Course Outline

Day 1: Overview of cybersecurity, ethical hacking and contemporary architecture

Day 2: Active recognition

Day 3: System operation

Day 4: Exploitation and post-exploitation, and report drafting

Day 5: Certification Exam


Learning objectives

  • Understand the fundamental concepts of ethical hacking and the required technical knowledge to perform and manage penetration tests;
  • Master the concepts, approaches, standards, methods, and techniques used for the operation of an effective ethical hacking process;
  • Acquire the expertise to conduct a penetration test following a logical path by using a variety of tools and techniques;
  • Develop the expertise to analyze the results of testing activities and produce effective reports which will help organizations to effectively address vulnerabilities;
  • Strengthen the personal qualities necessary to act with due professional care when conducting penetration tests;
  • Be able to define and explain the different phases of cyberattacks; 
  • Become acquainted with the different tools used to collect information before performing any attack;
  • Learn about the different attacks that affect the security of an organization's network; 
  • Learn how to perform the different steps comprising a penetration test (ethical hacking) and its associated tools by obtaining information, scanning, enumeration and attack processes;
  • Learn about the most important aspects of Distributed Denial of Service (DDoS) attacks and their tools;


Educational approach

  • This training is based on both theory and practical exercises. The percentage ratio for the theoretical and practical part of the training is 40% and 60% respectively. Practical exercises are combined with tutorials to help the candidates acquire the required skills.
  • The laboratory environment is intensive, providing in-depth knowledge and practical experience regarding current security systems to each candidate. 
  • Learning by doing: The participant will engage in scenarios, situations and decision-making that he or she will most probably face during his or her professional life.
  • Practical tests are similar to the Certification Exam.



The “PECB Certified Lead Ethical Hacker” exam meets all the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competency domains:

Domain 1: Fundamental principles and concepts of ethical hacking

Domain 2: Attack mechanisms

Domain 3: Principles and reference frameworks on penetration tests

Domain 4: Planning and performing penetration tests using various tools and techniques

Domain 5: Drafting penetration testing reports

The examination consists of two parts. The first part is a paper-based exam, which consists of essay-type questions. The second part is rather technical, where the candidate will be required to conduct penetration testing exercises on a computer and draft a report of the analysis.

Participants are authorized to use their personal notes during both the paper-based exam as well as the practical part of the exam.

For more information about exam details, please visit Examination Rules and Policies.



After successfully completing the exam, you can apply for the credentials shown on the table below. You will receive a certificate once you comply with all the requirements related to the selected credential. For more information about Ethical Hacking certifications and the PECB certification process, please refer to the Certification Rules and Policies.

To be considered valid, activities related to ethical hacking and penetration testing should follow best practices and include the following activities:

  1. Understanding the scope of ethical hacking
  2. Defining a penetration testing approach
  3. Understanding the steps that should be followed during an ethical hacking process
  4. Defining the penetration testing criteria
  5. Evaluating pen test scenarios and treatment options
  6. Understanding the methods that help in increasing the security of operation systems
  7. Reporting the penetration testing results 


A fundamental knowledge of Information Security, and advanced skills in operating systems (e.g., Microsoft, Linux, etc.) is required. Furthermore, it is desirable for the candidate to have knowledge on computer networks, the use of operating systems and the notions of programming. 

  35 Hours


Related Courses

Certified Chief Information Security Officer (CCISO)

 35 hours

EC-Council’s CCISO Program has certified leading information security professionals around the world. A core group of high-level information security executives, the CCISO Advisory Board, contributed by forming the foundation of the program

Certified Ethical Hacker

 35 hours

Objectives: To prepare the student for the Ethical Hacking and Countermeasures examination. On passing this examination you will be awarded the Certified Ethical Hacker certification Target Audience: This course will significantly benefit

Incident Response

 21 hours

Threat Hunting

 21 hours

Certificate of Cloud Security Knowledge

 14 hours

Description: This 2-day CCSK Plus course includes all content from the CCSK Foundation course, and expands on it with extensive hands-on labs in a second day of training. Students will learn to apply their knowledge by performing a series of

C/C++ Secure Coding

 21 hours

This three day course covers the basics of securing the C/C++ code against the malicious users who may exploit many vulnerabilities in the code with memory management and input handling, the course cover the principals of writing secure

Advanced Java Security

 21 hours

Even experienced Java programmers are not mastering by all means the various security services offered by Java, and are likewise not aware of the different vulnerabilities that are relevant for web applications written in Java. The course –

Standard Java Security

 14 hours

Description The Java language and the Runtime Environment (JRE) was designed to be free from the most problematic common security vulnerabilities experienced in other languages, like C/C++. Yet, software developers and architects should not only

Java and Web Application Security

 21 hours

Description Beyond solid knowledge in using Java components, even for experienced Java programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side, the different vulnerabilities that are

Advanced Java, JEE and Web Application Security

 28 hours

Beyond solid knowledge in using Java components, even for experienced Java programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side, the different vulnerabilities that are relevant for web

.NET, C# and ASP.NET Security Development

 14 hours

A number of programming languages are available today to compile code to .NET and ASP.NET frameworks. The environment provides powerful means for security development, but developers should know how to apply the architecture- and coding-level

Microsoft SDL Core

 14 hours

The Combined SDL core training gives an insight into secure software design, development and testing through Microsoft Secure Development Lifecycle (SDL). It provides a level 100 overview of the fundamental building blocks of SDL, followed by design

Fundamentals of Corporate Cyber Warfare

 14 hours

Cyber Warfare is a growing problem for enterprises. As attackers employ more and more sophisticated technologies to launch their attacks, it is vital for companies to understand the nature of these attacks and the defense mechanisms needed to keep

Open Source Intelligence (OSINT) Advanced

 21 hours

Open Source Intelligence (OSINT) refers to any information that can legally be gathered from free, public sources about an individual or organization. OSINT also refers to the process of collecting this data, analyzing it, and using it for

Open Source Cyber Intelligence - Introduction

 7 hours

This Introduction to Open Source Intelligence (OSINT) course will provide delegates with skills to become more efficient and effective at finding those key pieces of intelligence on the Internet and World Wide Web. The course is highly practical