A word of caution about CEH V8/V9

cyberguypr

But they "would like to support you". Hilarious.

Many here know how much I despise this organization so I'll leave it at that.

binarysoul

I had thought I found a good cert, CEH. Now I have to seek something else. My frustration/rant is posted below

http://www.techexams.net/forums/ec-council-ceh-chfi/114816-cutting-short-my-ecc-journey.html

cehv9

binarysoul wrote: »

I had thought I found a good cert, CEH. Now I have to seek something else

OSCP. Worth the time and money!!!

TK1799_st

The lady who is the Certification Director - here's Cherylann Vanderhide LinkedIn:

https://my.linkedin.com/pub/cherylann-vanderhide/48/8bb/101

Malaysia...nice.....

BillV_

All, I just wanted to jump in here and at least attempt to clear a few things up. I've read every post in this thread but I'm sure I'm going to miss addressing something. Feel free to reply back with any additional questions. The post above by OctalDump really hit on most of the major points too.

First, let's address the versioning as it seems a lot of people are upset about this and don't seem to really understand what's happening. The v8 and v9 exams should be very similar (as has been previously mentioned). EC-Council earned ANSI accreditation with CEHv8 (and thus any future versions).

Per ANSI, the exam must reflect the the job duties of an "ethical hacker."

So why is that important? Because it makes the version number of the exam irrelevant. The argument "I studied for v8 and took the v9 exam" is pretty much thrown out the window. It's an ANSI exam, targeted at the job and not a specific exam number. As such, yes, there will be subtle updates to reflect the constantly changing field but there shouldn't be drastic changes.

Yes, just as with other ANSI organizations (e.g., CompTIA) EC-Council has to jump through a ton of hoops to review their exam and process. Included in this, is the beta questions. There is either a set number or set percentage of these questions that will be on your exam. They are not scored and, generally, will stand out to you if you know your stuff well.

Another relevant requirement from ANSI is that the exam is not to be developed based on the courseware from EC-Council. The reason behind this is that they require everyone to have an equal opportunity to pass the exam - whether you choose to just sit for it based on experience, self-study with any number of resources that have been listed in this thread, or use the official EC-Council courseware.

That all said, I don't know how well some of those third-party resources may actually prepare you for the exam. They may or may not. Based on the comments here, it seems like they aren't quite cutting it yet. Keep in mind the time it takes to write a book and when v8 (the first ANSI accredited version) came out. That was a bit of an overhaul in comparison to prior versions due to all of the new requirements and processes that went into its development and rollout. Going from v8 to v9 should be pretty much seamless.

With regards to the "threatening" comments about changing to OSCP (at least from the DoD side), while possible, that's not likely to happen. It's the government that is pushing/requiring this ANSI accreditation. And the "big players" as far as certification organizations go, will throw the non-ANSI accredited institutions under the bus when it comes to selecting one versus another. I don't see the guys over at OffSec jumping through all those hoops anytime soon - though maybe they will at some point. Also, OSCP is nowhere near as "broad" as CEH. Don't get me wrong, it's still a great certification/course and I very much enjoyed it but it's not quite the same.

As was provided by the EC-Council representative, there is a blueprint that is published (required per ANSI, surprised?) that contains the specific objectives and so forth. This is what you should use as your guide when selecting the appropriate training material.

Like I said, I'm sure I haven't addressed all of the concerns highlighted in this thread. But I'm glad to continue the discussion with anyone that has questions.

JusCoolin

So I send Cherylann a simple little email stating:

"Could you please provide me with the list of New tools, vulnerabilities, cloud computing items you claim to have added in this new exam such as the following below:

* Focus on New Attack Vectors
* Emphasis on Cloud Computing Technology
* CEHv9 focuses on various threats and hacking attacks to the emerging cloud computing technology
* Covers wide-ranging countermeasures to combat cloud computing attacks
* Provides a detailed pen testing methodology for cloud systems to identify threats in advance
* Emphasis on Mobile Platforms and Tablet Computers
* CEHv9 focuses on the latest hacking attacks targeted to mobile platform and tablet computers and coverscountermeasures to secure mobile infrastructure
* Coverage of latest development in mobileand web technologies
* New Vulnerabilities Are Addressed
* Heartbleed CVE-2014-0160
* Heartbleed makes the SSL layer used by millions of websites and thousands of cloud providers vulnerable.
* Detailed coverage and labs in Module 18: Cryptography.
* Shellshock CVE-2014-6271
* Shellshock exposes vulnerability in Bash, the widely-used shell for Unix-based operating systems such as Linux and OS X.
* Detailed coverage and labs in Module 11: Hacking Webservers
* Poodle CVE-2014-3566
* POODLE lets attackers decrypt SSLv3 connections and hijack the cookie session that identifies you to a service, allowing them to control your account without needing your password.
* Case study in Module 18: Cryptography
* Hacking Using Mobile Phones
* CEHv9 focuses on performing hacking (Foot printing, scanning, enumeration, system hacking, sniffing, DDoS attack, etc.) using mobile phones
* Courseware covers latest mobile hacking tools in all the modules
* Coverage of latest Trojan, Virus, Backdoors
* Courseware covers Information Security Controls and Information Security Laws and Standards
* Labs on Hacking Mobile Platforms and Cloud Computing
* More than 40 percent new labs are added from Version 8
* More than 1500 new/updated tools
* CEHv9 program focuses on addressing security issues to the latest operating systems like Windows 8.1
* It also focuses on addressing the existing threats to operating environments dominated by Windows 7, Windows 8, and other operating systems (backward compatibility)
Also if you do not do version numbers anymore, than why does the site highlight that the newest version of the exam is "v9"?Could you please provide me with the list of New tools, vulnerabilities, cloud computing items you claim to have added in this new exam such as the following below:
* Focus on New Attack Vectors
* Emphasis on Cloud Computing Technology
* CEHv9 focuses on various threats and hacking attacks to the emerging cloud computing technology
* Covers wide-ranging countermeasures to combat cloud computing attacks
* Provides a detailed pen testing methodology for cloud systems to identify threats in advance
* Emphasis on Mobile Platforms and Tablet Computers
* CEHv9 focuses on the latest hacking attacks targeted to mobile platform and tablet computers and coverscountermeasures to secure mobile infrastructure
* Coverage of latest development in mobileand web technologies
* New Vulnerabilities Are Addressed
* Heartbleed CVE-2014-0160
* Heartbleed makes the SSL layer used by millions of websites and thousands of cloud providers vulnerable.
* Detailed coverage and labs in Module 18: Cryptography.
* Shellshock CVE-2014-6271
* Shellshock exposes vulnerability in Bash, the widely-used shell for Unix-based operating systems such as Linux and OS X.
* Detailed coverage and labs in Module 11: Hacking Webservers
* Poodle CVE-2014-3566
* POODLE lets attackers decrypt SSLv3 connections and hijack the cookie session that identifies you to a service, allowing them to control your account without needing your password.
* Case study in Module 18: Cryptography
* Hacking Using Mobile Phones
* CEHv9 focuses on performing hacking (Foot printing, scanning, enumeration, system hacking, sniffing, DDoS attack, etc.) using mobile phones
* Courseware covers latest mobile hacking tools in all the modules
* Coverage of latest Trojan, Virus, Backdoors
* Courseware covers Information Security Controls and Information Security Laws and Standards
* Labs on Hacking Mobile Platforms and Cloud Computing
* More than 40 percent new labs are added from Version 8
* More than 1500 new/updated tools
* CEHv9 program focuses on addressing security issues to the latest operating systems like Windows 8.1
* It also focuses on addressing the existing threats to operating environments dominated by Windows 7, Windows 8, and other operating systems (backward compatibility)
Also if you do not do version numbers anymore, than why does the site highlight that the newest version of the exam is v9 ?"

And then I get a very nice response of:

Hi JusCoolin,

I fail to see these claims by us, can you point this out to me. Was this in an email to you ?
Which web page states that the latest exam is CEH with a version number 9.
Please send this url to me.
Also are you looking to reattempt the test?

Thank you"

Lol so I kindly sent her this link CEH: Certified Ethical Hacking course from EC-Council and also let her to try not to change it once she reviews the site because I have screenshots and also as a future Ethical Hacker we the public can just go to www.Archive.org per CEHv8 and check the WayBackMachine for any site changes (correct me if I am wrong).

TK1799_st

JUSCOOLIN -- SCORE !!!!!!

This chick doesn't have certifications - she's a business major who thought she'd come up with a new way to screw IT professionals out of money -- and it's backfiring on her each time she sends out an e-mail....

I wonder how that meeting in New Mexico is going on right now out in EC Council's HQ????

supasecuritybro

Like I said, she is responding as in the certification number changed and not realized what people are complaining about is that the bank of questions are already pointing to a new certification without changing the version number. Someone needs to spell it out for her.

TK1799_st

I tried - but she's not getting it....why I contacted the VP....

supasecuritybro

TK1799_st wrote: »

I tried - but she's not getting it....why I contacted the VP....

I appreciate the leg work you put into it. Hoping this gets resolved right.

JusCoolin

BillV_

supasecuritybro wrote: »

Like I said, she is responding as in the certification number changed and not realized what people are complaining about is that the bank of questions are already pointing to a new certification without changing the version number. Someone needs to spell it out for her.

Again, the version number complaint is invalid. It is an ANSI test. The version number is irrelevant. Whether you "study for v8" and take the "v9" exam doesn't matter. The exam is based on the job requirements, not the EC-Council courseware.

TK1799_st

BillV_ wrote: »

Again, the version number complaint is invalid. It is an ANSI test. The version number is irrelevant. Whether you "study for v8" and take the "v9" exam doesn't matter. The exam is based on the job requirements, not the EC-Council courseware.

That's great - because until they said that - which was basically a week before I took the exam - that intelligence was not known.

Had I know this is hwo this exam was going to be developed - I would have skipped it and move right into OSCP.

On top of that - the release was not suppose to occur until 01 NOV -- that is another valid complaint that it was released sooner - screwing those of us who thought we had prepared correctly.

There is going to be a huge credibility issue and lost of confidence in people seeking hacking degrees and they will seek OSCP - rather than a organization that is maintaining a fluid and ever changing environment of questions based off a large amount of material....no structure will no be a good selling point...

BillV_

I guess I don't understand your complaint then. That is how all ANSI accredited exams are required to be developed.

If you studied for the exam and then found out that the version numbers don't matter, what's the complaint?

IronmanX

Nice Post BillV

I think you guys are fighting a loosing battle:
"4. Our exam is updated from to time to capture all the latest skills and knowledge a CEH should have as per industry requirements. So should you see any updated content, it only confirms are test are updated and test the current skills and knowledge the industry expects a CEH to hold."
^^^That pretty much covers their butts. They can add anything they want.

I mentioned before I was tested in march on a bunch of stuff not covered in the v8 course.

Talking about the v8 course that is where the confusion lies.
From the EC Council web site: "What is new in the CEH Version 9 Course". No mention of a v9 exam as stated by BillV "It's an ANSI exam, targeted at the job and not a specific exam number. As such, yes, there will be subtle updates to reflect the constantly changing field but there shouldn't be drastic changes."

My understanding is in order to be ANSI certified they need to keep there questions up to date.

Your not suppose to disclose what questions where asked but seem like your last email references Poodle, Heartbleed and Shellshock. All of which are at least a year old.

It sucks that you failed at least they are offering $150 off a retake.
I also found there to be many questions on the exam not covered in the material I read/in the v8 course. I thought I was going to fail the exam while taking it due to so many questions not being covered in material I had read. During the exam I started trying to figure out how to study for a retake and quickly came to the conclusion there is no way other then work experience.

I have looked into CISSP boot camps and noticed they do not provide a version number. I assume if i took a bootcamp 2 years ago it would cover different things then a CISSP bootcamp would today.

CISSP says:
"Content was not removed from the exam and/or training material, but rather refreshed and reorganized to include the most current information and best practices relevant to the global information security industry."

"The CISSP draws from a comprehensive, up-to-date, global common body of knowledge that ensures security leaders have a deep knowledge and understanding of new threats, technologies, regulations, standards, and practices. "

TK1799_st

The complaint is that I used v8 Objective list which has 20 separate modules on it - went through the Official training that states it is V8 - and signing up for the exam which states V8 - and getting into the exam which is obviously v9 - and confirming that 2 days later when CEH v9 webpage is updated to show what the NEW Objective List is that states all over the website that v9 is now out....looking at the v9 Objective list and the very specific knowledge elements on that list - I discovered that I was tested on V9 and was not offered a transition period to make sure I got the V8 material - not the 01 NOV 2015 Exam - very - very early - that should have been released then - not the night before I took it. Pearson Vue confirmed that the push was the nite before I took it....that is unprofessional and unfair to someone that took the issued list and populated it with their own V8 material that they sell for $870...only to ambush them the next day with brand new material.

Staying current comes after achieving a foundational exam - then building off it -- not the way they did it!

TK1799_st

IronmanX wrote: »

Nice Post BillV

I think you guys are fighting a loosing battle:
"4. Our exam is updated from to time to capture all the latest skills and knowledge a CEH should have as per industry requirements. So should you see any updated content, it only confirms are test are updated and test the current skills and knowledge the industry expects a CEH to hold."
^^^That pretty much covers their butts. They can add anything they want.

I mentioned before I was tested in march on a bunch of stuff not covered in the v8 course.

Talking about the v8 course that is where the confusion lies.
From the EC Council web site: "What is new in the CEH Version 9 Course". No mention of a v9 exam as stated by BillV "It's an ANSI exam, targeted at the job and not a specific exam number. As such, yes, there will be subtle updates to reflect the constantly changing field but there shouldn't be drastic changes."

My understanding is in order to be ANSI certified they need to keep there questions up to date.

Your not suppose to disclose what questions where asked but seem like your last email references Poodle, Heartbleed and Shellshock. All of which are at least a year old.

It sucks that you failed at least they are offering $150 off a retake.
I also found there to be many questions on the exam not covered in the material I read/in the v8 course. I thought I was going to fail the exam while taking it due to so many questions not being covered in material I had read. During the exam I started trying to figure out how to study for a retake and quickly came to the conclusion there is no way other then work experience.

I have looked into CISSP boot camps and noticed they do not provide a version number. I assume if i took a bootcamp 2 years ago it would cover different things then a CISSP bootcamp would today.

CISSP says:
"Content was not removed from the exam and/or training material, but rather refreshed and reorganized to include the most current information and best practices relevant to the global information security industry."

"The CISSP draws from a comprehensive, up-to-date, global common body of knowledge that ensures security leaders have a deep knowledge and understanding of new threats, technologies, regulations, standards, and practices. "

Having Floating and fluid content that is never ending will cost them in future students. No one wants to study for 6 - months only to find out they researched and studied the wrong material, exploits, hacking tools, etc....why risk it. Exams need boundaries - and up until OCT 2015, ECC had those boundaries defined - they changed it up last minute. The element I work for - already those planning this are walking away from it and heading to OSCP. This debacle is hurting their reputation - and in the last 96 hrs I guarantee there are far more people reading this point alone that are walking away from ECC altogether.

OSCP was my next step anyway --- my lost of $500 will save other from taking a $600 exam and retake at $350...where OSCP is less than that and it's what high end hackers use anyway....why bother with ECC at this point....???

BillV_

Right. And CISSP just went through a major update, changing their domains. But they do not use version numbers, and the actual changes to the exam were very little. The actual CEH certification has also dropped the version number. If you pass today, or pass any ANSI accredited version of the exam, you are a CEH (not a CEHv9). However, if you are v7 or below, you are expected to put the version number on (as ANSI requires that there be a way to distinguish them).

The issue biggest issue is that, per ANSI, the exam is not to be written based on the courseware. Once things "level" out and the third-party book writers know what is on the exam, then they can properly write a study guide for it. As was stated in the reply from EC-Council, the exam questions and items were determined by SME's.. so you're taking an exam where an "ethical hacking" expert has determined that's a relevant topic/job function for a CEH candidate to know (regardless of study material/courseware/etc.). Whether that panel of experts and the third-party book writer are in agreement, who knows. And that's part of the reason for the "well, I saw X question but Z book didn't even cover that."

Per ANSI, everyone is required to have a fair shot, regardless of how you choose to study. The same goes for the passing score. I actually thought many of the questions were too easy and recommended the minimum score be moved to 80%. ANSI won't allow it. If you take the test today and have to pass at 70%, then it isn't fair to the person who takes it in a year from now but has to score an 80% to achieve the same credential.

So, believe it or not, ANSI is looking out for the certification candidate. I personally dislike it from the certification body perspective, as it requires a whole lot of extra effort and hoops. And from a certification holder perspective, I could care less whether it's ANSI accredited or not. The only people that seem to care, hence the push for ANSI, is the government and DoD.

BillV_

You're looking at the v9 course content.

The exam blueprint (https://cert.eccouncil.org/images/doc/CEH-Exam-Blueprint-v2.0.pdf) was not changed from v8 to v9.

If EC-Council has decided to change their courseware/course, that is separate from the exam.

BillV_

TK1799_st wrote: »

The complaint is that I used v8 Objective list which has 20 separate modules on it - went through the Official training that states it is V8 - and signing up for the exam which states V8 - and getting into the exam which is obviously v9 - and confirming that 2 days later when CEH v9 webpage is updated to show what the NEW Objective List is that states all over the website that v9 is now out....looking at the v9 Objective list and the very specific knowledge elements on that list - I discovered that I was tested on V9 and was not offered a transition period to make sure I got the V8 material - not the 01 NOV 2015 Exam - very - very early - that should have been released then - not the night before I took it. Pearson Vue confirmed that the push was the nite before I took it....that is unprofessional and unfair to someone that took the issued list and populated it with their own V8 material that they sell for $870...only to ambush them the next day with brand new material.

Staying current comes after achieving a foundational exam - then building off it -- not the way they did it!

Who did you take the training through? Did you do it through EC-Council? An ATC? Or some other provider?

As I've mentioned, there are no major changes to the test. Personally, I would go back to the company that you took the training through and take up a complaint with them. Most companies offer some sort of "guarantee" or allow you to resit the course. Or maybe you just had a bad instructor (as the exam outcome is usually heavily dependent on the quality of the instructor).

TK1799_st

BillV_ wrote: »

Who did you take the training through? Did you do it through EC-Council? An ATC? Or some other provider?

As I've mentioned, there are no major changes to the test. Personally, I would go back to the company that you took the training through and take up a complaint with them. Most companies offer some sort of "guarantee" or allow you to resit the course. Or maybe you just had a bad instructor (as the exam outcome is usually heavily dependent on the quality of the instructor).

I used EC Council's v8 CEH Examination material - official material - backed up with Sybex book and CBT Nuggets and Secure Ninja (who was just awarded the contract to train on site personnel the CEHv9 Course) I have the Official CD's that are sold in the iStore for $870.

I covered what I should have "officially" and was given a whole new exam that was not to be released until 01 NOV.

The people I've spoken to at EC C HQ in NM have confirmed this - Pearson Vue has confirmed this - I'm just waiting on the VP of EC North America to get back to me on a resolution.

The page where one goes to get the CEH course (up until OCT 2015 it was v9 - did not LINK or ADVERTISE the blueprint sent to me by the woman in Malaysia - no one knew about the transition into ANSI.

Everyone who is discounting this really has no idea what those of us were lead to believe and what we needed to do. Had I taken it 3 weeks before - it wouldn't have been an issue from those that recently tested that were ahead of me using the SAME MATERIALS listed above....that's is under handed tactic by ECC testing to pull a stunt like that.

This isn't my first rodeo....I know when I've been ambushed - so do the others on here that used the same study method I did....people who used 3rd party stuff and not even the Official training course - still passed because the questions related to the v8 Objectives. My questions related to the v9 Objectives. So yes - I have a valid complaint - the VP of EC Council North America agrees with me.

So --- now I'm waiting to see what the resolution will be...and what ECC will do from this point on as this transition period commences.....

To be determined

BillV_

I guess I'm confused on what exactly comes out Nov 1 that should be that much different from the current version of the exam. If you received some sort of strange beta test, then yeah, that would be completely unexpected. But there is not "supposed to be" that drastic of a change in the exam.

What page are you referencing to get the CEH course? Can you link me to it?

I'm by no means trying to discount your issues. I'm trying to understand what exactly is happening. For all previous version changes, the prior version of the exam was still available for 6 months after the release of the new version. The only difference I see now is that the version is irrelevant due to ANSI standards. That's the point I'm trying to make that it shouldn't matter if you took the "v8" course or used "v8" study materials - they should still be sufficient to prepare you for the exam.

You seem to be confusing the courseware and the exam. The "objectives" for the CEH exam are what is listed in that blueprint document. This document, to the best of my knowledge, has not been changed. On the flip side of that, the EC-Council "courseware" has gone through a change and the "topics" covered within the course have been updated.

Have you filled out any forms to submit to EC-Council to file your complaint or has this all been done via email? I will also follow-up with the VP as well.

How far off were you on your exam (what score did you get)? And what date did you take it?

supasecuritybro

BillV_ wrote: »

I guess I'm confused on what exactly comes out Nov 1 that should be that much different from the current version of the exam. If you received some sort of strange beta test, then yeah, that would be completely unexpected. But there is not "supposed to be" that drastic of a change in the exam.

What page are you referencing to get the CEH course? Can you link me to it?

I'm by no means trying to discount your issues. I'm trying to understand what exactly is happening. For all previous version changes, the prior version of the exam was still available for 6 months after the release of the new version. The only difference I see now is that the version is irrelevant due to ANSI standards. That's the point I'm trying to make that it shouldn't matter if you took the "v8" course or used "v8" study materials - they should still be sufficient to prepare you for the exam.

You seem to be confusing the courseware and the exam. The "objectives" for the CEH exam are what is listed in that blueprint document. This document, to the best of my knowledge, has not been changed. On the flip side of that, the EC-Council "courseware" has gone through a change and the "topics" covered within the course have been updated.

Have you filled out any forms to submit to EC-Council to file your complaint or has this all been done via email? I will also follow-up with the VP as well.

How far off were you on your exam (what score did you get)? And what date did you take it?

Finally you see it. Yes the course ware and all the objectives for the exam were all good for the current (or what should have been currently out) exam. Once in the exam room this week the topics were all for the new objectives, shell-shock, firewall, incident management; type of questions. The appeal is to the fact that if the test was in beta it should have been announce to all people to opt out and go for the exam they were ready for.

I took it this week and got a 63%. I know I would have passed with what and how thorough I was with all my studying. I gave it more than enough time and did labs to ensure I understood the tools on a hands on level.

JusCoolin

supasecuritybro wrote: »

Finally you see it. Yes the course ware and all the objectives for the exam were all good for the current (or what should have been currently out) exam. Once in the exam room this week the topics were all for the new objectives, shell-shock, firewall, incident management; type of questions. The appeal is to the fact that if the test was in beta it should have been announce to all people to opt out and go for the exam they were ready for.

I took it this week and got a 63%. I know I would have passed with what and how thorough I was with all my studying. I gave it more than enough time and did labs to ensure I understood the tools on a hands on level.

My wife took it yesterday and received a 64%. Sucks...smh

TK1799_st

JusCoolin wrote: »

My wife took it yesterday and received a 64%. Sucks...smh

Uhm....

I got a 59% - others 63% - 64%..... so it looks like the study habit of those of us that studied are all around the same mark with v8 - plus the other certifications we've earned....that is telling in itself.

Either ECC gives us a FREE retake of v8 - or they pass us by readjusting the Pass/Fail % on who set the highest bar and the lowest...

It will be interesting what ECC will say....

GreaterNinja

my problem is I have to pass the CEh v8 for my WGU masters program and I've already spent a month + reading the CEH v8 books...how frustrating..

JusCoolin

TK1799_st wrote: »

Uhm....

I got a 59% - others 63% - 64%..... so it looks like the study habit of those of us that studied are all around the same mark with v8 - plus the other certifications we've earned....that is telling in itself.

Either ECC gives us a FREE retake of v8 - or they pass us by readjusting the Pass/Fail % on who set the highest bar and the lowest...

It will be interesting what ECC will say....

Yea I actually scored a 62%, didn't know we were all around the same range.

certlover

In Vue website, we have 2 exams : 312-50 and 312-50v8.
My scheduled exam is showing : v8, do you think I still may get the v9 ?

Cheers

supasecuritybro

I was signed up for the v8. I checked all that to ensure I sat for the right exam but it turned out to be a different exam

JusCoolin

certlover wrote: »

In Vue website, we have 2 exams : 312-50 and 312-50v8.
My scheduled exam is showing : v8, do you think I still may get the v9 ?

Cheers

Showed 312-50v8 for my wife and I and still turned out to be a different exam.