CEH Journey kMastaflash's tale

So after a long hard couple of months after completing my CCNA R&S, I was not really sure what to pursue next. Jumped between vendors for certifications and was lost with where I wanted to go. So after a few months starting my new job, I decided to pursue my CEH certification. I see a huge benefit with pursuing this certification and find it has a huge ROI at least within my area where I live. My goal is to complete this certification exam by December 2015 and when it comes time for my review with my manager, I would like to say well I pursued my learning further and got my CEH and possibly get a pay raise! I will start my studying for it tonight by reading the Matt Walker CEH All in one guide then jumping into the EC-Council official courseware. With that said, does anyone want to join me on this journey to become a Certified Ethical Hacker? Possibly start a study group that meets once a week on Friday nights from 6-8pm EST Here are the materials this study group will be using:

Course books:
EC-Council Official Courseware
Matt Walker All in one guide

Video training: Whatever your seem necessary

Hopefully I don't have to take this journey alone but whatever it takes I WILL HAVE MY CEH BY THE END OF THIS YEAR!!!

Anyone want to join me?!

Find more posts tagged with

Comments

Net_Genuis

I am also planning to go for my CEH as well. But, I am planning 3 months study starting from October and probably take the exam in December. I might join you when I am ready.

[Deleted User]

That sounds good to me! I am just starting my reading today and won't be taking the exam until November/December anyways.

OM602

Try the CBT Nuggets CEH course as well as the Boson Practice exams. The latter are actually harder than the actual exam.

ispep13

I took a boot camp last week. I took the test last year and failed. This year I understood a little bit more. If you know Security Plus well then you know half of the test already. NMAP is big and the switches for that. Encryption is nice to know.They may change the exam by the end of the year but the principles do not change. Also pay attention knowing hashing algorithms, ports, PKI, cryptography, SQL injections, XSS. Most of everything else will be things you learned from years of doing IT or taking other security cert.

Mike7

ispep13 wrote: »

I took a boot camp last week. I took the test last year and failed. This year I understood a little bit more. If you know Security Plus well then you know half of the test already. NMAP is big and the switches for that. Encryption is nice to know.They may change the exam by the end of the year but the principles do not change. Also pay attention knowing hashing algorithms, ports, PKI, cryptography, SQL injections, XSS. Most of everything else will be things you learned from years of doing IT or taking other security cert.

From your profile, it seems that you passed CEH last week. Congrats!

ispep13

Thanks Mike 7. I did take and pass it last Friday.

[Deleted User]

Well I am about a quarter of the way finished studying for this exam. Just finished reading Chapter 3 of the Matt Walker book and watching the LearnSmart CEH video course on Udemy. I think these are a great combo together for understanding the material. I am feeling decent with the material I have covered so far and understand the concepts on a high level and in a somewhat in depth level. Just made a lot of flashcards to memorize some of the more crucial concepts like TCP flags, Nmap command syntax and common tools used for certain stages such as enumeration, scanning utilities etc. So far things are in plan for taking this exam in November/December of this year. One question I have is does the CEH bring any sort of reliability to holding the credential or give you "cred from IT pros"? I know other certs like OSCP, CISSP GIAC etc are more "gold standard" but will CEH start to at least open up doors? I know that no one certs is the end all be all but since I work in Security operations, could this potentially lead into pentesting or even more advanced security positions? I will continue to earn other certs like CISSP once I get more experience and getting the new CCNA Security once it comes out.

TechGuru80

CEH is huge as far as getting past HR departments. They see CEH and it is something they know. As far as getting you ready for pentesting, you are learning theory and when it comes down to it...passing the exam doesn't actually mean you can hack anything. I saw a comparison to getting a concealed weapons permit...for the CEH you pay the fee and take the exam but it doesn't actually mean you can hack or use a weapon appropriately. A course like OSCP requires you to prove your skills and therefore will hold more weight. I personally would say its worth the HR value but very little past that, but hey if you get a job that pays for example $5,000 more because of it then the ROI is well worth it.

Mike7

Or if you want, continue to get the higher level certs from EC Council

CEH --> ECSA --> LPT

Ethical Hacking --> Security Analysis --> Penetration Testing

[Deleted User]

I haven't seen the ECSA or LPT show up on many job postings at all other then CEH from EC-Council. is the ECSA or LPT even respected much or noticed in IT at all?

[Deleted User]

Well I have finished reading chapters 3 and 4 of the Matt Walker CEH book along with reviewing the videos from the LearnSmart video course. I decided to take the CEH assessment test just for the heck of it and I passed with only a 72%. I feel like a dumbass because some of the questions I second guessed myself on and I could have gotten them right getting me up to an 80 if I didn't second guess it%. Keep in mind though I haven't finished reading all of the book yet or finished the entire video course entirely. I still have a ways to go before I consider attempting this exam. At least I know that this material is making sense to me seeing my score after being half way through the material. Is the CEH assessment a good indicator at all to the real exam? I have the Boson exams and the Matt Walker practice exam book and want to see if there are any other good practice tests I could purchase for this exam? I was barely able to afford this exam voucher and I don't want to fail this test.

Mike7

kMastaFlash wrote: »

is the ECSA or LPT even respected much or noticed in IT at all?

So far, I have seen trainers with that ECSA and LPT titles.
The CEH is great for getting through HR. Those who know will look for GPEN, OSCP...

Mike7

kMastaFlash wrote: »

I decided to take the CEH assessment test just for the heck of it and I passed with only a 72%.

Are you referring to the assessment on EC Council web site?

FWIW, I tried it, got 76%; and decided to take the exam.
Spent a few weeks with Matt Walker book (and the EC Council course outline) and passed it with 90%.
I do have security background (CISSP, CASP), so it is just a matter of reading up on topics that I am not familiar with.

The CEH AIO book is a great resource; read through the entire book, pay special attention when he mention "in the exam" and "memorize this", and do the questions. If you go through the forum threads, you will find more tips on areas to focus on.

[Deleted User]

Yes the assessment on EC Council website is what I took.

Mike7

Then you are on the right track. Finish the book, understand the concepts, memorize important sections, do the questions and you are good to go.

[Deleted User]

Well, I am 3/4 of the day done with the material for the CEH exam! I am on Chapter 7 of the Matt Walker book. I am splitting up the reading over the weekend doing 1 chapter on Sat and 1 on Sunday (basically no life on the weekends). But in the end, it will all be worth it. I am understanding the concepts for the most part and I can say that the Matt Walker book is really all you need to pass the test. From looking at the other books, it doesn't keep things interesting or cover what is really important for the test. I have learned more from this book then my CompTIA certifications that's for sure. I am pacing myself with my studies but I would like to have this finished by November of this year. I have about 2 more weeks of reading this book then I will take a practice exam to gauge on the areas I need more work on. I know a few chapters where I need to focus more on like the concepts of LM Hashes for the Windows operating system for sure. I will need to review Nmap switches and look at Snort outputs along with Wireshark. Does anyone know of any sites that have questions similar to CEH ones (not braindump) that has Snort output to analyze?

Robertf969

I'm going to jump on the study with you. I finished about a quarter of the videos on FEDVTE. I'll pick up the Matt Walker book.

[Deleted User]

Hey man the more the merrier I say! Make sure you pick up the 2nd edition. I have found it to be a better resource then the Official courseware imo. I mainly bought it for the Lab-book and the software discs as I didn't have an internet connection to download the utilities when I moved into my new apartment.

Outrageous

I've started taking the online course, with the goal to take the exam in a month or two. I guess I'll be picking up Walker's book, since you all speak very highly of it.

roninkai

Thought I'd chime in here as someone who has just finished the Matt Walker book. I was scheduled to take the exam on Thursday, but postponed it as I don't think I'm ready. Another week or two maybe. Having a new baby has definitely slowed my study progress, but all is well. I usually give myself 2 weeks of exam sims / test preps after I've finished the study materials.

Here's been my path, and I'm almost to the end:

1) watched the EC-Council Skillsoft training. (very dry and hard to sit through)
2) about 90% through the CBT Nuggets CEH videos
3) read the entire Matt Walker AIO guide.

Now, remaining for me is:
1) re-read the chapter review from each chapter of AIO
2) find / write out each "exam tip" given in AIO
3) take the AIO practice tests and chapter review questions

Also, because I want to actually become a pen tester someday and not just pass this exam, I recently bought:
1) The Hacker's Playbook 1 & 2
2) The NMAP 6 Cookbook (this has been a great resource, and easy quick read)

The only test day available in my area is way out in middle October. So unless I can find an earlier Saturday, I now have 1.5 months to fill in. I'm trying to determine which cert to tackle next.

knewbold

my exam is this Saturday
I have used the skillsoft training and I just feel that its a little short - and things must be missing.
hoping to do some snort and nmap training soon - but I am worried im missing things.

not got time to cram much as its only 2 days away...... arrgghhh

roninkai

I just got this for Nmap and it's great. Get it on Kindle, you can read it in 1 night:

http://www.amazon.com/Nmap-Cookbook-Network-Security-Scanning/dp/1507781385/ref=sr_1_2?ie=UTF8&qid=1441235056&sr=8-2&keywords=nmap&pebp=1441235363373&perid=1F8C6V80CYRXPH0G18MH

Robertf969

My update: I am halfway through the FEDVTE videos and about a quarter of the way through the book. Guess I will submit my application to waive the class requirement. Anyone done this and know how long it takes? Would like to sit for the exam in October.

Mike7

Robertf969 wrote: »

Anyone done this and know how long it takes? Would like to sit for the exam in October.

Entire process at https://cert.eccouncil.org/application-process-eligibility.html

An overview for those interested.

Create account at EC-Council Store
Apply for, fill in and submit application form
$100 Eligibility Application Fee payment via store

EC-Council will contact your supervisor. He/She needs to submit a signed verification form.
If all goes well

EC-Council confirms receipt of verification and approves your application
Purchase $500 exam voucher from EC-Council Store
EC-Council verifies and provides exam voucher code

Congratulations! Your eligibility application process is now complete. Your VUE Eligibility code for the CEH Exam is ECXXXXXXX and the Exam voucher code is EC0XXXXXXX

Kindly take note that your exam voucher & eligibility codes are valid only for3 months from the date of release.
(Should you require the exam voucher validity to be extended, kindly forward this email to finance@eccouncil.org)

The entire process took 3 days for me.

You then book exam at Pearson Vue, dates subjected to availability which for me was 3 weeks later. So you may want to start the process soon.

[Deleted User]

Well I have finished the Matt Walker All in 1 study guide and took a Boson practice exam and I passed. I got 710 on the Boson practice exam. I still have some work to do before I sit for the real thing. I picked up the Michael Gregg CEH book along with the Ucertify course. I plan on using Ucertify for the practice exam questions and using the Michael Gregg book to review the concepts that are just not sticking in my head. I am trying to save my practice exams and use them sparingly as I only have a few. Does anyone know of other vendors that produce legit practice exams for the CEH? I have the Boson and the TotalTester exams from McGrawHill and I took the assessment test on the EC-Council website and the exams that come with the Pearson study guide. Thanks guys!

eth0

kMastaFlash wrote: »

One question I have is does the CEH bring any sort of reliability to holding the credential or give you "cred from IT pros"? I know other certs like OSCP, CISSP GIAC etc are more "gold standard" but will CEH start to at least open up doors? I know that no one certs is the end all be all but since I work in Security operations, could this potentially lead into pentesting or even more advanced security positions? I will continue to earn other certs like CISSP once I get more experience and getting the new CCNA Security once it comes out.

With CEH you can be risk analyst, with OSCP pentester

. If you can pass OSCP without problems they you are good to be pentester of infrastructure. Then you will need learn websec too. After that mobile stuff security and systems Windows/Linux to perform whitebox, whatever this knowledge will help you a lot in blackbox too and I think this is not even possible to pass OSCP without Linux knowledge. To be honest in my country most real hackers just ridicule CEH and CISSP. If you want be pentester you need have at least knowledge about infrastructure pentests and websec. So you need be good in networks, systems (Linux and/or Windows) and know OWASP top 10 (good will be some knowledge about PHP etc too, it can help you a lot too). Also strong scripting skills like bash and python languages. I work as pentest specialist (higher technical position, under is analyst and senior analyst) in one of some largest banking groups.

TK1799_st

Hope you have been reading all the other posts on the CEHv8 change to v9 - and the material is 80-90% changed from those two versions.

basically - all that stuff you worked on is now irrelevant....unless ECC decides to backtrack and offer v8 and v9 separately.

That discussion just started on MONDAY of this week.

gncsmith

Robertf969
How are the FEDVTE courses? I just got my login this morning and haven't been able to spend much time looking through them.

BillV_

TK1799_st wrote: »

Hope you have been reading all the other posts on the CEHv8 change to v9 - and the material is 80-90% changed from those two versions.

basically - all that stuff you worked on is now irrelevant....unless ECC decides to backtrack and offer v8 and v9 separately.

That discussion just started on MONDAY of this week.

Why do you continue to spread inaccurate information? A change from 20 modules to 18 modules is a 10% change.

BillV_

Here are the changes.

Course.JPG