CEH v10: Exam Domains, Content, and How It Compares to v12

What Was CEH v10?

CEH v10 was EC-Council's ethical hacking certification update for 2018, introducing expanded IoT, cloud, and malware coverage to a curriculum that had been foundational in the industry for years prior.

CEH v10 (Certified Ethical Hacker, Version 10) was an update to EC-Council's flagship ethical hacking certification, released approximately in 2018. It represented EC-Council's response to the rapidly evolving threat landscape by adding coverage of newer attack surfaces — particularly IoT security, cloud computing security, and malware analysis — that had become increasingly significant in penetration testing and ethical hacking practice.

The Certified Ethical Hacker (CEH) certification has been updated through multiple versions, with CEH book resources updated for each version since its initial release, with each version adding content reflecting new technologies, attack vectors, and defensive considerations. CEH v10 followed v9 and was itself succeeded by v11 (2020) and v12 (2022). Each version update typically adds new domains or significantly expands coverage of domains that have grown in importance, while also updating the normative technical content to reflect current tools and techniques.

The certified ethical hacker CEH v10 maintained the same exam format as previous versions — 125 multiple-choice questions with a 4-hour time limit and passing requirement typically around 70% — but introduced curriculum changes, new lab content, and updated alignment with the 20 ethical hacking domains. EC-Council's training and certification ecosystem for v10 centered on the same components as other versions: formal training (official courseware + iLabs), self-study with third-party books, and the EC-Council exam voucher.

CEH v10 is now a historical version. As of 2024-2026, CEH v12 is the current active version, and earlier exam versions like v10 are no longer available for new examination candidates. Candidates who started their certification journey during the v10 era and completed their training then may have already certified under v10; those who did not can only pursue the current version.

The CEH v12 is the current version, with updates to cloud computing, IoT, and OT security domains beyond what v10 covered. Understanding v10's content helps contextualize how the certification has evolved and what was added in subsequent versions to address emerging threat landscapes.

The CEH v10 curriculum aligned with the NICE Cybersecurity Workforce Framework and mapped to several widely recognized security knowledge domains. This alignment was relevant for organizations seeking to demonstrate that their security staff training met recognized industry standards. EC-Council maintained alignment documentation showing how CEH v10 domains mapped to NICE roles, which supported use of CEH v10 training to satisfy certain government and enterprise training requirements.

CEH v10 introduced enhanced iLabs integration — EC-Council's virtual lab environment that provides hands-on practice with the tools and techniques covered in each module. While the CEH has sometimes been criticized for being knowledge-focused rather than skills-focused, the iLabs component aimed to address this by providing students with access to real attack tools in a safe, legal environment. CEH v10's expanded IoT and cloud modules came with corresponding lab exercises that allowed students to practice techniques specific to those environments.

The transition from CEH v9 to v10 reflected broader changes in the threat landscape between approximately 2015 and 2018. The proliferation of ransomware, the emergence of large-scale IoT botnets (like Mirai), the growing adoption of cloud infrastructure, and high-profile supply chain attacks all shaped what EC-Council included in the v10 update. The curriculum choices in CEH v10 document what the industry considered most pressing in the 2018 threat environment.

CEH v10 vs. v11 vs. v12: How the Versions Differ

Each major CEH version update reflects EC-Council's assessment of which attack vectors and technologies have become significant enough to warrant deeper coverage in the ethical hacking certification curriculum. The evolution from v10 through v11 and v12 shows a consistent pattern: expanding coverage of cloud, OT/ICS, mobile, and IoT security while maintaining the core penetration testing domains that have been central to all CEH versions.

CEH v10 added IoT and cloud computing security as significant modules, updating the curriculum that had existed in earlier versions with content reflecting 2018 attack tooling and techniques. CEH v11 (released approximately 2020) further expanded these domains and added emphasis on emerging areas like malware analysis, threat hunting, and fileless attacks. CEH v12 (2022) introduced Operational Technology (OT) and Industrial Control Systems (ICS) security as distinct coverage areas, expanded the cloud security modules with current AWS/Azure/GCP content, and added more comprehensive coverage of the attack techniques most relevant to 2022-era enterprise environments.

The assessment format has remained consistent across versions: 125 multiple-choice questions, 4-hour time limit. What changes is the domain weighting and the specific technical content that appears in exam questions. Questions in v12 draw from the updated domain content and reflect 2022-era tools, techniques, and threat scenarios rather than 2018-era content.

For candidates deciding whether to study from v10 materials, the core penetration testing domains — footprinting, scanning, enumeration, system hacking, session hijacking, web application attacks, SQL injection, network sniffing, social engineering — are substantially consistent across versions. The attack concepts don't change fundamentally; tools and specific techniques evolve. The areas most likely to be outdated in v10 materials are the IoT, cloud, and OT security domains, which received the most significant updates in v11 and v12.

The CEH study guide resources that are explicitly aligned with CEH v12 are the most appropriate choice for current exam preparation, as they reflect the current domain weighting and question types rather than those from the v10 era.

The most technically significant change between v10 and v12 in practice-based terms is the OT/ICS security domain. Critical infrastructure attacks became headline news between 2018 and 2022 — attacks on industrial control systems, water treatment facilities, and power grid components demonstrated the real-world stakes of OT security vulnerabilities. CEH v12's OT domain addresses SCADA, PLCs, industrial protocols like Modbus and DNP3, and attack scenarios specific to operational technology environments that CEH v10 did not meaningfully cover.

Mobile platform security has also evolved significantly between v10 and v12. The mobile attack landscape in 2018 focused primarily on Android app vulnerabilities, rooting/jailbreaking exploits, and mobile malware. By v12, the curriculum addresses more sophisticated mobile threat vectors including supply chain attacks on mobile app stores, advanced mobile surveillance, and platform-specific attack scenarios for current-generation iOS and Android versions that didn't exist in the v10 era.

Candidates evaluating whether they need a v12 refresher or recertification after originally earning CEH under v10 should focus on the three domains that changed most significantly: cloud security, OT/ICS security, and mobile platform security. If your current role involves assessment or defense of these environments, updating your knowledge to v12 content is both career-relevant and ensures your certification accurately represents your current competency.

Are CEH v10 Study Materials Still Useful?

The utility of CEH v10 study materials for current exam preparation depends heavily on what domain you're studying. For the core penetration testing domains — footprinting, network scanning, enumeration, system hacking, session hijacking, web server and web application attacks, SQL injection, wireless hacking — v10 materials cover concepts that remain largely valid because the fundamental attack techniques in these areas haven't changed dramatically. A SQL injection attack works the same way in 2024 as it did in 2018 at the conceptual level, even if specific tool syntax and targets have evolved.

Where v10 materials fall short for current exam preparation is in the domains that received significant updates in v11 and v12: cloud computing security, IoT hacking, OT/ICS security, and mobile platform security. These domains evolved rapidly between 2018 and 2022. Cloud security content that was current in v10 doesn't reflect the current AWS/Azure/GCP attack surface, containerization security, serverless security, or cloud-specific persistence mechanisms that v12 covers. IoT content from v10 predates many firmware analysis techniques and IoT-specific attack tools that became prominent in subsequent years.

A practical approach for candidates who have v10 materials available: use them for the foundational domains where the content remains valid, but supplement with current v12 resources and the CEH practice test for the technology-specific domains. The core ethical hacking methodology hasn't changed; the technology contexts have. Reading v10 materials alongside current v12 resources for cloud and IoT domains provides both conceptual depth and technical currency.

Third-party books aligned with CEH v12 (the Ric Messier and Matt Walker guides discussed in the CEH book article) are the most efficient single resource for current exam preparation because they incorporate both the foundational content and the updated technology-specific modules. Using v10-era books as a primary source for a current exam attempt introduces risk of encountering v12 content on the exam that your v10 materials didn't cover adequately.

The official EC-Council courseware — available through authorized training programs — is always aligned with the currently active exam version. Candidates who take official training receive v12 courseware that reflects the exact content distribution the exam will draw from. For self-study candidates, confirming that any book or online resource specifies v12 alignment before committing to it as a primary resource is the most important quality check.

The EC-Council authorized training ecosystem for current CEH candidates includes iLearn (self-paced online), iWeek (live online instructor-led), and in-person authorized training center courses. All current training options are aligned with CEH v12 — EC-Council doesn't offer authorized training for retired versions. This means that the official training pathway for current candidates is v12-only, making the question of v10 vs. v12 materials mainly relevant for candidates who have legacy study materials from the v10 era.

Online course platforms like Udemy, Pluralsight, and LinkedIn Learning also offer CEH preparation courses. The quality and version-alignment of these vary significantly — some platforms maintain current v12-aligned content while others may have older courses that haven't been updated. When using third-party online courses, specifically checking that the course is labeled as v12-aligned and was updated recently (within the last 12-18 months) is a reasonable quality filter before committing to a course as a primary study resource.

Practice exams are particularly version-sensitive. A practice exam built from v10 question banks will include questions about v10-era content and may lack questions about v12 additions. For mock exam purposes, using the official EC-Council practice exam (through the EC-Council Aspen portal) is the most reliable option for v12 exam calibration since EC-Council writes both the practice and real exam questions for the current version.

CEH v10 and the Broader CEH Career Path

Regardless of which CEH version you studied under or when you achieved your certification, the CEH designation has a consistent value proposition in the job market: it signals foundational knowledge of ethical hacking methodology and common attack techniques to employers and government agencies that recognize the certification. The specific version noted on your certification transcript may be less relevant to employers than the fact of CEH certification itself, though candidates in highly technical roles may be expected to demonstrate current knowledge of v12-era content even if their certification was achieved under an earlier version.

CEH holders typically pursue one of several career directions. Security consultants and penetration testers use the certification as a baseline credential while developing more specialized skills in web application testing (OSCP, GWAPT), red team operations (CRTO), cloud security assessment (CCP, CCSK, vendor-specific security certs), or specific vertical sectors. Those in government or defense roles may satisfy specific DoD directive requirements through CEH combined with role-specific experience. Security operations center analysts may use CEH as one component of a broader certification profile that also includes GCIH, Security+, or analyst-focused credentials.

EC-Council's CEH continuing education requirements keep certified professionals current beyond the initial version of their certification. CEH holders must renew their certification periodically by accumulating EC-Council Continuing Education (ECE) credits, which can include attending security conferences, taking relevant training courses, completing CTF challenges, or other security education activities. This renewal requirement ensures that certified individuals maintain at least some engagement with current security developments even if they don't retake the exam for each new version.

For candidates currently deciding whether to pursue CEH, the relevant comparison is CEH v12 against current alternatives like PNPT (Practical Network Penetration Tester), OSCP (Offensive Security Certified Professional), eJPT (eLearnSecurity Junior Penetration Tester), and CompTIA PenTest+. Each certification has different strengths in terms of hands-on vs. knowledge-based testing, cost, employer recognition, and alignment with specific role types. The CEH jobs landscape is well-established for roles where the certification is specifically named in job requirements; for general penetration testing roles, OSCP's hands-on format increasingly appears alongside or instead of CEH in technical job requirements.

The CEH certification's DoD 8570/8140 approval is maintained under the current active version. Organizations that require DoD-approved certifications for Information Assurance (IA) workforce positions recognize CEH at various IA Technical and IA Management levels. The specific level and role approval varies by the DoD baseline requirements table — candidates in DoD-adjacent roles should confirm the current approval status of CEH v12 for their specific role code before pursuing the certification as a compliance mechanism.

Salary implications of CEH certification are positive but modest as a standalone credential. Security roles that require CEH — particularly government contractor positions — pay a premium for the credential as a compliance requirement. The CEH jobs that specifically require CEH in their job requirements often reflect DoD or defense contractor hiring where the certification satisfies a compliance baseline. In commercial penetration testing roles without specific certification mandates, OSCP typically commands a larger salary differential than CEH alone, though holding both is common among senior practitioners.