Become a Certified Ethical Hacker
Internationally recognized certification accredited under ISO 17024 standard.
Learn Anywhere
Study from any device, any location.
Self-Paced
Learn at your own speed.
HackMeUP Labs
Unlimited hands-on access.
AI Tutor 24/7
Uppy support always available.
S.T.E.P.UP. Framework
Proven learning methodology.
International Certification
ISO 17024 accredited.
Obtain Official Certification and
Increase Your Market Value
The Certified Professional Ethical Hacker (CPEH)* represents a globally valid certification, meeting international standards and earning recognition worldwide.
Fata Informatica is a Personnel Certification Body accredited under international ISO 17024:2012 standard.
Don't Just Pass the Exam
Become the Professional
Most courses prepare you to memorize answers. We transform you into a cybersecurity expert who can solve real problems from day one.
The S.T.E.P. UP Framework
Your proven path from beginner to professional
Build solid foundations with structured, comprehensive learning materials
Practice core skills through guided exercises and hands-on activities
Learn by doing in safe environments where mistakes become lessons
Demonstrate your skills in realistic scenarios that mirror the real world
Refine and elevate your expertise through continuous improvement
Validate your mastery with complex, professional-level challenges
HackMeUP Labs
Where theory meets reality. Practice your skills in 111+ realistic simulation labs that replicate complex, real-world cybersecurity scenarios.
Uppy AI Coach
Your personal mentor available 24/7 to explain concepts, answer questions, and keep you motivated throughout your transformation journey.
Choose the Hacker path that suits you best
Our Ethical Hacking course is designed to offer a tailor-made learning experience. Thanks to the modular structure of our courses, you can acquire advanced skills and the most prestigious certifications.
CORE EDITION
EXTREME EDITION
CPEH certification is only issued if the requirements of the standard are met and after passing an official examination.
If the requirements are not met, it is possible to take the examination to obtain CTEH certification (non-accredited certification).
HackMeUP: The hacking platform where theory becomes action.
HackMeUP is a cyber attack simulation platform that offers a practical and immersive experience, with realistic scenarios and increasing difficulty. Thanks to Hacking Games, users can improve their technical skills and develop an Ethical Hacker mindset, testing themselves in a safe and legal environment.
Each challenge is structured in levels and requires specific skills, allowing for progressive growth. Unlike simple virtual machines, the scenarios are complex and designed to hone Vulnerability Assessment & Penetration Testing (VAPT) skills. The continuous evolution of the challenges ensures constant updates on the latest attack and defence techniques.
Your AI Study Assistant
Your AI Study Assistant — Available 24/7
Uppy is trained on official course materials, so it understands exactly what you're learning and how to help you master it.
✓ Get unstuck during labs and exercises
✓ Review key concept and prepare for exams
✓ Learn at your pace, on your schedule
Like having a teaching assistant who's always available — and never gets tired of your questions
Teaching approach
The Teachers
The company
We are the only Italian company to have been included by Gartner in its ‘Marketing Guide for IT monitoring tools’ thanks to our Sentinet3 product, developed in 2004 and now recognised as the leader in the Italian market.
We have created a business unit specialising in cybersecurity services, called CybersecurityUP, with the aim of providing vertical cybersecurity services to our customers, primarily the defence sector and companies of national strategic interest.
Take your team beyond e-learning.
Our blended format adds live webinar sessions delivered by certified instructors — ideal for structured corporate training programs. Available for organizations through our authorized partners, with language and regional options.
100% Money-Back Guarantee
If you attempt the exam 3 times within your first year and don't achieve certification, you get a full refund. That's our commitment to your success.
Choose the path that suits you best
Core Edition
Module 1: Introduction to Cybersecurity
General introduction to cybersecurity and the main attack techniques.
Cyber Security
- What is a cyber attack?
- Incident Response process
- CIA Triad
- Types of Hackers
- Cyber Theft Ring
- How much is our data worth on the Dark Web?
- Main players
- Main attacks
- Techniques used
- Preferred vectors
Kill Chain
- Phases
- Targeting
- Reconnaissance
- Weaponisation
- Delivery
- Exploitation
- Installation
- Command & Control
- An Example of an Attack: Action
- The Attack on Target
Modulo 2: Le reti
Protocollo TCP/IP, protocollo HTTP e strumenti utilizzati per la difesa perimetrale, come Firewalls, Honeypot, sistemi DLP, etc...Protocol TCP/IP
-
- Packets
- Model ISO/OSI
- Model TCP/IP
- Levels
- Encapsulation
- Headers
- Tcp
- IP
- Ethernet
- IP protocol
- Addresses
- Address classes
- Netmask
- IPv6
- IP routing
- Routing tables
- Autonomous system
- Routing protocols
- IGP protocol
- EGP protocol
- Distance Vector
- RIP
- Link State
- Path vector
- Data Link layer
- MAC address
- Mac Table
- Switch
- ARP protocol
- TCP and UDP
- Ports
- Headers
- Netstat command
- Three way handshake
- DNS
- Structure
- Resolution
- DHCP protocol
- Phases
- Dhcp discover
- Dhcp offer
- Dhcp request
- Dhcp hack
- Renewal
- Other protocol
- SNMP
- ICMP
- FTP
- SMTP
- IMAP
- POP3
WEB Applications
- HTTP protocoll
- HTTP request
- HTTP response
- HTTPs
- Cookies
- HTTP Sessions
Systems for Protecting the Network
- Proxies
- Firewalls
- Honeypots
- VPN
- IDS/IPS
- DLP systems
- Packets
Module 3: Linux Systems
The basics of using Linux systems and the Kali distribution.- Introduction
- Historical overview
- Philosophy
- Distributions
- The Kernel
- The shell
- Commands
- Processes
- File System
- The File System
- Files and Directories
- The structure of the File System
- Permissions and protections
- Commands for files and directories
- Redirection
- Stdin, Stdout e Stderr
- Input redirection
- Output redirection
- Error redirection
- Filter and pipelines
- Pipes
- Main filters: grep, sort, uniq, nl, tr, head, tail, wc, sed, awk
- Process management
- Environment variables
- Jobs
- Process states
- Signals
- Shell programming
- Quoting
- Metacharacters and globbing
- Substitutions
- Command composition
- Creating a programme
Module 4: Attacks and vulnerabilities
Malware, Exploit Kits and the latest developments in attack methods.Web Application Vulnerabilities
- Who OWASP is
- How a web application is structured
- The OWASP Top Ten
- Injection
- Broken authentication
- Sensitive data exposure
- XML External Entities
- Broken access control
- Security misconfiguration
- Cross-Site Scripting
- Insecure deserialization
- Using components with known vulnerabilities
- Insufficient logging and monitoring
Attacks
- What a zero-day is
- DoS, DDoS, and DRDoS
- Smurf
- Xmas scan attack
- Man-in-the-Middle
- Man-in-the-Browser
- Buffer overflow
- Privilege escalation
- ARP poisoning
- DNS poisoning
- Domain hijacking
- Clickjacking
- Session hijacking
- Spoofing
- MAC
- Phone
- Downgrade attack
- Wi-Fi attacks
- Wi-Fi protocols
- Replay attack
- Rogue AP
- Evil Twin
- WPS attacks
- Bluetooth attacks
- Bluejacking
- Bluesnarfing
- Bluebugging
- Cryptographic attacks
- Hash functions
- Pass-the-hash
- Password attacks
- Rainbow tables
- Salting
- Dictionary attacks
- Hybrid attacks
- Online attacks
- Brute force
- Birthday attack
- DoS, DDoS, and DRDoS
Social Engineering
- What social engineering is
- Scenarios
- Phishing
- Spear phishing
- Lateral phishing
- BEC scams
- Smishing
- Vishing
- Tailgating
- Impersonation
- Dumpster diving
- Shoulder surfing
- Watering hole
- Basic principles of social engineering
- An example of an attack
- The Social Engineering Attack Framework
Malware
- The PE format
- DLLs
- Kernel mode vs user mode
- Protection rings
- APIs
- Transition from user mode to kernel mode
- How infections occur
- Signatures
- Obfuscation & mutation
- Polymorphic malware
- Metamorphic malware
- Mutation engines
- Persistence
- System registry
- DLL hijacking
- DLL load order hijacking
- Trojanized system binaries
- Types of malware
- Viruses
- Backdoors
- Adware
- Spyware
- Keyloggers
- Trojans
- RAT
- Cryptojacking
- Rootkits
- User mode
- Kernel mode
- IAT hooking
- Bootkits
- Hybrid malware
- Conficker
- Ransomware
- Phases of a ransomware attack
- WannaCry
- How to respond
- Macro viruses
- Scareware
- Fileless malware
- Exploit kits
- Angler
- Zeus Builder
- Crime as a Service
- Grand Crab
Module 5: Penetration Testing & Ethical Hacking
System and application penetration testing. This module is highly practical with extensive use of laboratories.Introduction to the Penetration Testing Process
- Motivations and engagement
- Phases
- Presenting the results
Information Gathering
- Introduction
- Intelligence gathering
- Open source intelligence gathering (OSINT)
- Active vs Passive reconnaissance
- The three depth levels
- Online information services
- System Identification: basics
- Netcraft
- whois
- ping
- traceroute
- nslookup vs host vs dig
- System Identification and DNS: zone transfer
- System Identification and Email
- System Identification and network services
- Port scanning
- nc
- Banner grabbing
- Introduction to nmap
Footprinting & Scanning
- Introduction
- The phases of footprinting
- Defining the scope
- Footprinting tools
- Google Hacking: using Google to our advantage
- Google queries
- Advanced operators
- Google dorks
- DNS hacking: squeezing a DNS
- More banner grabbing
- Mapping remote networks
- Automated port scanning
- nmap
- Automated system identification
- nmap
- dmitry
Vulnerability Assessment
- Introduction
- The VA process
- Defining the perimeter
- Internal vs Internet-facing
- Evidence identified by the VA process
- Limitations of VA
- The concept of vulnerability
- The concept of exploitability
- Building a continuous process
- Standards and reference databases
- FIRST CVSS
- MITRE
- NIST
- Manual vs automated tools
- Automated tools
- nmap
- Nikto
- OpenVAS
- Nessus
Module 6: Web Application Attacks
Attacks on web applications such as SQL Injection, Cross Site Scripting, Owasp Dirbuster, etc.The content of this module is extremely practical with extensive use of laboratories.
Web Application Attacks
- Introduction
- Web server fingerprinting
- Black-box testing
- Httprint
- Manual server exploitation
- HTTP protocol
- GET method
- POST method
- HEAD method
- PUT method
- DELETE method
- OPTIONS method
- Enumeration
- HTTP verbs enumeration
- File and directory enumeration
- File enumeration using search engines
- OWASP DirBuster
- Cross-Site Scripting
- Countermeasures
- Types
- Reflected (non-persistent)
- Persistent
- SQL Injection (SQLi)
- The injection point
- Anatomy of a SQL Injection attack
- SQLmap
Module 7: Attacks on systems
Attacks on Linux and Windows systems, using malware and exploitation techniques based on vulnerabilities. The content of this module is extremely practical, with extensive use of laboratories.System Attacks
- Malware
- Adware
- Spyware
- Backdoors
- Firewalls and backdoors
- Rootkits
- Trojan horses
- Viruses
- Keyloggers
- Botnets
- Ransomware
- Password attacks
- Authentication mechanisms
- Encryption algorithms and hash functions
- Password storage files
- Microsoft
- Linux
- Salting function
- Password cracking
- Dictionary attacks
- Rainbow tables
- Brute-force attacks
- Hybrid solutions
- Custom dictionaries
- Password attacks with Hashcat
- John the Ripper attack
- Buffer Overflow (BOF)
- The stack
- Smashing the stack
- Stack overflow
- Push and pop methods
Module 8: Attacks on networks
Network protocol vulnerabilities (Metasploit and Meterpreter), poisoning techniques, man-in-the-middle attacks, etc.The content of this module is extremely practical, with extensive use of laboratories.
Network Attacks
- Authentication cracking
- Vulnerability
- Hydra tool
- Windows shares
- Universal Naming Convention (UNC) paths
- Administrative and hidden shares
- Null session
- Vulnerability
- Enum tool
- ARP poisoning
- ARP protocol
- ARP table
- Man-in-the-middle (MITM)
- Metasploit
- Framework
- Console
- Commands
- Payloads
- Meterpreter
- Connection
- Bind
- Reverse
- Sessions
- Meterpreter information gathering
- Sysinfo
- Route
- Getuid
- Connection
Module 9: Kali Linux & Shell-fu
This first module aims to deepen your knowledge of the attack platform we have chosen for our courses. We will explore topics related to platform management as a system (updates and services provided) and in relation to networking. We will also learn advanced shell programming techniques.
Administration and Services
- Package management: Advanced Package Tool and dpkg
- Service management: systemctl
Shell Kung-fu
- Process management
- Job management
- Repeated actions
- Data analysis
- Commands and aliases
- Bash hacks
- History hacks
- Some math, but not too much
- SSH hacks
- Zsh
Networking Essentials
- Networking in Linux
- nc
- socat
- Bind shell in a Linux environment
- Reverse shell in a Linux environment
- Networking in Windows with PowerShell
- Bind shell in a Windows environment
- Reverse shell in a Windows environment
- powercat
Module 10: Deep Information Gathering
With this module, we introduce the first technical phase of PT, exploring the topic of identifying and gathering information on objectives.
Introduction
- Motivations
- Attack patterns
- The attack surface
- Defense analysis
How to perform reconnaissance
- The Kill Chain
- What to look for
- Reconnaissance tools over time
- Types of reconnaissance
Passive reconnaissance
- What and where to look
- Open sources
- Google and exploit-db
- Web mirroring
- Maltego
- Shodan
- pf0
- Man-in-the-middle positioning for gathering: Wireshark
Active reconnaissance
- Port scanning with nmap
- Port scanning with hping3
- Port scanning with netcat
- Port scanning with masscan
- Post-exploitation recon: ARP scan
- DNS enumeration
- SNMP scanning: onesixtyone
- Web application reconnaissance: Wappalyzer
Module 11: Mastering Vulnerability Assessment
We explore vulnerability assessment techniques with new strategies and tools. We also analyse compliance activities that may be required as part of a Vulnerability Assessment in large organisations.
Beyond Scanning
- Security audits and frameworks
- PCI-DSS
- SCAP
- MSCT
- Performing audits using Nessus Professional
- Risk assessment
- NIST Risk Assessment Guide
Beyond Nessus
- A new point of view: LHF
- Searching for alternatives
- Dictionary generation
Vulnerability Assessment and Web Applications
- Quick tools
- Burp Suite
Module 12: Mastering Network Enumeration
In this module, we discuss an extension to information gathering that can be applied circularly in pre- and post-exploitation contexts, with a particular focus on obtaining as much detailed information as possible by exploiting a more advantageous tactical position than in the preliminary stages of investigation.
General Concepts and First Steps
- Introduction
- More on SMB enumeration
Enumeration in Unix Environments
- The NFS protocol
- NFS enumeration
Enumeration in Windows Environments
- RPC enumeration and Microsoft domains
- Obtaining information from Active Directory
- From enumeration to attack: password spraying
- Considerations on the availability of attacks derived from analysis
SNMP Enumeration
- Introduction
- Protocol versions and security
- Possible enumeration methods
- Lab: Compromising SNMPv3 security and obtaining unauthorized access
Module 13: Advanced Exploitation Techniques
In this module, we discuss an extension to information gathering that can be applied circularly in pre- and post-exploitation contexts, with a particular focus on obtaining as much detailed information as possible by exploiting a more advantageous tactical position than in the preliminary stages of investigation.
Introduction
- Attack and exploitation scenarios
- Attack vectors
- Other compromise methods
- Public exploits: risks and benefits
- Searching for an exploit
- Online and offline resources
Memory Attacks
- Introduction
- Architectures
- Memory and virtual addresses
- Memory for a program
- The stack
- Function return mechanism
- CPU internals
- Assembly fundamentals
- Tools
- Lab: Analysis of a BOF (Buffer Overflow)
- From analysis to exploitation
- Lab: Windows memory exploitation
Maintaining Access and Other Exploitation Techniques
- Macro viruses
- Lab: building a macro virus
Final Certification
Extreme Edition
Core Edition
+ advanced content + 1 year of
+
Module 1: Privilege escalation
This first module aims to explore opportunities for gaining better privileges on a system. These are post-exploitation techniques useful for improving positioning when exploitation does not result in the immediate acquisition of high privileges. It can also retrace the techniques of an insider.In Search of Privilege
- An approach to searching for privilege escalation
- Privilege escalation for Windows
- Some ideas
- Privileges, network, services, programs, DLLs
- Concrete use cases
- Privilege escalation for Linux
- Some ideas
- Privileges, network, services, programs, DLLs
- Concrete use cases
Automated Discovery
- For Linux/macOS: linPEAS
- For Windows: winPEAS
Module 2: Evasion techniques
This module aims to provide an overview of techniques designed to evade defence systems, allowing attack payloads to pass through or persist.Post-Exploitation and Exfiltration
- The exfiltration problem
- Data encoding techniques
- Base64 encoding
- URI obfuscation
- URL hostname obfuscation
- Code obfuscation
- Unicode and UTF
- Homoglyphs
Exfiltration Protocols
- Exfiltration over TCP
- Exfiltration via FTP/SSH/SCP/SFTP
- Data exfiltration via HTTP POST
- Exfiltration via ICMP
- Exfiltration via DNS
- DNS weaponization
Traffic Constraints
- Firewall evasion
- Port forwarding
- SSH tunneling
- Pivoting
- Proxychains
Bypassing Protection Systems
- Types of protection
- Antivirus (antivirus evasion)
- On-disk evasion
- Packers
- Obfuscators
- Crypters
- In-memory evasion
- PE injection
- Network evasion
- A weak use case: Base64
- A strong use case: AES
- Application whitelisting/blacklisting
- AppLocker
Module 3: Attacking Java
This module aims to demonstrate attack capabilities against the Java world and, in particular, notable ones that have caused many problems in this world.Attacking CVE-2021-44228 – Log4Shell
- What Log4Shell is
- Log4J and lookups
- The role of malicious DNS: a new exfiltration opportunity
- How Log4Shell works
- The role of malicious LDAP servers
- Basic tools: LDAP URLs, custom LDAP servers
- Payload examples
- Bypassing WAFs
- A complete PoC
Attacking CVE-2022-42889 – Apache Commons Text RCE
- String substitutions
- The risks of unsafe input
- Risk levels
- What does not work in Commons Text
- Use cases and examples
Module 4: Attacking Android
This module aims to demonstrate attack capabilities against the mobile phone world represented by Android.APK-Based Attack
- The Android environment
- The APK system
- Weaponization
- Distribution technique: drive-by download
- Payload selection and construction
- Building the APK package
- Trojanized APK: embedding into another APK
- The attack
- Available tools
- Navigating within the device
- Extracting information and files
Other Exploitation Methods
The Android clipboard
Module 5: Attacking physical systems
This module aims to demonstrate attack capabilities against physical systems, also known as hardware hacking.Introduction to Physical Communication
- Physical communication
- Electromagnetic signals
- Electromagnetic spectrum
Attack Devices and Flipper Zero
- Attack devices
- Flipper Zero
- Architecture
- User interface
- Systems that can be compromised with Flipper Zero
- Infrared
- Wi-Fi
- Bluetooth
- Sub-GHz (gates, cars, garages, ...)
- NFC and RFID
- Bad USB
Final Certification
+
