Back to blog
Study Tips9 min read

How to Pass the CEH v13 Exam in 2026: An 8-Week Study Plan (Theory and Practical)

A week-by-week plan to pass the CEH v13 knowledge exam and the 6-hour Practical on your first attempt in 2026, with the exact domain weights, cut scores and AI tooling you need to know.

Owen Gallagher

Owen Gallagher · Study Skills & Careers Editor

18 July 2026

If you have booked the Certified Ethical Hacker v13 exam, or you are about to, you want one thing: a plan that gets you through both the knowledge exam and the hands-on Practical on the first attempt. This guide shows you exactly how to pass CEH v13 in 2026 with a structured, week-by-week study plan that balances theory, labs and mock exams, so nothing gets left to the last minute.

CEH v13 is not the memorise-the-tool-names exam it used to be. The 2026 version leans heavily on scenario-based questions and adds a full layer of AI-powered attack and defence tooling. Roughly 40 percent of the knowledge exam now asks you to apply concepts to a situation rather than simply recall a fact. That shift is exactly why a plan built around hands-on practice, not passive reading, is the fastest route to a pass.

What Is on the CEH v13 Exam in 2026?

The Certified Ethical Hacker credential from EC-Council comes in two separate exams. Passing both earns you the CEH Master designation, and most employers and the DoD 8140 workforce framework recognise the standard CEH once you clear the knowledge exam.

Here is the current structure you are studying towards.

ElementCEH v13 Knowledge ExamCEH v13 Practical
Questions or tasks125 multiple-choice questions20 hands-on lab challenges
Duration4 hours (240 minutes)6 hours
Passing scoreScaled cut score, 60 to 85 percent depending on the form70 percent (14 of 20 challenges)
FormatKnowledge and scenario-based questionsLive cyber range, real targets
CostAround 1,199 US dollars for the voucherAround 550 US dollars
Modules covered20 modules, 550+ attack techniquesApplied across the same 20 modules

Exam Tip: The CEH v13 knowledge exam does not use a fixed pass mark. EC-Council applies a scaled cut score between 60 and 85 percent based on the difficulty of the specific question set you receive, so aim for a consistent 80 percent or higher on mock exams to leave yourself a safe margin.

The nine knowledge domains and their weights

The 20 modules of CEH v13 map onto nine domains. Knowing where the marks sit tells you where to spend your hours. The heaviest-weighted areas are reconnaissance, system hacking and the web and application attacks, so treat those as non-negotiable.

  • Information Security and Ethical Hacking overview: around 6 percent
  • Reconnaissance and footprinting: around 15 percent
  • Scanning and enumeration: around 20 percent combined
  • System hacking and malware: around 25 percent combined
  • Network-level attacks (sniffing, social engineering, DoS, session hijacking): around 28 percent combined
  • Web server, web application and SQL injection attacks: around 22 percent combined
  • Wireless, mobile, IoT and OT hacking: around 12 percent combined
  • Cloud computing security: around 4 percent
  • Cryptography: around 5 percent

These figures move slightly between exam forms, so use them to prioritise rather than as an exact promise. The point is simple: reconnaissance, scanning, enumeration, system hacking and web attacks together make up the bulk of the exam.

Is CEH v13 Hard, and How Long Should You Study?

CEH v13 is challenging but very passable with structure. The difficulty comes from breadth rather than depth. You are tested across 20 modules and more than 550 attack techniques, which means the trap is running out of time before you have covered everything, not any single impossible topic.

The right study window depends on your starting point.

  • Working in security already (SOC, pentest, network admin): 8 weeks of focused study is realistic.
  • Some IT background but new to offensive security: 8 to 12 weeks, with extra lab time.
  • Career changer or fresh starter: 12 weeks or more, and consider a foundational cert such as CompTIA Security+ first.

This guide uses an 8-week plan because it suits the largest group of candidates: people with some IT experience who can commit 10 to 12 hours a week. If you have less time, stretch each phase rather than skipping labs.

Exam Tip: The single biggest mistake CEH candidates make is reading the courseware end to end and never touching a lab until the final week. Flip it. Start every topic with a hands-on exercise, then read the theory to fill the gaps. Concepts you have actually executed stick far better than concepts you have only highlighted.

The 8-Week CEH v13 Study Plan

This plan covers both exams. Weeks 1 to 6 build the knowledge you need for the theory exam while quietly training the lab skills you will need for the Practical. Weeks 7 and 8 sharpen mock-exam performance and hands-on speed.

Weeks 1 to 2: Foundations, reconnaissance and scanning

Start with the fundamentals and the highest-weighted early domains.

  • Cover the Information Security overview, the five phases of hacking, and the legal and ethical framework.
  • Work through footprinting and reconnaissance: WHOIS, DNS interrogation, Google dorking, OSINT and Shodan.
  • Move into scanning: Nmap host discovery, port and service scanning, and OS fingerprinting.
  • Begin enumeration of SMB, SNMP, LDAP and NetBIOS.

Build a lab from day one. A local hypervisor running Kali Linux plus a couple of vulnerable targets (for example Metasploitable and a Windows evaluation VM) is enough to practise every command you meet.

Weeks 3 to 4: System hacking, malware and sniffing

This is the core of the exam, so slow down and do the labs properly.

  • System hacking: password cracking, privilege escalation, and maintaining access.
  • Malware threats: trojans, worms, fileless malware, and static and dynamic analysis basics.
  • Sniffing: ARP poisoning, MAC flooding and how to detect them.
  • Social engineering: pretexting, phishing and the human-layer defences you would recommend.

Pay attention to the tools EC-Council references by name. You do not need to be an expert in each, but the exam expects you to know which tool fits which task.

Weeks 5 to 6: Web, wireless, cloud and cryptography

The web and application layer carries heavy weight, so give it the time it deserves.

  • Web server and web application attacks: directory traversal, file inclusion, and the OWASP-style flaws CEH tests.
  • SQL injection: in-band, blind and error-based techniques, plus mitigations.
  • Wireless hacking: WPA2 and WPA3 attacks, evil twins and deauthentication.
  • Mobile, IoT and OT hacking at an awareness level.
  • Cloud computing attacks and misconfigurations.
  • Cryptography: symmetric and asymmetric algorithms, hashing, PKI and common attacks.

By the end of week 6 you should have touched every module at least once and completed a lab for each of the heavily weighted domains.

Week 7: The AI layer and full-length mocks

CEH v13 is the AI edition, and this is where it differs most from older versions. EC-Council integrated AI across all five phases of hacking, including AI-assisted tooling such as ShellGPT for generating commands and content covering AI-driven fraud and defence.

  • Study how AI accelerates reconnaissance, exploitation and reporting.
  • Understand the defensive side: detecting AI-generated phishing and adversarial techniques.
  • Sit at least two full-length, timed 125-question mock exams.
  • Review every wrong answer and, crucially, every lucky guess. Write down why the correct answer is correct.

Exam Tip: In the exam, practise elimination rather than recall. On a scenario question, remove the two clearly wrong options first, then choose between the remaining two. Flag anything you are unsure of, keep moving, and return with fresh eyes. With 125 questions in 240 minutes you have just under two minutes each, so never let one question drain your clock.

Week 8: Practical preparation and final review

The CEH Practical is a 6-hour live lab where you must solve 14 of 20 real-world challenges. It rewards speed and comfort at the command line, not memorisation.

  • Rehearse a repeatable workflow: enumerate, identify the vulnerability, exploit, document.
  • Drill Nmap, enumeration and exploitation until they are muscle memory.
  • Practise capturing evidence as you go, because the Practical asks for specific answers from each target.
  • Do a final pass over your weakest mock-exam domains.
  • Rest the day before. A clear head beats a last cram.

How to Pass the CEH Practical on Your First Attempt

Many candidates clear the theory exam and then underestimate the Practical. Treat it as a separate discipline.

The Practical drops you onto a live cyber range with real targets and no multiple-choice safety net. You need 70 percent, which is 14 of the 20 challenges, within 6 hours. The winning approach is a calm, repeatable process:

  1. Enumerate thoroughly before you exploit. Most failures come from rushing scanning.
  2. Keep a running notes file so you never lose an answer you have already found.
  3. Bank the easy challenges first to lock in marks, then attack the harder ones.
  4. Manage the clock in blocks, roughly 15 to 18 minutes per challenge, and move on if you stall.

If you have practised in a home lab throughout the 8 weeks, the Practical feels like an extension of your training rather than a new test.

CEH v13 vs Other Penetration Testing Certifications

CEH sits in a crowded field, and knowing where it fits helps you commit with confidence. If you are still deciding, our comparison of PenTest+ vs CEH breaks down which suits your goals.

CertificationBest forStyleRough cost
CEH v13Compliance roles, DoD 8140 jobs, broad coverageKnowledge plus optional hands-on1,199 US dollars
CompTIA PenTest+Vendor-neutral pentest fundamentalsMultiple-choice and performance-basedAround 439 US dollars
OSCPDeep hands-on offensive skill24-hour practical examHigher, lab-based

CEH's strength is recognition. It remains listed on the DoD 8140 (formerly 8570) approved baseline, which makes it a near-requirement for many government and defence-adjacent roles. If your target job advert names CEH, that alone justifies the investment.

Common Reasons Candidates Fail CEH v13

Learn from the mistakes that trip people up.

  • All theory, no labs. The scenario and Practical elements punish reading-only preparation.
  • Ignoring the tool-to-task mapping. The exam expects you to know which tool solves which problem.
  • Underestimating breadth. Skipping the low-weight modules costs easy marks that add up.
  • No timed mocks. Time pressure is real, and the only cure is rehearsing under the clock.
  • Skipping the Practical prep. Booking the Practical without hands-on drilling is the classic first-attempt failure.

Avoid those five and you have already outperformed most of the field.

Ready to Start Practising?

Passing CEH v13 comes down to two things: covering all 20 modules and rehearsing under exam conditions until the questions feel familiar. Reading alone will not get you there. Realistic, timed practice questions are what turn knowledge into a confident pass.

CertCrush gives you exam-style questions with full explanations so you can find your weak domains early and fix them before exam day. Work through the CertCrush courses to drill every CEH v13 domain, track your scores, and walk in ready.

Create your free CertCrush account and start your 8-week CEH v13 plan today. Your first attempt should be your only attempt.

CEH v13ethical hackingcertified ethical hackerstudy planEC-Councilpenetration testingDoD 8140exam prep
Owen Gallagher

Written by

Owen Gallagher · Study Skills & Careers Editor

Owen spent years as an IT trainer watching smart people fail exams they should have passed — usually because of how they studied, not what they knew. He writes about study technique, exam psychology, career strategy and the service-management certifications (ITIL, PRINCE2, APM). His articles are the ones to read before you open a single practice question.

All articles by Owen

Want a CEH v13 practice course?

We don’t cover this exam yet — we build the most-requested courses first. One click tells us you want it.

Ready to crush this exam?

Set your exam date, follow a daily plan, and watch your readiness score climb — realistic practice with an explanation for every answer.