How to be a Certified Ethical Hacker (CEH v11) | Step by Step Beginners Guide from Scratch
Hey learners, do you also have countless questions on Ethical Hacking? If yes, you are not alone . Almost everyone trying to get into Cyber Security is struggling with the same question “How to become a Certified Ethical Hacker in India?” “What to learn before Ethical Hacking?” “What are the steps to become a Certified Ethical Hacker?” If you are reading this blog, you must be aware that we are talking about EC Council’s Certified Ethical Hacker Certification. You must have gone through the Internet but maybe ended up having tons of irrelevant data. Unsatisfied and frustrated you, might have closed the browser and opened Instagram. The same happened with me while I was struggling, the same as you guys.
Now, when I am a Certified Ethical Hacker, I want to shut this overwhelmingness in India and open up opportunities for learners and enthusiasts like me. So, here I am going to cover all the questions I struggled with earlier. This is the complete Step-by-Step Beginners Guide to become a Certified Ethical Hacker in India. I am assuring you that you don’t need to go anywhere after reading this blog. So let’s not keep hitting the bush; dive into it with a fundamental but essential question.
What is Ethical Hacking?
Frankly, Hacking sounds illegal, but it’s not. Yeah, it can be, or it can be not! Based on purpose, Hacking determines its evilness. If you are performing Hacking for your benefits by any means like fraud or cheating people, then it is Malicious Hacking (or Black Hat Hacking), otherwise considered as Ethical Hacking. Both Ethical and Malicious Hackers aim to find vulnerabilities/faults in the system, but their purposes are just the opposite. While Ethical Hackers hack to strengthen system security, Malicious Hackers do exploit crucial information. Concluding, Ethical Hacker is the one who improves the security footprint to fight against malicious attacks.
By definition, Ethical Hacking is the authorized practice to make the system more secure and safe. A person who will not destroy the system security; in fact, take care of the design from a hacker’s viewpoint is termed as Ethical Hacker or White Hat Hacker.
In this new decade, all the organizations hire Ethical Hackers to establish a secure environment that improves security and defends malicious attacks. The most exciting fact is that Ethical Hackers use the same tools, tricks, and techniques that Malicious Hackers do, but with authorized permission. So it’s not exceptional to say that “A thief is needed to catch a thief.”
Why should you learn Ethical Hacking?
If I would like to conclude this question in some points, that will be like this:
- Self-protection to avoid Cyber Crimes
- Lifetime & In-demand skill
- Highly paid jobs available
- Job never gets boring
- Work in any industry
- Global Recognition
- Travel the World
According to the Cyber Security Crime Wing of Maharashtra Police, fraud links are circulated via social media posts with the sole motive of collecting sensitive and personal information. Fake websites, fake apps, Carding, Phishing, and DDoS attacks are the other Cyber crimes increasing day by day. You might have heard about the video conferencing app (Zoom). Not only a particular meeting is bombarded with objectionable content, but also lakhs of Zoom credentials are listed for sale in the black market.
Earlier, where Indian companies are not very concerned about their security. Now, they are attentively taking actions to secure themselves from Crackers (another word for Malicious Hacker). Hence, they are willing to pay a large amount of money on Certified Ethical Hacker for their security, which made Ethical Hacking a highly In-demand skill. Apart from this latest crossover, you can become a National Asset as a Cyber Security Professional.
You can also acquire this skill as a hobby (Well, it’s a kind of necessity these days!) where you can never get bored. Security is for everyone and its era will never end, so you can assume that Ethical Hacking is a life-time skill. And there are no boundaries of this specific field. You can get jobs in any industry. If you get Global Certification (CEH, OSCP, etc.), you will not be limited to India but can explore globally. If you are a traveling person, a Certified Ethical Hacker job is for you! You will end up traveling the world for various conferences and security consultancies. Now you know why should you learn Ethical Hacking. Let’s move on to “What should we know before learning Ethical Hacking?”
What to learn before Ethical Hacking?
For starting into Ethical Hacking, you just need a primary higher school education. That’s enough if you want to get started right now! Don’t bother if you are not from a technical field. Hacking is an entirely different zone that does not require any prior technical knowledge. Although, if you know basic Programming, Networking or any OS knowledge, then it’s like a cherry on the cake. So brush up on your basic concepts before starting into Ethical Hacking. These concepts include in-depth knowledge of few Programming Codes, Systems, Networks, Security Measures, etc., to perform hacking individually. That’s all included in the prerequisites of Ethical Hacking. Get ready and start learning the following skills to become a Professional Hacker:
- Programming knowledge.
- Scripting knowledge.
- Networking concepts.
- A better understanding of Databases.
- Complete knowledge of Operating systems such as Windows, Linux, etc.
- Ability to work on different tools.
- Thorough knowledge of Search Engines and Servers.
- Cyber Laws.
- And, most importantly, passion and patience to learn something extraordinary.
Apart from these basic prerequisites of Ethical Hacking, get enrolled in Ethical Hacking Groups on LinkedIn and Facebook. Don’t forget to attend free webinars and conferences whenever possible. Likewise, Hacking has also dedicated conventions and conferences in any other IT field, such as “DefCon.” Defcon is one of the oldest and largest International conferences. “The Hackers Conference” is one of the biggest Hackers conferences held in New Delhi, India, every year. Other conferences in India are “BSides Delhi”, “NullCon”, “HackersDay”, “Hacker’s Idol”, “Malcon”, etc. These little activities can be a great help in extending your network and exploring various aspects of Ethical Hacking.
Now, let’s move on to the critical key concepts of Ethical Hacking. These concepts will enlighten the few protocols that you must have in your head as an Ethical Hacker.
What are the Key Concepts of Ethical Hacking?
Hacking experts follow the four key protocols to avoid any loopholes:
1. Authorization. Must obtain proper approval from an authorized person before accessing and performing a security asset.
2. Scope Definition. To ensure the work remains legal and within the organization’s approved boundaries. Hackers must determine the score of their work before performing any task.
3. Report Vulnerabilities. The most important one. Notify all the discovered vulnerabilities and remediation advice to resolve these vulnerabilities to the organization.
4. Ensure data sensitivity. Do not disclose any sensitive information of an organization. You may have to agree on the terms & conditions required by the organization.
While working for an organization in India, you are bounded by some rules and responsibilities as a Certified Ethical Hacker. These rules and duties are the ones that make you a Good Ethical Hacker. Also, it improves you a lot more professionally as well as personally. If these responsibilities are so important, why not let’s check them out.
What are the Roles & Responsibilities of Ethical Hackers?
There is a misconception that Certified Ethical Hacker is only responsible for penetration testing of systems and applications. But it’s not done here; Ethical Hacking is responsible for much more like-
- Scanning open and closed ports using hacking tools like Nmap.
- Performing Social Engineering for security assessment.
- Conducting and analyzing Vulnerabilities to examine patch release.
- Evading IDS (Intrusion Detection systems), IPS (Intrusion Prevention systems), Honeypots, and Firewalls.
- Employing strategies like Sniffing Networks, bypassing and cracking Wireless Encryption, and hijacking Web Servers and Web Applications to ensure security.
Conclusively, Certified Ethical Hackers strives to replicate Black Hat Hacker’s doing by analyzing the defense protocols and social engineering aspects of an organization. Other than these responsibilities, Ethical Hackers must follow these rules for better experiences:
- Must remind to take the authorized permission before touching any security system. It is the best practice to prevent legitimate disputes later.
- Report all security faults and breaches you discover while testing along with their solutions.
- Always prepare a plan for testing implementations and take the organization in the loop.
- Respect privacy. Keep the information confidential if you find any breaches or faults in the security systems.
- Remove all the hacking traces after completing the tests. It is the best practice to ensure no one would breach the systems by using your discovered loopholes.
How much time is required to become an Ethical Hacker in India?
There is no minimum or maximum time to become a Certified Ethical Hacker in India. If you are learning consistently, 30 days is more than enough, else the whole life is less. Some institutes and online websites offer offline and online training respectively. They claim to convert you into a Professional Hacker in just 30 hours. Well, they are not entirely wrong. They will guide you on how and what needs to be done in 30 hours. Rest is up to you how much time you are taking to grasp that knowledge and use that for Ethical Hacking. So, there is no exact time to become an Ethical Hacker.
Since it’s a complete step-by-step guide to become a Certified Ethical Hacker. I am, here, adding few more questions that will help you analyze if you really want to into Ethical Hacking or not. If you are from India, the few thoughts while doing any course comes “What’s the future opportunities?” “Is there any job?” and “How much can I earn after completing this course?” After all, we guys think of the future more than the present! So, let’s just get on to them.
What are the Jobs for Ethical Hackers in India?
I have heard this particular question about hundred times- “Is there any scope of Ethical hacking in India?” “What are the positions of Ethical Hackers in India?” If you are asking these questions too then the next list is only for you. After having a basic global certification CEHv11 (Certified Ethical Hacker version 11), you can approach for the following roles-
- Information Security Analyst
- Certified Ethical Hacker
- Security Analyst
- Security Consultant (Computing/Networking/Information Technology)
- Information Security Manager
- Penetration Tester
Above given Ethical Hacker job roles are listed briefly. Each role can be divide into many parts, based on your experience.
How much can an Ethical Hacker earn in India?
Ethical Hacker salary varies by location, position, organization and experience.
If you have passed the EC-Council’s Certified Ethical Hacker (CEH), you can add a 9% hike on the basic salaries. Add a 10% hike on basic salary, if you are a Certified Penetration Tester.
In India, the average salary of a Certified Ethical Hacker varies between 3–5 lakhs annually. Having relevant experience in this field will strongly make organizations to pay you more than 15 lakhs yearly.
What is the scope of Ethical Hacking in India?
After the launch of Digital India, NASSCOM was responsible for setting the CSTF (Cyber Security Task Force) of India. As per the Nasscom report, India needs about 77,000 Certified Ethical Hackers every year but unfortunately, having only 15,000 per year. In this NASSCOM conference, three main topics were discussed where the highest number of Ethical Hackers is needed. These areas are:
- Security Policy
- Industry Linkages
- Creating Professionals in Cyber Security
So, prioritize these points while learning Ethical Hacking. If you master these areas, you can be a part of the Indian Cyber Crime Coordination Centre (I4C or ICCCC). It is estimated that India needs 1.5 million’s Cyber Security Professionals by 2022. So, it’s clear now that Certified Ethical Hacker’s demand is high and the future is also bright. If you are still thinking then stop thinking and start learning now!
What are the Skills and Certifications required to become an Ethical Hacker?
A person expected to be an Ethical Hacker must have expert level knowledge of Database Handling, Networking, and Operating Systems. Also, good communication and analytics ability for communicating problems with organizations must have on the list. Other than these generalized skills, Ethical hackers must have a good grasp on the given skills:
- Network Traffic Sniffing
- Orchestrate various Network Attacks
- Exploit Buffer Overflow Vulnerabilities
- SQL Injection
- Password Guessing and Cracking
- Session Hijacking and Spoofing
- DNS Spoofing
The above listed are some ordinary skills every Ethical Hacker must-have. Other than these skills, Ethical Hackers can acquire well known and global recognized certificates listed below:
- EC Council: Certified Ethical Hacker (CEHv11) certification
- Offensive Security Professional (OSCP) certification
- CompTIA Security+
- CCNA ( Cisco Certified Network Associate Security)
- SANS Global Information Assurance Certification (GIAC)
- Red Hat Certified System Administrator (RHCSA)
- Licensed Penetration Tester (LPT)
- Offensive Security Web Expert (OSWE)
- Certified Information System Security Professional (CISSP)
- Certified in Risk and Information System Control (CRISC)
- Computer Hacking Forensics Investigator (CHFI)
- Certified Information System Auditor (CISA)
What are the Best Resources to learn about Ethical Hacking?
Since this blog is a complete steps guide to become a Certified Ethical Hacker, I am mentioning every online & offline resource along with Hacking tools & practical labs in the next paragraphs. If you are comfortable in online studying then check out our latest online resources. If you are still a bookworm then just look at our latest and best hacking books. Later, you need Hacking labs for practicing Hacking skills as learned from the earlier resources. So I have also mentioned labs at the end of this paragraph. If you complete these things, you are more than eligible to become a Certified Ethical Hacker.
Online Resources
Hacking Books
- Mastering hacking: The art of Information Gathering & Scanning
- Hacking: Computer Hacking, Security Testing
- Kali Linux Revealed: Mastering the Penetration Testing Distribution
- Gray Hat hacking: The Ethical Hacker’s handbook
- Hacking: The Art of Exploitation
- The Web Application Hacker’s Handbook: Finding And Exploiting Security Flaws
- The Hacker Playbook 2: Practical Guide to Penetration Testing
- Advanced Penetration Testing: Hacking the World’s Most Secure Networks
- Real-World Bug Hunting
- Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker
- The Hardware Hacker: Adventures in Making and breaking hardware
Hacking Tools
- BurpSuite
- Nessus
- Nmap
- Wireshark
- Metasploit
- Netcat
- Acunetix
- Hashcat
- Social-Engineer Toolkit
- Maltego
- John the Ripper
Hacking Labs to practice
- DVWA
- OWASP Juice Shop
- HackTheBox
- PortSwigger’s Web Security Academy Labs
- HackThisSite
- PentesterLab
- Hack.me
- Zixem
Given list are some of the best resources of Ethical Hacking I came across. Must ensure to check out these resources before attempting EC-Council’s Certified Ethical Hacker (CEH) certification. After completing these books and labs, go through the below-given steps to become a Certified Ethical Hacker.
Steps to begin your CEH (Certified Ethical Hacker) Career
Don’t worry, there is no two-page guide to start your career in Cyber Security. Some simple 4–5 steps are there to reach your first goal in Cyber Security, i.e. EC-Council’s Certified Ethical Hacker certification.
- The first step to become a Certified Ethical Hacker is to brush up on the prerequisites of Ethical Hacking, which we already covered in this blog. Use Google, YouTube or blogs to learn everything from free resources.
- The second step is to enroll in an authorized online or offline training center (ensure the learning mode is comfortable for you). Make sure to choose one which provides CEH training under EC Council guidelines.
- The third step to become a Certified Ethical Hacker is to get trained at least for 30–40 days as per your grasping power. Remember not to hurry while purchasing the CEH exam.
- The fourth step to become a Certified Ethical Hacker is to register for the CEH exam (only when you are confident of appearing in the exam).
- Finally, take the exam and get a CEH certificate with your name.
These five points summarize the steps to become a Certified Ethical Hacker. These steps are gone through by many outstanding Certified Ethical Hackers so ensure to tie knots of these steps.
Last words…
Finally, we have come to an end. This is all I need to tell you about my experience of EC Council’s Certified Ethical Hacker (CEH) exam. Last but not least suggestion: Do what I recommended, most importantly — steps to become a Certified Ethical Hacker, and then you will not take a longer time to be a Certified Ethical Hacker.
If you have any doubts or suggestions or need any kind of help regarding Ethical Hacking or Penetration Testing, please reach me without any hesitation. I will be more than happy to help you!
#EthicalHacking #EthicalHacker
Reach me out-
LinkedIn: https://in.linkedin.com/in/prashantique
Twitter: https://twitter.com/Prashantique
Instagram: https://www.instagram.com/Prashantique/
