Passed CEH v8 - My thoughts and recommendations
I passed the CEH v8 exam with a 93% score. My study materials included the Matt Walker AIO Guide (v7) and the VTC video training course.
The Matt Walker book is a great read, and I don’t feel like I missed out on anything by using the v7 book as opposed to buying the new book for v8. I’d say it is enough to pass the exam, provided you also get some hands-on practice with the major tools outlined in the book.
The VTC video course was great, definitely worth the modest price of $99. The instructor walks you through using several tools, which is a big help if you’re not familiar with the tools already. I also watched several random YouTube videos where people demonstrate tutorials of various tools.
As far as the exam itself, I was actually a bit surprised as I was expecting it to be a lot more technical than it was. I would highly recommend you spend some time learning the more “managerial” type topics, and don’t just focus on the technical stuff. I’m referring to things like risk management, categories & types of controls, policy/procedures, compliance and regulations, concepts like “principle of least privilege” and “separation of duties”, etc…
I’d also recommend you spend a good bit of time getting hands on practice with NMAP. The NMAP website has an online manual with everything you need to know. Be sure to know the various types of scans (TCP Connect, SYN, Null, UDP, XMAS, ACK, Ping) and what the various responses mean. For example, if you send an XMAS scan and the target replies with a RST, what does that mean?
I’d also be sure to memorize things pertaining to cryptography, such what the key lengths and bit sizes of various algorithms and hashes are. Know the difference between symmetric and asymmetric crypto, and be able to tell which type a particular algorithm is. Also make sure you thoroughly understand the concepts behind PKI, digital signatures and Asymmetric crypto.
Most of the questions were very high level, so if you understand the concepts, you should be able to pick out the right answer. Some questions I had no idea what they were asking, but was easily able to eliminate 3 of the 4 choices.
Others on this forum have commented on how the CEH course material is great and you can learn a ton from the material, but the exam itself is lacking. I couldn’t agree more. It really did feel like a “Hacking+” exam to me. When it was all over, I thought to myself, “really, I just spent $600 on that”…
The Matt Walker book is a great read, and I don’t feel like I missed out on anything by using the v7 book as opposed to buying the new book for v8. I’d say it is enough to pass the exam, provided you also get some hands-on practice with the major tools outlined in the book.
The VTC video course was great, definitely worth the modest price of $99. The instructor walks you through using several tools, which is a big help if you’re not familiar with the tools already. I also watched several random YouTube videos where people demonstrate tutorials of various tools.
As far as the exam itself, I was actually a bit surprised as I was expecting it to be a lot more technical than it was. I would highly recommend you spend some time learning the more “managerial” type topics, and don’t just focus on the technical stuff. I’m referring to things like risk management, categories & types of controls, policy/procedures, compliance and regulations, concepts like “principle of least privilege” and “separation of duties”, etc…
I’d also recommend you spend a good bit of time getting hands on practice with NMAP. The NMAP website has an online manual with everything you need to know. Be sure to know the various types of scans (TCP Connect, SYN, Null, UDP, XMAS, ACK, Ping) and what the various responses mean. For example, if you send an XMAS scan and the target replies with a RST, what does that mean?
I’d also be sure to memorize things pertaining to cryptography, such what the key lengths and bit sizes of various algorithms and hashes are. Know the difference between symmetric and asymmetric crypto, and be able to tell which type a particular algorithm is. Also make sure you thoroughly understand the concepts behind PKI, digital signatures and Asymmetric crypto.
Most of the questions were very high level, so if you understand the concepts, you should be able to pick out the right answer. Some questions I had no idea what they were asking, but was easily able to eliminate 3 of the 4 choices.
Others on this forum have commented on how the CEH course material is great and you can learn a ton from the material, but the exam itself is lacking. I couldn’t agree more. It really did feel like a “Hacking+” exam to me. When it was all over, I thought to myself, “really, I just spent $600 on that”…
Comments
-
bigdummy Member Posts: 30 ■□□□□□□□□□Hi there, congrats on the pass!!!! How long have you been studying for ??
Thanks. I studied for about 6 weeks, on average around 1 to 2 hours a day. My experience is in IT management and server/network/firewall administration. I had very little offensive security skills or knowledge prior to starting my CEH studies, but was already very familiar with security theory and defensive security.
I learned a ton of great new stuff in the course of my CEH studies, but feel like I passed the exam mostly based on knowledge and experience I already had. I was expecting to see a lot more "offensive" and hands-on tools related stuff on the exam. -
mokaz Member Posts: 172bigdummy wrote:learned a ton of great new stuff in the course of my CEH studies, but feel like I passed the exam mostly based on knowledge and experience I already had. I was expecting to see a lot more "offensive" and hands-on tools related stuff on the exam.
Thanks for your feedback, i'll take this in self study mode and i guess i shall be close to you in terms of experiences and so on, just finished my CISSP and well, i've thought that taking CEHv8 shall be doable while in "studying mode already"... Will let you know how this goes -
bigdummy Member Posts: 30 ■□□□□□□□□□Thanks for your feedback, i'll take this in self study mode and i guess i shall be close to you in terms of experiences and so on, just finished my CISSP and well, i've thought that taking CEHv8 shall be doable while in "studying mode already"... Will let you know how this goes
That's exactly what I did - just finished my CISSP in July and figured CEH would a be a fun cert to get while still in study mode. I can tell you that having the CISSP material still fresh in your mind will be a HUGE help. -
diggitle Member Posts: 118 ■■■□□□□□□□I passed the CEH v8 exam with a 93% score. My study materials included the Matt Walker AIO Guide (v7) and the VTC video training course.
You can get the VTC for $30 if you use it online.c colon i net pub dubdubdub root