systems processes are implemented as required	15
4. Information Security Core Competencies	Access Control	Identify the criteria for mandatory and discretionary access control, understand the different factors that help in implementation of access controls and design an access control plan Implement and manage an access control plan in alignment with the basic principles that govern the access control systems such as need-to-know Identify different access control systems such as ID cards and biometrics Understand the importance of warning banners for implementing access rules Develop procedures to ensure system users are aware of their IA responsibilities before granting access to the information systems	2	19%
	Social Engineering, Phishing Attacks, Identity Theft	Understand various social engineering concepts and their role in insider attacks and develop best practices to counter social engineering attacks Design a response plan to identity theft incidences Identify and design a plan to overcome phishing attacks	3
	Physical Security	Identify standards, procedures, directives, policies, regulations, and laws for physical security Determine the value of physical assets and the impact if unavailable Design, implement and manage a comprehensive, coordinated, and holistic physical security plan to ensure overall organizational security including an audit schedule and performance metrics	2
	Disaster Recovery and Business Continuity Planning	Develop, implement, and monitor business continuity, business recovery, contingency planning, and disaster recovery plans in case of disruptive events and ensure alignment with organizational goals and objectives Direct contingency planning, operations, and programs to manage risk Design documentation process as part of the continuity of operations program Design and execute a testing and updating plan for the continuity of operations program Understand the importance of integration of IA requirements into the Continuity of Operations Plan (COOP).	2
	Firewall, IDS/IPS and Network Defense Systems	Understand and manage network cloud security Identify the appropriate intrusion detection and prevention systems for organizational information security Design and develop a program to monitor firewalls and identify firewall configuration issues Understand perimeter defense systems such as grid sensors and access control lists on routers, firewalls, and other network devices Identify the basic network architecture, models, protocols and components such as routers and hubs that play a role in network security Understand the concept of network segmentation Manage DMZs, VPN and telecommunication technologies such as PBX and VoIP Identify network vulnerabilities and explore network security controls such as use of SSL and TLS for transmission security Support, monitor, test, and troubleshoot issues with hardware and software Manage accounts, network rights, and access to systems and equipment	3
	Wireless Security	Identify vulnerability and attacks associated with wireless networks and manage different wireless network security tools	2
	Virus, Trojans and Malware, and other Malicious Code Threats	Assess the threat of virus, Trojan and malware to organizational security and identify sources and mediums of malware infection Deploy and manage anti-virus systems Develop process to counter virus, Trojan, and malware threats including training both security teams and non-security teams on secure development processes	3
	Secure Coding Best Practices and Securing Web Applications	Develop and maintain software assurance programs in alignment with the secure coding principles and each phase of System Development Life Cycle (SDLC) Understand various system-engineering practices Configure and run tools that help in developing secure programs Understand software vulnerability analysis techniques including static code, dynamic code, and software composition analysis. Install and operate the IT systems in a test configuration manner that does not alter the program code or compromise security safeguards Identify web application vulnerabilities and attacks and web application security tools to counter attacks	2
	OS Hardening	Identify various OS vulnerabilities and attacks and develop a plan for hardening OS systems Understand system logs, patch management process and configuration management for information system security	2
	Encryption Technologies	Understand the concept of encryption and decryption, digital certificates, public key infrastructure and the key differences between cryptography and steganography Identify the different components of a cryptosystem Develop a plan for information security encryption techniques	2
	Vulnerability Assessment and Penetration Testing	Design, develop and implement a penetration testing program based on penetration testing methodology to ensure organizational security Identify different vulnerabilities associated with information systems and legal issues involved in penetration testing Develop pre and post testing procedures Develop a plan for pen test reporting and implementation of technical vulnerability corrections Develop vulnerability management systems	2
	Threat Management	Create and manage a threat management program including threat intelligence, third-party threats, and security bulletins regarding hardware and software, particularly open-source software	2
	Incident Response and Computer Forensics	Develop a plan to identify a potential security violation and take appropriate action to report the incident Comply with system termination procedures and incident reporting requirements related to potential security incidents or actual breaches Assess potential security violations to determine if the network security policies have been breached, assess the impact, and preserve evidence Diagnose and resolve IA problems in response to reported incidents Design incident response procedures including testing, table top exercises, and playbooks Develop guidelines to determine whether a security incident is indicative of a violation of law that requires special legal action Identify the volatile and persistent system information Set up and manage forensic labs and programs Understand various digital media devices, e-discovery principles and practices and different file systems Develop and manage an organizational digital forensic program Establish, develop and manage forensic investigation teams Design investigation processes such as evidence collection, imaging, data acquisition, and analysis Identify the best practices to acquire, store and process digital evidence Configure and use various forensic investigation tools Design anti-forensic techniques	2
5. Strategic Planning, Finance, Procurement, and Third-Party Management	Strategic Planning	Design, develop and maintain enterprise information security architecture (EISA) by aligning business processes, IT software and hardware, local and wide area networks, people, operations, and projects with the organization’s overall security strategy Perform external analysis of the organization (e.g., analysis of customers, competitors, markets and industry environment) and internal analysis (risk management, organizational capabilities, performance measurement etc.) and utilize them to align information security program with organization’s objectives Identify and consult with key stakeholders to ensure understanding of organization’s objectives Define a forward-looking, visionary and innovative strategic plan for the role of the information security program with clear goals, objectives and targets that support the operational needs of the organization Define key performance indicators and measure e effectiveness on continuous basis Assess and adjust security resources to ensure they support the organization’s strategic objectives Monitor and update activities to ensure accountability and progress	10	19%
	Finance	Analyze, forecast and develop the operational budget of the security department Acquire and manage the necessary resources for implementation and management of information security plan Allocate financial resources to projects, processes and units within information security program Monitor and oversee cost management of information security projects, return on investment (ROI) of key purchases related to IT infrastructure and security and ensure alignment with the strategic plan Identify and report financial metrics to stakeholders Balance the IT security investment portfolio based on EISA considerations and enterprise security priorities Understand the acquisition life cycle and determine the importance of procurement by performing Business Impact Analysis Identify different procurement strategies and understand the importance of cost-benefit analysis during procurement of an information system Understand the basic procurement concepts such as Statement of Objectives (SOO), Statement of Work (SOW), and Total Cost of Ownership (TCO) Collaborate with various stakeholders (which may include internal client, lawyers, IT security professionals, privacy professionals, security engineers, suppliers, and others) on the procurement of IT security products and services Include risk-based security requirements in acquisition plans, cost estimates, statements of work, contracts, and evaluation factors for award, service level agreements, and other pertinent procurement documents Design vendor selection process and management policy Develop contract administration policies that direct the evaluation and acceptance of delivered IT security products and services under a contract, as well as the security evaluation of IT and software being procured Develop measures and reporting standards to measure and report on key objectives in procurements aligned with IT security policies and procedures Understand the IA security requirements to be included in statements of work and other appropriate procurement documents	9
	Third Party Management	Design third party selection process Design third party management policy, metrics, and processes Design and manage the third party assessment process including ongoing compliance management Develop measures and reporting standards to measure and report on key objectives in procurements aligned with IT security policies and procedures Include risk-based security requirements in acquisition plans, cost estimates, statements of work, contracts, and evaluation factors for award, service level agreements, and other pertinent procurement documents Understand the security, privacy, and compliance requirements to be included in Statements of Work (SOW), Master Service Agreements (MSA), and other appropriate procurement documents	9

You can find the existing exam blueprint here, the current blueprint is valid till April 30th, 2021.

Note: This announcement is limited to the CCISO multiple choice exam and there are no changes to any other aspect of the exam such as the eligibility criteria, exam duration or exam availability.

Should you have any further questions you can write to [email protected]

Computer Hacking Forensic Investigator (CHFI), Blueprint Change Announcement

Effective May 1st, 2021, EC-Council will be introducing a new version of the CHFI v3 exam blueprint.

For those who are scheduled to take the CHFI exam on or after May 1st, 2021, here are the major changes you can expect to see:

New segmentation of topics among exam domains.
Removal and addition of some key topics.

Summary of the updated blueprint:

Domains	Sub Domain	Description	Number of Questions	Weightage (%)
1. Forensic Science	Understand different types of cybercrimes and list various forensic investigations challenges	Types of Computer Crimes Impact of Cybercrimes at Organizational Level Cyber Crime Investigation Challenges Cyber Crimes Present for Investigators Network Attacks Indicators of Compromise (IOC) Web Application Threats Challenges in Web Application Forensics Indications of a Web Attack What is Anti-Forensics? Anti-Forensics Techniques	7	18%
	Understand the fundamentals of computer forensics and determine the roles and responsibilities of forensic investigators	Understanding Computer Forensics Need for Computer Forensics Why and When Do You Use Computer Forensics? Forensic Readiness Forensic Readiness and Business Continuity Forensics Readiness Planning Incident Response Computer Forensics as part of Incident Response Plan Overview of Incident Response Process Flow Role of SOC in Computer Forensics Need for Forensic Investigator Roles and Responsibilities of Forensics Investigator What makes a Good Computer Forensics Investigator? Code of Ethics Accessing Computer Forensics Resources Other Factors That Influence Forensic Investigations Introduction to Web Application Forensics Introduction to Network Forensics Postmortem and Real-Time Analys	7
	Understand data acquisition concepts and rules	Understanding Data Acquisition Live Acquisition Order of Volatility Dead Acquisition Rules of Thumb for Data Acquisition Types of Data Acquisition Determine the Data Acquisition Format	6
	Understand the fundamental concepts and working of databases, cloud computing, Emails, IOT, Malware (file and fileless), and dark web	Understanding Dark Web TOR Relays How TOR Browser works TOR Bridge Node Internal architecture of MySQL Structure of data directory Introduction to Cloud Computing Types of Cloud Computing Services Cloud Deployment Models Cloud Computing Threats Cloud Computing Attacks Introduction to an email system Components involved in email communication How email communication works Understanding parts of an email message Introduction to Malware Components of Malware Common Techniques Attackers Use to Distribute Malware across Web Introduction to Fileless Malware Infection Chain of Fileless Malware How Fileless Attack Works via Memory Exploits How Fileless Attack Happens Via Websites How Fileless Attack Happens Via Documents What is IoT? IoT Architecture IoT Security Problems OWASP Top 10 Vulnerabilities IoT Threats IoT Attack Surface Areas	7
2. Regulations, Policies and Ethics	Understand rules and regulations pertaining to search & seizure of the evidence, and evidence examination	Rules of Evidence Best Evidence Rule Federal Rules of Evidence Scientific Working Group on Digital Evidence (SWGDE) ACPO Principles of Digital Evidence Seeking Consent Obtaining Witness Signatures Obtaining Warrant for Search and Seizure Searches Without a Warrant Initial Search of the Scene Preserving Evidence Chain of Custody Sanitize the Target Media Records of Regularly Conducted Activity as Evidence Division of Responsibilities	12	15%
	Understand different laws and legal issues that impact forensic investigations	Computer Forensics: Legal Issues Computer Forensics: Privacy Issues Computer Forensics and Legal Compliance Other Laws that May Influence Computer Forensics U.S. Laws Against Email Crime: CAN-SPAM Act	11
3. Digital Evidence	Understand the fundamental characteristics and types of digital evidence	Introduction to Digital Evidence Types of Digital Evidence Characteristics of Digital Evidence Role of Digital Evidence Sources of Potential Evidence Understanding Hard Disk Understanding Solid State Drive (SSD) RAID Storage System NAS/SAN Storage Disk Interfaces Logical Structure of Disks	5	17%
	Understand the fundamental concepts and working of desktop and mobile Operating Systems	What is the Booting Process? Essential Windows System Files Windows Boot Process: BIOS-MBR Method Windows Boot Process: UEFI-GPT Macintosh Boot Process Linux Boot Process Windows File Systems Linux File Systems Mac OS X File Systems MAC Forensics Data MAC Log Files MAC Directories CD-ROM / DVD File System Virtual File System (VFS) and Universal Disk Format File System (UDF) Architectural Layers of Mobile Device Environment Android Architecture Stack Android Boot Process iOS Architecture iOS Boot Process Mobile Storage and Evidence Locations Mobile Phone Evidence Analysis Data Acquisition Methods Components of Cellular Network Different Cellular Networks Cell Site Analysis: Analyzing Service Provider Data CDR Contents Subscriber Identity Module (SIM) Different types of network-based evidence	5
	Understand different types of logs and their importance in forensic investigations	Understanding Events Types of Logon Events Event Log File Format Organization of Event Records ELF_LOGFILE_HEADER structure EventLogRecord Structure Windows 10 Event Logs Other Audit Events Evaluating Account Management Events Log files as evidence Legal criteria for admissibility of logs as evidence Guidelines to ensure log file credibility and usability Ensure log file authenticity Maintain log file integrity Implement centralized log management IIS Web Server Architecture IIS Logs Analyzing IIS Logs Apache Web Server Architecture Apache Web Server Logs Apache Access Logs Apache Error Logs	6
	Understand various encoding standards and analyze various file types	Character Encoding Standard: ASCII Character Encoding Standard: UNICODE OFFSET Understanding Hex Editors Understanding Hexadecimal Notation Image File Analysis: JPEG Image File Analysis: BMP Understanding EXIF data Hex View of Popular Image File Formats PDF File Analysis Word File Analysis PowerPoint File Analysis Excel File Analysis Hex View of Other Popular File Formats	5
	Understand the fundamental working of WAF and MySQL Database	Web Application Firewall (WAF) Benefits of WAF Limitations of WAF Data Storage in SQL Server Database Evidence Repositories MySQL Forensics Viewing the Information Schema MySQL Utility Programs for Forensic Analysis	5
4. Procedures and Methodology	Understand Forensic Investigation Process	Forensic investigation process Importance of the Forensic investigation process Setting up a computer forensics lab Building the investigation team Understanding the hardware and software requirements of a forensic lab Validating laboratory software and hardware Ensuring quality assurance First response basics First response by non-forensics staff First response by system/network administrators First response by laboratory forensics staff Documenting the electronic crime scene Search and seizure Evidence preservation Data acquisition Data analysis Case analysis Reporting Testify as an expert witness Generating Investigation Report Mobile Forensics Process Mobile Forensics Report Template Sample Mobile Forensic Analysis Worksheet	6	17%
	Understand the methodology to acquire data from different types of evidence	Data Acquisition Methodology Step 1: Determine the Best Data Acquisition Method Step 2: Select the Data Acquisition Tool Step 3: Sanitize the Target Media Step 4: Acquire Volatile Data Acquire Data From a Hard Disk Remote Data Acquisition Step 5: Enable Write Protection on the Evidence Media Step 6: Acquire Non-Volatile Data Step 7: Plan for Contingency Step 8: Validate Data Acquisition Using Collecting Volatile Information Collecting Non-Volatile Information Collecting Volatile Database Data Collecting Primary Data File and Active Transaction Logs Using SQLCMD Collecting Primary Data File and Transaction Logs Collecting Active Transaction Logs Using SQL Server Management Studio Collecting Database Plan Cache Collecting Windows Logs Collecting SQL Server Trace Files Collecting SQL Server Error Logs	7
	Illustrate Image/Evidence Examination and Event Correlation	Getting an Image Ready for Examination Viewing an Image on a Windows, Linux and Mac Forensic Workstations Windows Memory Analysis Windows Registry Analysis File System Analysis Using Autopsy File System Analysis Using The Sleuth Kit (TSK) Event Correlation Types of Event Correlation Prerequisites of Event Correlation Event Correlation Approaches	6
	Explain Dark Web and Malware Forensics	Dark web forensics Identifying TOR Browser Artifacts: Command Prompt Identifying TOR Browser Artifacts: Windows Registry Identifying TOR Browser Artifacts: Prefetch Files Introduction to Malware Forensics Why Analyze Malware? Malware Analysis Challenges Identifying and Extracting Malware Prominence of Setting up a Controlled Malware Analysis Lab Preparing Testbed for Malware Analysis Supporting Tools for Malware Analysis General Rules for Malware Analysis Documentation Before Analysis Types of Malware Analysis	6
5. Digital Forensics	Review Various Anti-Forensic Techniques and Ways to Defeat Them	Anti-Forensics Technique: Data/File Deletion What Happens When a File is Deleted in Windows? Recycle Bin in Windows File Carving Anti-Forensics Techniques: Password Protection Bypassing Passwords on Powered-off Computer Anti-Forensics Technique: Steganography Anti-Forensics Technique: Alternate Data Streams Anti-Forensics Techniques: Trail Obfuscation Anti-Forensics Technique: Artifact Wiping Anti-Forensics Technique: Overwriting Data/Metadata Anti-Forensics Technique: Encryption Anti-Forensics Technique: Program Packers Anti-Forensics Techniques that Minimize Footprint Anti-Forensics Technique: Exploiting Forensics Tools Bugs Anti-Forensics Technique: Detecting Forensic Tool Activities Anti-Forensics Countermeasures Anti-Forensics Tools	4	17%
	Analyze Various Files Associated with Windows and Linux and Android Devices	Windows File Analysis Metadata Investigation Windows ShellBags Analyze LNK Files Analyze Jump Lists Event logs File System Analysis using The Sleuth Kit (TSK) Linux Memory Forensics APFS File System Analysis: Biskus APFS Capture Parsing metadata on Spotlight Logical Acquisition of Android Devices Physical Acquisition of Android Devices SQLite Database Extraction Challenges in Mobile Forensics	3
	Analyze various logs and perform network forensics to investigate network attacks	Analyzing Firewall Logs Analyzing IDS Logs Analyzing Honeypot Logs Analyzing Router Logs Analyzing DHCP Logs Why investigate Network Traffic? Gathering evidence via Sniffers Sniffing Tool: Tcpdump Sniffing Tool: Wireshark Analyze Traffic for TCP SYN flood DOS attack Analyze Traffic for SYN-FIN flood DOS attack Analyze traffic for FTP password cracking attempts Analyze traffic for SMB password cracking attempts Analyze traffic for sniffing attempts Analyze traffic to detect malware activity Centralized Logging Using SIEM Solutions SIEM Solutions: Splunk Enterprise Security (ES) SIEM Solutions: IBM Security QRadar Examine Brute-Force Attacks Examine DoS Attack Examine Malware Activity Examine data exfiltration attempts made through FTP Examine network scanning attempts Examine ransomware attack Detect rogue DNS server (DNS hijacking/DNS spoofing) Wireless network security vulnerabilities Performing attack and vulnerability monitoring Detect a rogue access point Detect access point MAC spoofing attempts Detect misconfigured access point Detect honeypot access points Detect signal jamming attack	4
	Analyze Various Logs and Perform Web Application Forensics to Examine Various Web Based Attacks	Investigating Cross-Site Scripting Attack Investigating SQL Injection Attack Investigating Directory Traversal Attack Investigating Command Injection Attack Investigating Parameter Tampering Attack Investigating XML External Entity Attack Investigating Brute Force Attack Investigating Cookie Poisoning Attack	4
	Perform Forensics on Databases, Dark Web, Emails, Cloud and IoT devices	Database Forensics Using SQL Server Management Studio Database Forensics Using ApexSQL DBA Common Scenario for Reference MySQL Forensics for WordPress Website Database: Scenario 1 MySQL Forensics for WordPress Website Database: Scenario 2 Tor Browser Forensics: Memory Acquisition Collecting Memory Dumps Memory Dump Analysis: Bulk Extractor Forensic Analysis of Memory Dumps to Examine Email Artifacts (Tor Browser Open) Forensic Analysis of Storage to Acquire the Email Attachments (Tor Browser Open) Forensic Analysis of Memory Dumps to Examine Email Artifacts (Tor Browser Closed) Forensic Analysis of Storage to Acquire the Email Attachments (Tor Browser Closed) Forensic Analysis: Tor Browser Uninstalled Dark Web Forensics Challenges Introduction to email crime investigation Steps to investigate email crimes Division of Responsibilities Where Is the Data Stored in Azure? Logs in Azure Acquiring A VM in Microsoft Azure Acquiring A VM Snapshot Using Azure Portal Acquiring A VM Snapshot Using PowerShell AWS Forensics Wearable IoT Device: Smartwatch IoT Device Forensics: Smart Speaker-Amazon Echo	3
	Perform Static and Dynamic Malware Analysis in a Sandboxed Environment	Malware Analysis: Static Analyzing Suspicious MS Office Document Analyzing Suspicious PDF Document Malware Analysis: Dynamic	3
	Analyze Malware Behavior on System and Network Level, and Analyze Fileless Malware	System Behavior Analysis: Monitoring Registry Artifacts System Behavior Analysis: Monitoring Processes System Behavior Analysis: Monitoring Windows Services System Behavior Analysis: Monitoring Startup Programs System Behavior Analysis: Monitoring Windows Event Logs System Behavior Analysis: Monitoring API Calls System Behavior Analysis: Monitoring Device Drivers System Behavior Analysis: Monitoring Files and Folders Network Behavior Analysis: Monitoring Network Activities Network Behavior Analysis: Monitoring Port Network Behavior Analysis: Monitoring DNS Fileless Malware Analysis: Emotet Emotet Malware Analysis Emotet Malware Analysis: Timeline of the Infection Chain	4
6. Tools/Systems/Programs	Identify various tools to investigate Operating Systems including Windows, Linux, Mac, Android and iOS	File System Analysis Tools File Format Analyzing Tools Volatile Data Acquisition Tools Non-Volatile Data Acquisition Tools Data Acquisition Validation Tools Tools for Examining Images on Windows Tools for Examining Images on Linux Tools for Examining Images on Mac Tools for Carving Files on Windows Tools for Carving Files on Linux Tools for Carving Files on Mac Recovering Deleted Partitions: Using R-Studio Recovering Deleted Partitions: Using EaseUS Data Recovery Wizard Partition Recovery Tools Using Rainbow Tables to Crack Hashed Passwords Password Cracking Using: L0phtCrack and Ophcrack Password Cracking Using Cain & Abel and RainbowCrack Password Cracking Using pwdump7 Password Cracking Tools Tool to Reset Admin Password Steganography Detection Tools Detecting Data Hiding in File System Structures Using OSForensics ADS Detection Tools Detecting File Extension Mismatch using Autopsy Tools to detect Overwritten Data/Metadata Program Packers Unpacking Tools USB Device Enumeration using Windows PowerShell Tools to Collect Volatile Information Tools to Non-Collect Volatile Information Tools to perform windows memory and registry analysis Tools to examine the cache, Cookie and history recorded in web browsers Tools to Examine Windows Files and Metadata Tools to Examine ShellBags, LNK files and Jump Lists Tools to Collect Volatile Information on Linux Tools to Collect Non-Volatile Information on Linux Linux File system Analysis Tools Tools to Perform Linux Memory Forensics APFS File System Analysis Parsing metadata on Spotlight MAC Forensic Tools Network Traffic Investigation Tools Incident Detection and Examination with SIEM tools Detect and Investigate Various Attacks on Web Applications by Examining Various Logs Tools to Identify TOR Artifacts Tools to Acquire Memory Dumps Tools to Examine the Memory Dumps Tools to Perform Static Malware Analysis Tools to Analyze Suspicious Word and PDF documents Tools to Perform Static Malware Analysis Tools to Analyze Malware Behavior on a System Tools to Analyze Malware Behavior on a Network Tools to Perform Logical Acquisition on Android and iOS devices Tools to Perform Physical Acquisition on Android and iOS devices	13	16%
	Determine the various tools to investigate MSSQL, MySQL, Azure, AWS, Emails and IoT devices	Tools to Collect and Examine the Evidence Files on MSSQL Server Tools to Collect and Examine the Evidence Files on MySQL Server Investigating Microsoft Azure Investigating AWS Tools to Acquire Email Data Tools to Acquire Deleted Emails Tools to Perform Forensics on IoT devices	11

You can find the existing exam blueprint here, the current blueprint v2.1 is valid till April 30th, 2021.

Note: This announcement is limited to the CHFI multiple choice exam and there are no changes to any other aspect of the exam such as the eligibility criteria, exam duration or exam availability.

Should you have any further questions you can write to [email protected]

EC-Council’s E|CIH Program officially accredited by ANSI

EC-Council is proud to announce that the Certified ECIH Program has officially been accredited by the American National Standards Institute (ANSI) to meet the ANSI/ISO/IEC 17024 Personnel Certification Accreditation standard for its E|CIH certification!

The American National Standards Institute (ANSI) is a private non-profit organization that administers and coordinates the U.S. voluntary standardization and conformity assessment system. ANSI is the official U.S. representative to the International Organization for Standardization (ISO) and, via the U.S. National Committee, the International Electrotechnical Commission (IEC). ANSI is also a member of the International Accreditation Forum (IAF).

To award the accreditation, ANSI conducted a verification process to ensure that EC-Council is impartial and objective as a certification body. It also confirmed that EC-Council’s certification process is conducted in a consistent, comparable, and reliable manner. This process required rigorous quality reviews of EC-Council and the Certified ECIH (E|CIH) program.

All ECIHs who took the version of the exam that was certified by ANSI will now have the ANSI logo on their electronic certification. If you have any questions about this program, please contact [email protected].

Certified Network Defender (CND), Blueprint Change Announcement

Effective Jan 11th, 2021, EC-Council will be introducing a new version of the CND V3 exam blueprint.

For those who are scheduled to take the CND exam on or after Jan 11th, 2021, here are the major changes you can expect to see:

New segmentation of topics among exam domains.
Removal and addition of some key topics.

Summary of the updated blueprint:

Domains	Sub Domain	Description	Number of Questions	Weightage (%)
1. Network Defense Management	Network Attacks and Defense Strategies	Explain essential terminologies related to network security attacks Describe the various examples of network-level attack techniques Describe the various examples of host-level attack techniques Describe the various examples of applicationlevel attack techniques Describe the various examples of social engineering attack techniques Describe the various examples of email attack techniques Describe the various examples of mobile device-specific attack techniques Describe the various examples of cloud-specific attack techniques Describe the various examples of wireless network-specific attack techniques Describe Attacker’s Hacking Methodologies and Frameworks Understand fundamental goal, benefits, and challenges in network defense Explain Continual/Adaptive security strategy Explain defense-in-depth security strategy	7	10%
	Administrative Network Security	Obtain compliance with regulatory frameworks Discuss various Regulatory Frameworks, Laws, and Acts Learn to design and develop security policies Conduct security awareness training Discuss other administrative security measures	3
2. Network Perimeter Protection	Technical Network Security	Discuss access control principles, terminologies, and models Redefine Access Control security in Today’s Distributed and Mobile Computing World Discuss Identity and Access Management (IAM) concepts Discuss cryptographic security techniques Discuss various cryptographic algorithms Discuss security benefits of network segmentation techniques Discuss various essential network security solutions Discuss various essential network security protocols	6	16%
	Network Perimeter Security	Understand firewall security concerns, capabilities, and limitations Understand different types of firewall technologies and their usage Understand firewall topologies and their usage Distinguish between hardware, software, host, network, internal, and external firewalls Select firewalls based on its deep traffic inspection capability Discuss firewall implementation and deployment process Discuss recommendations and best practices for secure firewall Implementation and deployment Discuss firewall administration activities Understand role, capabilities, limitations, and concerns in IDS deployment Discuss IDS/IPS classification Discuss various components of IDS Discuss effective deployment of network and host-based IDS Learn to how to deal with false positive and false negative IDS alerts Discuss the selection of appropriate IDS solutions Discuss various NIDS and HIDS Solutions with their intrusion detection capabilities Discuss router and switch security measures, recommendations, and best practices Leverage Zero Trust Model Security using Software-Defined Perimeter (SDP)	10
3. Endpoint Protection	Endpoint SecurityWindows Systems	Understand Window OS and Security Concerns Discuss Windows Security Components Discuss Various Windows Security Features Discuss Windows security baseline configurations Discuss Windows User Account and Password Management Discuss Windows Patch Management Discuss User Access Management Discuss Windows OS Security Hardening Techniques Discuss Windows Active Directory Security Best Practices Discuss Windows Network Services and Protocol Security	5	15%
	Endpoint SecurityLinux Systems	Understand Linux OS and Security Concerns Discuss Linux Installation and Patching Discuss Linux OS Hardening Techniques Discuss Linux User Access and Password Management Discuss Linux Network and Remote Access Security Discuss Various Linux Security Tools and Frameworks	4
	Endpoint SecurityMobile Devices	Discuss Common Mobile Usage Policies in Enterprises Discuss the Security Risk and challenges associated with Enterprises mobile usage policies Discuss security guidelines to mitigate risk associated with enterprise mobile usage policies Discuss and implement various enterprise-level mobile security management Solutions Discuss and implement general security guidelines and best practices on Mobile platforms Discuss Security guidelines and tools for Android devices Discuss Security guidelines and tools for iOS devices	3
	Endpoint Security-IoT Devices	Understand IoT Devices, their need, and Application Areas Understand IoT Ecosystem and Communication models Understand Security Challenges and risks associated with IoT-enabled environments Discuss the security in IoT-enabled Environments Discuss Security Measures for IoT-enabled Environments Discuss IoT Security Tools and Best Practices Discuss and refer various standards, Initiatives and Efforts for IoT Security	3
4. Application and Data Protection	Administrative Application Security	Discuss and implement Application Whitelisting and Blacklisting Discuss and implement application Sandboxing Discuss and implement Application Patch Management Discuss and implement Web Application Firewall (WAF)	4	13%
	Data Security	Understand Data Security and its Importance Discuss the implementation of data access controls Discuss the implementation of encryption of “Data at rest” Discuss the implementation of Encryption of “Data at transit” Discuss the implementation of Encryption of “Data at transit” between browser and web server Discuss the implementation of Encryption of “Data at transit” between database server and web server Discuss the implementation of Encryption of “Data at transit” in Email Delivery Discuss Data Masking ConceptsDiscuss data backup and retention Discuss Data Destruction Concepts Data Loss Prevention(DLP) Concepts	9
5. Enterprise Virtual, Cloud, and Wireless Network Protection	Enterprise Virtual Network Security	Understand Virtualization Essential Concepts Discus Network Virtualization (NV) Security Discuss Software-Defined Network (SDN) Security Discuss Network Function Virtualization (NFV) Security Discus OS Virtualization Security Discuss Security Guidelines, recommendations and best practices for Containers Discuss Security Guidelines, recommendations and best practices for Dockers Discuss Security Guidelines, recommendations and best practices for Kubernetes	4	12%
	Enterprise Cloud Network Security	Understand Cloud Computing Fundamentals Understand the Insights of Cloud Security Evaluate CSP for Security before Consuming Cloud Service Discuss security in Amazon Cloud (AWS) Discuss security in Microsoft Azure Cloud Discuss Security in Google Cloud Platform (GCP) Discuss general security best practices and tools for cloud security	3
	Enterprise Wireless Network Security	Understand wireless network fundamentals Understand wireless network encryption mechanisms Understand wireless network authentication methods Discuss and implement wireless network security measures	5
6. Incident Detection	Network Traffic Monitoring and Analysis	Understand the need and advantages of network traffic monitoring Setting up the environment for network monitoring Determine baseline traffic signatures for normal and suspicious network traffic Perform network monitoring and analysis for suspicious traffic using Wireshark Discuss network performance and bandwidth monitoring concepts	7	14%
	Network Logs Monitoring and Analysis	Understand logging concepts Discuss log monitoring and analysis on Windows systems Discuss log monitoring and analysis on Linux Discuss log monitoring and analysis on Mac Discuss log monitoring and analysis on Firewall Discuss log monitoring and analysis on Routers Discuss log monitoring and analysis on Web Servers Discuss centralized log monitoring and analysis	7
7. Incident Response	Incident Response and Forensic Investigation	Understand incident response concept Understand the role of first responder in incident response Discuss Do’s and Don’t in first response Describe incident handling and response process Describe forensics investigation process	6	10%
	Business Continuity and Disaster Recovery	Introduction to Business Continuity (BC) and Disaster Recovery (DR) Discuss BC/DR Activities Explain Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) Discuss various BC/DR Standards	4
8. Incident Prediction	Risk Anticipation with Risk Management	Understand risk management concepts Learn to manage risk though risk management program Learn different Risk Management Frameworks (RMF) Learn to manage vulnerabilities through vulnerability management program Learn vulnerability assessment and scanning	3	10%
	Threat Assessment with Attack Surface Analysis	Understand the attack surface analysis Understand and visualize your attack surface Learn to identify Indicators of Exposures (IoE) Learn to conduct attack simulation Learn to reduce the attack surface	4
	Threat Prediction With Cyber Threat Intelligence	Understand the role of cyber threat intelligence in network defense Understand different types of threat Intelligence Understand the Indicators of Threat Intelligence: Indicators of Compromise (IoCs) and Indicators of Attack (IoA) Understand the layers of Threat Intelligence Learn to leverage/consume threat intelligence for proactive defense	3

You can find the existing exam blueprint v2 here, the current blueprint is valid till January 10th, 2021.

Note: This announcement is limited to the CND multiple choice exam and there are no changes to any other aspect of the exam such as the eligibility criteria, exam duration or exam availability.

Should you have any further questions you can write to [email protected]

Certified Ethical Hacker (CEH), Blueprint Change Announcement

Effective Jan 11th, 2021, EC-Council will be introducing a new version of the CEH V4 exam blueprint.

For those who are scheduled to take the CEH exam on or after Jan 11th, 2021, here are the major changes you can expect to see:

New segmentation of topics among exam domains.
Removal and addition of some key topics.

Summary of the updated blueprint:

Domains	Sub Domain	Description	Number of Questions	Weightage (%)
1. Information Security and Ethical Hacking Overview	Introduction to Ethical Hacking	Information Security Overview Cyber Kill Chain Concepts Hacking Concepts Ethical Hacking Concepts Information Security Controls Information Security Laws and Standards	8	6%
2. Reconnaissance Techniques	Footprinting and Reconnaissance	Footprinting Concepts Footprinting Methodology Footprinting through Search Engines Footprinting through Web Services Footprinting through Social Networking Sites Website Footprinting Email Footprinting Whois Footprinting DNS Footprinting Network Footprinting Footprinting through Social Engineering Footprinting Tools Footprinting Countermeasures	10	21%
	Scanning Networks	Network Scanning Concepts Scanning Tools Host Discovery Port and Service Discovery OS Discovery (Banner Grabbing/OS Fingerprinting) Scanning Beyond IDS and Firewall Draw Network Diagrams	10
	Enumeration	Enumeration Concepts NetBIOS Enumeration SNMP Enumeration LDAP Enumeration NTP and NFS Enumeration SMTP and DNS Enumeration Other Enumeration Techniques (IPsec, VoIP, RPC, Unix/Linux, Telnet, FTP, TFTP, SMB, IPv6, and BGP enumeration) Enumeration Countermeasures	6
3. System Hacking Phases and Attack Techniques	Vulnerability Analysis	Vulnerability Assessment Concepts Vulnerability Classification and Assessment Types Vulnerability Assessment Solutions Vulnerability Assessment Reports	9	17%
	System Hacking	System Hacking Concepts Gaining Access Cracking Passwords Vulnerability Exploitation Escalating Privileges Maintaining Access Executing Applications Hiding Files Clearing Logs	6
	Malware Threats	Malware Concepts APT Concepts Trojan Concepts Virus and Worm Concepts File-less Malware Concepts Malware Analysis Malware Countermeasures Anti-Malware Software	6
4. Network and Perimeter Hacking	Sniffing	Sniffing Concepts Sniffing Technique: MAC Attacks Sniffing Technique: DHCP Attacks Sniffing Technique: ARP Poisoning Sniffing Technique: Spoofing Attacks Sniffing Technique: DNS Poisoning Sniffing Tools Sniffing Countermeasures Sniffing Detection Techniques	3	14%
	Social Engineering	Social Engineering Concepts Social Engineering Techniques Insider Threats Impersonation on Social Networking Sites Identity Theft Social Engineering Countermeasures	5
	Denial-of-Service	DoS/DDoS Concepts DoS/DDoS Attack Techniques Botnets DDoS Case Study DoS/DDoS Attack Tools DoS/DDoS Countermeasures DoS/DDoS Protection Tools	2
	Session Hijacking	Session Hijacking Concepts Application Level Session Hijacking Network Level Session Hijacking Session Hijacking Tools Session Hijacking Countermeasures	3
	Evading IDS, Firewalls, and Honeypots	IDS, IPS, Firewall, and Honeypot Concepts IDS, IPS, Firewall, and Honeypot Solutions Evading IDS Evading Firewalls IDS/Firewall Evading Tools Detecting Honeypots IDS/Firewall Evasion Countermeasures	5
5. Web Application Hacking	Hacking Web Servers	Web Server Concepts Web Server Attacks Web Server Attack Methodology Web Server Attack Tools Web Server Countermeasures Patch Management Web Server Security Tools	8	16%
	Hacking Web Applications	Web App Concepts Web App Threats Web App Hacking Methodology Footprint Web Infrastructure Analyze Web Applications Bypass Client-Side Controls Attack Authentication Mechanism Attack Authorization Schemes Attack Access Controls Attack Session Management Mechanism Perform Injection Attacks Attack Application Logic Flaws Attack Shared Environments Attack Database Connectivity Attack Web App Client Attack Web Services Web API, Webhooks	8
	SQL Injection	SQL Injection Concepts Types of SQL Injection SQL Injection Methodology SQL Injection Tools Evasion Techniques SQL Injection Countermeasures	4
6. Wireless Network Hacking	Hacking Wireless Networks	Wireless Concepts Wireless Encryption Wireless Threats Wireless Hacking Methodology Wireless Hacking Tools Bluetooth Hacking Wireless Countermeasure	8	6%
7. Mobile Platform, IoT, and OT Hacking	Hacking Mobile Platforms	Mobile Platform Attack Vectors Hacking Android OS Hacking iOS Mobile Device Management Mobile Security Guidelines and Tools	4	8%
	IoT and OT Hacking	IoT Concepts IoT Attacks IoT Hacking Methodology IoT Hacking Tools IoT Countermeasures OT Concepts OT Attacks OT Hacking Methodology OT Hacking Tools OT Countermeasures	6
8. Cloud Computing	Cloud Computing	Cloud Computing Concepts Container Technology Serverless Computing Cloud Computing Threats Cloud Hacking Cloud Security	7	6%
9. Cryptography	Cryptography	Cryptography Concepts Encryption Algorithms Cryptography Tools Public Key Infrastructure (PKI) Email Encryption Disk Encryption Cryptanalysis Countermeasures	7	6%

You can find the existing exam blueprint v3 here, the current blueprint is valid till January 10th, 2021.

Note: This announcement is limited to the CEH multiple choice exam and there are no changes to any other aspect of the exam such as the eligibility criteria, exam duration or exam availability.

Should you have any further questions you can write to [email protected]

Are you worried how the COVID-19 impacts your ECEs?

Times are uncertain and we understand how such an outbreak of the pandemic may have impacted your personal and professional life. We do not want you to stress over your ECE credits as we are all in this together.
For those who hold EC-Council certifications that may have been Suspended please note that you have 1 year from date of Suspension to key in your ECE credits and renew your certification.
For those who hold EC-Council certifications that may have been Revoked in 2020, we ensure that you will be provided a chance to key in your ECE credits if you have not done this in time. You can write to [email protected] and we will work with you to update your account.
For those who had activities and events planned to ensure they earn ECE credits are unable to do so given the current situation, can make the most of EC-Councils online resources which will help you earn ECE credits at https://codered.eccouncil.org/

EC-Council takes steps to support test takers during the unfortunate COVID-19 outbreak

We understand that during these challenging times, students preparing to challenge their EC-Council exams may be affected by travel restrictions, temporary business closures and such. As such, EC-Council is extending all exam vouchers expiring between 1 March 2020 and 30 June 2020 to a new extended expiry date of 30 September 2020. Any candidates with voucher expiry within this date range can write EC-Council (at [email protected]) to receive the free extension. EC-Council will continue to track the developments of the Covid19 situation and will make further arrangements should the situation requires.

CHFI, CND, CTIA v1, CSA v1, ECIH v2 revised exam voucher price

Effective Oct 1st, 2019, revised voucher prices as follows:

CHFI	$650
CND	$550
CTIA v1	$450
CSA v1	$550
ECIH v2	$450

CHFI, CND, CASE .Net/Java, EDRP v3, ECES v2, CTIA v1, ECIH v1, ECSS v9 revised exam voucher price

Effective Jan 1st, 2019, revised voucher prices as follows:

CHFI	$600
CND	$450
CASE .Net v1	$450
CASE Java v1	$450
EDRP v3	$450
ECES v2	$249
CTIA v1	$249
ECIH v1	$249
ECSS v9	$249

CEH Pearson Vue Voucher price

Effective Aug 15th, 2018, the CEH Pearson Vue Voucher price will be $1199.
Note: There is no price change for CEH ECC Exam Vouchers. This will continue to be $950.

Electronic Certificates (Digital Badging)

Dear EC-Council Partners, Members, and Friends

EC-Council is pleased to announce the formal introduction of “Digital Badges” for all of its active members, without any additional fee whatsoever. A digital badge is a validated indicator of achievement to highlight a skill or quality. EC-Council will now offer digital badges post successful completion of our modules, courses, and certification exams. These visual tokens of achievement will now allow students to showcase their efforts and success across the world!

How Do “Digital Badges” Work?

Upon registering for a course, students can access EC-Council course content via the ASPEN portal. They will now be rewarded with digital badges upon completion of each module, or upon successfully passing an EC-Council certification exam. These digital badges can be collected and shared with colleagues, added to resumes, social media outlets, and other avenues, serving as skills validators. Digital Badges will be available to download from the ASPEN portal.

As we continue to face a growing threat landscape and a Cybersecurity industry, hungry for qualified candidates, digital badges will become paramount to enhancing the exposure of EC-Council certified members.

As we continue our digital journey, commencing January 1st, 2019, EC-Council will no longer ship out physical certificates. EC-Council certified members can continue to download their e-Certificates from the ASPEN portal. Certified members who still wish to receive a physical certificate may request a physical certificate here.

We thank you for your on-going support. For more information on our digital badges and supporting processes, please contact: [email protected].

Certified Ethical Hacker (CEH), Blueprint Change Announcement

Effective Nov 1st, 2018, EC-Council will be introducing a new version of the CEH exam blueprint V3.

For those who are scheduled to take the CEH exam on or after Nov 1st, 2018 here are the major changes you can expect to see:

New segmentation of topics among exam domains.
Removal and addition of some key topics.

Summary of the updated blueprint:

Domains

Weightage

Total Number of Items Per Domain

Objectives/Sub-Domains

Total Number of Items Per Sub-Domain

Background

21.79%

Network and Communication Technologies

Information Security Threats and Attack Vector

Information Security Technologies

10
9
8

Analysis/Assessment

12.73%

Information Security Assessment and Analysis

Information Security Assessment Process

Security

23.73%

Information Security Controls

Information Security Attack Detection

Information Security Attack Prevention

Tools / Systems / Programs

28.91%

Information Security Systems

Information Security Programs

Information Security Tools

Procedures / Methodology

8.77%

Information Security Procedures

Information Security Assessment Methodologies

Regulation / Policy

1.90%

Information Security Policies/Laws/Acts

Ethics

2.17%

Ethics of Information Security

The current blueprint V2 is valid till October 31st, 2018.

Note: This announcement is limited to the CEH multiple choice exam and there are no changes to any other aspect of the exam such as the eligibility criteria, exam duration or exam availability.

Should you have any further questions you can write to [email protected]

EC-Council’s C|ND Program officially accredited by ANSI

EC-Council is proud to announce that the Certified CND Program has officially been accredited by the American National Standards Institute (ANSI) to meet the ANSI/ISO/IEC 17024 Personnel Certification Accreditation standard for its C|ND certification!

All CNDs who took the version of the exam that was certified by ANSI will now have the ANSI logo on their electronic certification. If you have any questions about this program, please contact [email protected].

EC-Council’s C|HFI Program officially accredited by ANSI

EC-Council is proud to announce that the Certified CHFI Program has officially been accredited by the American National Standards Institute (ANSI) to meet the ANSI/ISO/IEC 17024 Personnel Certification Accreditation standard for its C|HFI certification!

All CHFIs who took the version of the exam that was certified by ANSI will now have the ANSI logo on their electronic certification. If you have any questions about this program, please contact [email protected].

EC-Council’s C|CISO Program officially accredited by ANSI

EC-Council is proud to announce that the Certified CISO Program has officially been accredited by the American National Standards Institute (ANSI) to meet the ANSI/ISO/IEC 17024 Personnel Certification Accreditation standard for its C|CISO certification!

All CCISOs who took the version of the exam that was certified by ANSI will now have the ANSI logo on their electronic certification. If you have any questions about this program, please contact [email protected].

EC-Council Announces the World’s First Fully Online, Remotely Proctored Hands-On Penetration Testing Exam

EC-Council today announced the release of the new, fully online, remotely proctored Licensed Penetration Tester (LPT) certification, which will be launched at Hacker Halted, 2017. The new LPT (Master) certification exam is the first globally accepted, hands-on penetration testing certification exam administered in a fully remote proctored environment.

Penetration testing professionals around the world will be able validate their skills in this new exam format launched by EC-Council. The new LPT (Master) certification exam will be delivered as a secure, remotely-proctored, live certification test that can be taken anytime, anywhere by busy professionals.

Jay Bavisi, the president and CEO of EC-Council, commented “With the increase in the sophistication of cyber-attacks and with ever growing security needs, today’s digital enterprises are looking for experts that have proven abilities to function as competent penetration testers in order to secure their operations. The online remotely proctored, hands-on LPT (Master) certification exam combines effectiveness with convenience to deliver a highest standard of exam that enables the candidates to demonstrate expertise in applying their skills in a hands-on environment.”

The exam provides a level playing field where candidates are challenged to prove their skills as expert-level penetration testers. Bavisi added “In the real world, penetration testers go through a strenuous, arduous and laborious process to keep their clients and organizations secure. This exam is meant to mimic the real-world environment and is meant to stress, burden and ardently push the candidates to their limits to test their actual abilities in penetration testing.”

The new LPT (Master) certification is the crown jewel of the EC-Council penetration testing track. It challenges candidates through a grueling 18 hours of hands-on exam categorized into three practical tests for six hour intervals, each of which provide a multidisciplinary approach for targeting and compromising high security environments. Upon completion of the exam, candidates will have to demonstrate an advanced understanding of testing modern infrastructures by completing a professional penetration test report to be evaluated by EC-Council experts for completeness and professionalism.

For more information, please contact [email protected]

Protect, Detect and Respond to Cyber Security Threats with EC-Council’s Certified Network Defender (CND) Skillset

EC-Council is excited to announce the launch of the all-new certification Certified Network Defender (CND), which was launched globally on September 14th, 2016.

The new certification is designed to be a game changer in the network defence domain. The past few years had seen the disastrous consequences of cyber-crime, which made cyber security one of the key aspects of agenda in the Board Room discussions. Studies point out that, professionals handling the Organisation’s networks are not amply equipped to protect their networks from evolving cyber threats like Advanced Persistent Threats (APTs), sophisticated botnet C&C, Insiders to mention a few. Cyber criminals see this as an opportunity to hack the system compromising on important information. The R&D teams at EC-Council have extensively conducted technology surveys, community engagements, market analysis and SME consultations to develop the CND skillset that will enable networking professionals to protect, detect and respond to cyber security threats.

A thorough job task analysis along with research, market analysis, surveys, community engagement activities, consultation and advice from Subject Matter Experts, has ensured that the CND design is based on cyber security frameworks such as NICE and is in sync with the current markets trends. CND is designed in a manner that it imparts the necessary skillset to the Network Administrator on the nuances of Network Security whether it is designing the Organisation’s network security controls, firewall systems, IDS/IPS systems, policies and procedures, DLP and etc. It also ensures that the personnel handling the network can detect network security breaches at an early stage, and also respond to the same. A deeper analysis of the situation brings to the fore, the larger goals of the organisation being met. Ensuring that information, the key component of the organisation is safe will ensure business continuity, better ROIs on security investment and lesser impact on incidents on Information System Resources. What makes CND different from the other programmes is that CND covers network defence from a Defence perspective going beyond the traditional security solutions and appliances. Also, the CND programme includes operational security aspects such as designing and deploying security policies, network monitoring, vulnerability management, incident handling and response and etc.

EC-Council recommends that companies facing a shortage of qualified security practitioners or companies that cannot afford to hire specialized information security professionals consider adding information security duties to their existing system and network administrator job roles. The fastest way to accomplish this would be to send their employees to the only program on the market designed to teach network and system administrator information security skills: CND.

For further information, please visit https://www.eccouncil.org/programs/certified-network-defender-cnd/

My Contribution

“EC-Council is glad to announce the initiative of our “My Contribution” a platform for Cyber Security enthusiasts and cyber security experts who are interested to share and contribute their views and feedback through various exercises.

You will have a chance to publish White Papers/ articles, act as Subject matter expert to our team, be a part of the exam development cycle and add value to our certification programs through this platform.

You can read more about this by logging into your Aspen account, and clicking on “My contribution” or write to us at [email protected]

LPT (Master) is available now

Starting 1st December 2015, interested candidates can apply for the “LPT (Master)” credential. For more details about the LPT (Master) program Click Here, If you would like to submit your application Click Here

For more details and information please contact [email protected]

Membership Fee for EC-Council Certified Members

Please be advised, effective January 1, 2016, EC-Council will be initiating the requirement for Membership fees for all certified members holding EC-Council certifications. In the year 2012, EC-Council had announced that it would be initiating this membership fee structure in 2016. We are proud to say our certification membership base continues to grow at a steady rate and the cyber security field is growing as a whole.

Just this year, EC-Council has received “Cyber Security Company of the year award” The year before, we received the “DHS/NSA Industry Achievement Award” at the CISSE Colloquium for advances in cyber security professionalization. These awards received are evidence of the work we continue to do to add tangible industry recognition and value in our certification programs. We also now have a fully accredited online University- EC-Council University, which produces Cyber Leaders of the future. We are proud to maintain our ANSI 17024 status. We are proud to be one of the world’s largest technical InfoSec certification bodies with over 140,000 certified members in 140 countries across the globe

Holding a certification from EC-Council comes with many benefits and advantages but comes at an immense cost of maintenance to EC-Council. To continue to provide these benefits and elevate the value of EC-Council Certifications in the market, EC-Council has no choice but to implement a certification maintenance fee of $80.00 per annum.

The EC-Council Continuing Education requirements, which calls for the maintenance of certification through Continuing education credits is still in effect and it is important you maintain currency in the profession.

Members are also eligible to receive exclusive discounts to attend EC-Council Foundation Events such as Hacker Halted and Take Down Con as well as a discounts on additional EC-Council certification programs and material.

Members will receive reminders prior to their membership fee due dates.

We thank you for your ongoing support towards EC-Council, should you have any questions, please write back to us.
For partners [email protected]
For certified members [email protected]

More details about the membership fee, cycle and due date can be found at https://cert.eccouncil.org/membership.html

EC-Council Exams can now be remotely proctored

EC-Council has partnered with ProctorU allowing exam candidates to take EC-Council exams remotely. ProctorU is an online proctoring service which allows EC-Council candidates to take exams from any location 24 x7 as long as they have a computer equipped with a webcam and a microphone. This online delivery format requires that the students have reliable Internet connectivity and schedule their exam time with a proctor through the ECC Exam Center.

This service is exclusively available with ECC Exam Centre only. Candidates interested in these services need to specify their requirements while placing their orders.

NOTE: Vouchers with ProctorU services are unique.

EC-Council Certification status for certified member

Certified members who have earned their EC-Council certification are required to check their recertification requirement and policy at HERE.
Members whose certification is revoked will be required to retake and pass the respective new exam to regain their certification.

Changes to EC-Council Logo Guidelines (Effective From April 1st, 2012).

Additional guidelines in EC-Council logo usage for

Certified Member must state the certification version number next to the logo such as v4, v6, v7, v8. Certified Member may not alter, change or remove elements of the logo in any other way.
Individuals may not use the logo if their certification has been revoked or suspended due to non-compliance of certification requirements.
Certified Member who hold EC-Council ‘Retired Status’ may not use the logo unless the logo is used with the word ‘retired’.