Stupid CEH

CyberscumCyberscum Member Posts: 795 ■■■■■□□□□□
Although I am totally against EC the writing is on the wall. My employer is now requiring that I become CEH by the end of December. I was actually considering the OSCP, but I now have to spend time to knock out the cert by XMAS.

So I have heard that Walkers AIO is the way to go, is this correct?

Also, if I take it in December will it be V9?

Any other tips and advice would be greatly appreciated.

Thanks in advance!

Comments

  • CyberscumCyberscum Member Posts: 795 ■■■■■□□□□□
    Also, would the Walker AIO suffice for the V9 test? All I can find on Amazon is the V8 edit.
  • supasecuritybrosupasecuritybro Member Posts: 206 ■■■■□□□□□□
    Wait until you get the new material out. There is an on-going talk about what is out there being enough or not, but since there is new material starting to pop up, I'd wait to make sure I get the right picture. Don't waste you money taking the test yet.
    Completed: CISSP, GPEN, GWAPT, CCSA R80, eJPT, CySA+, M.S. Information Security
    Current Goal: CCSE
    Continuous Education Plan:​ AWS-SAA, OSCP, CISM
    Book/CBT/Study Material:​ Max Power
  • Sch1smSch1sm Member Posts: 64 ■■■□□□□□□□
    The only courseware specifically for v9 is the EC-Councils own which costs $885. https://store.eccouncil.org/product/cehv9-courseware-im

    People on here keep saying the exam isn't based on any material. If that is the case it's strange that the EC-Council are selling a bunch of unrelated books. I would try and delay your deadline for a few months until other material comes out. If you have no other option I'd say your best chance would be to memorise the AIO book as best as possible and look up some of the new v9 material online and hope the stuff you read covers what the questions will.
  • kiamkiam Member Posts: 18 ■□□□□□□□□□
    I'm new to certifications,
    but what exactly about the CEH makes it 'stupid'?
  • supasecuritybrosupasecuritybro Member Posts: 206 ■■■■□□□□□□
    kiam wrote: »
    I'm new to certifications,
    but what exactly about the CEH makes it 'stupid'?

    Nothing stupid about it. If you are interested in the world of cyber, I believe its a great foundation of knowledge and should set the groundwork for a life time of learning beyond it. You will not be a proficient ethical hacker but you will be pretty well rounded in the direction you need to become one.

    The fuss on this site, is that there is new material out, updated exam (without EC-Council stating the change). You just have to get the new material to get yourself ready for the exam. Don't use exam ****, learn the material and try hands on work.

    Have a good one!
    Completed: CISSP, GPEN, GWAPT, CCSA R80, eJPT, CySA+, M.S. Information Security
    Current Goal: CCSE
    Continuous Education Plan:​ AWS-SAA, OSCP, CISM
    Book/CBT/Study Material:​ Max Power
  • CyberscumCyberscum Member Posts: 795 ■■■■■□□□□□
    Well, I cant wait unfortunately. I am vaguely familiar with nmap, wire shark, aircrack suite, retina, ACAS and other generic tools as I play around with the Kali distro on occasion.

    I would never pay for education from EC council especially $885 for slides and a book.

    I was thinking about just being familiar with the Walker book and brushing up on the Kali distro. It always seems odd that people say that there are questions that are not on the training material in the test. People said the same thing about CISSP and I felt that if you learned the material in the AIO you could figure out the question...Maybe the CEH test is really written that badly, I doubt it though.
  • CyberscumCyberscum Member Posts: 795 ■■■■■□□□□□
    kiam wrote: »
    I'm new to certifications,
    but what exactly about the CEH makes it 'stupid'?

    That an employer/HR would use this cert as a baseline to get operational or advanced pen testers/security employees.
  • kiamkiam Member Posts: 18 ■□□□□□□□□□
    Nothing stupid about it. If you are interested in the world of cyber, I believe its a great foundation of knowledge and should set the groundwork for a life time of learning beyond it. You will not be a proficient ethical hacker but you will be pretty well rounded in the direction you need to become one.

    The fuss on this site, is that there is new material out, updated exam (without EC-Council stating the change). You just have to get the new material to get yourself ready for the exam. Don't use exam ****, learn the material and try hands on work.

    Have a good one!
    Thanks for the reply supasecuritybro
    I just got started in this field and my employer
    really focuses on GIAC certifications like GCIA and GCIH, on my way to those probably.
  • supasecuritybrosupasecuritybro Member Posts: 206 ■■■■□□□□□□
    kiam wrote: »
    Thanks for the reply supasecuritybro
    I just got started in this field and my employer
    really focuses on GIAC certifications like GCIA and GCIH, on my way to those probably.

    If your employer is supporting your endeavor, go for the GCIH first. Its more advance but it will get you right where you need to be.
    Completed: CISSP, GPEN, GWAPT, CCSA R80, eJPT, CySA+, M.S. Information Security
    Current Goal: CCSE
    Continuous Education Plan:​ AWS-SAA, OSCP, CISM
    Book/CBT/Study Material:​ Max Power
  • IronmanXIronmanX Member Posts: 323 ■■■□□□□□□□
    I maybe of no help since I wrote my exam in March.

    I recommend Matt Walker All In One with the Practice tests.

    Play with the tools.
    Know WireShark, Nmap (how different Pings work behind the scenes), TCP Flags, Netcat, aircrack suite extremely well.

    Know your port numbers very well.

    The back of the Matt Walker book has a list of tools. Know what all of them are used for and which tool are better then others.

    Your going to get questions you are not expecting. As the Matt Walker book says it is kind of a well duhh statement but make sure to eliminate the false answers and you should get it down to two choices.
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    Cyberscum wrote: »
    That an employer/HR would use this cert as a baseline to get operational or advanced pen testers/security employees.
    Heaven forbid that an employer look for a way to determine baseline knowledge. That's like saying you shouldn't have to take the ACT / SAT to get into college.
  • supasecuritybrosupasecuritybro Member Posts: 206 ■■■■□□□□□□
    IronmanX wrote: »
    I maybe of no help since I wrote my exam in March.

    I recommend Matt Walker All In One with the Practice tests.

    Play with the tools.
    Know WireShark, Nmap (how different Pings work behind the scenes), TCP Flags, Netcat, aircrack suite extremely well.

    Know your port numbers very well.

    The back of the Matt Walker book has a list of tools. Know what all them are used for and which tool are better then others.

    Your going to get questions you are not expecting. As the Matt Walker book says it is kind of a well duhh statement but make sure to eliminate the false answers and you should get it down to two choices.

    Also, make sure you know about Shellshock, heart bleed, ALE/SLE/ARO, incident handling, disaster recovery. Those topics are not on the AIO nor any CEHv8 material.

    Just make sure to consume more topics outside whatever CEHv8 study guides/videos are still around.. or just wait for the next book or pay the 885 for the CEHv9 from ECC.
    Completed: CISSP, GPEN, GWAPT, CCSA R80, eJPT, CySA+, M.S. Information Security
    Current Goal: CCSE
    Continuous Education Plan:​ AWS-SAA, OSCP, CISM
    Book/CBT/Study Material:​ Max Power
  • CyberscumCyberscum Member Posts: 795 ■■■■■□□□□□
    TechGuru80 wrote: »
    Heaven forbid that an employer look for a way to determine baseline knowledge. That's like saying you shouldn't have to take the ACT / SAT to get into college.

    As I stated before, "that an employer would use THIS cert as a baseline for adv pen/security folks."

    I commend EC on their marketing campaign in establishing the cert. Other than that, they provide nothing compared to other certs available.

    Standardized testing is a dumb ass idea in the first place. It proves nothing and if you understand test taking methodology you can literally pass any standardized test with little to no effort.
  • IronmanXIronmanX Member Posts: 323 ■■■□□□□□□□
    Cyberscum wrote: »
    That an employer/HR would use this cert as a baseline to get operational or advanced pen testers/security employees.

    Does this have anything to do with DoD work?
    I've mentioned before companies doing the whole well if the DoD requires it we should require it too.
  • BillV_BillV_ Member Posts: 114 ■□□□□□□□□□
    Cyberscum wrote: »
    As I stated before, "that an employer would use THIS cert as a baseline for adv pen/security folks." I commend EC on their marketing campaign in establishing the cert. Other than that, they provide nothing compared to other certs available. Standardized testing is a dumb ass idea in the first place. It proves nothing and if you understand test taking methodology you can literally pass any standardized test with little to no effort.
    Why the pressure from your employer? I would recommend you ask them to hold off, cite all of the issues and complaints here if you want, but try to convince them to allow it in Q1 of next year.
  • Mike7Mike7 Member Posts: 1,107 ■■■■□□□□□□
    It is now v9. I suggest you use the following materials
    1. Walker AIO
    2. Ethical Hacking and Countermeasures Course Outline | EC-Council
    3. Certified Ethical Hacker Assessment | EC-Council
    4. EC-Council CEH and CHFI Forums (but of course, :))
    AIO covers v8 material, so use the course outline as v9 supplement. The assessment will give you a good indication of the type of questions to expect. Your security experience, knowledge of current security news and CISSP should cover any "new" questions in the exam. In short, experience counts.
  • bigdogzbigdogz Member Posts: 881 ■■■■■■■■□□
    Cyberscum,

    Is there any way that you can talk to management to discuss other certs such as SAN's GPEN, or is the "Ethical Hacker" terminology part of the whole issue? I think if you present some info on SANS courses, or other certs and their accreditation, in a professional manner this may help you make a point to add another cert as a substitute.

    Good Luck !!!
  • OctalDumpOctalDump Member Posts: 1,722
    bigdogz wrote: »
    Cyberscum,

    Is there any way that you can talk to management to discuss other certs such as SAN's GPEN, or is the "Ethical Hacker" terminology part of the whole issue? I think if you present some info on SANS courses, or other certs and their accreditation, in a professional manner this may help you make a point to add another cert as a substitute.

    How well do you think the GPEN course from SANS would prepare you for the CEH exam? Because maybe "both" is a good answer.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • BillV_BillV_ Member Posts: 114 ■□□□□□□□□□
    OctalDump wrote: »
    How well do you think the GPEN course from SANS would prepare you for the CEH exam? Because maybe "both" is a good answer.
    Eh, Somewhat. CEH is not supposed to be equivalent to GPEN. They are very different. GPEN has many more similarities to ECSA/LPT than it does CEH. That's not to say that you couldn't take the GPEN course and apply some of that to CEH, but you'll be missing out on a lot of other "fundamental" concepts (i.e., GPEN is more advanced).
  • BillV_BillV_ Member Posts: 114 ■□□□□□□□□□
    Sch1sm wrote: »
    The only courseware specifically for v9 is the EC-Councils own which costs $885. https://store.eccouncil.org/product/cehv9-courseware-im People on here keep saying the exam isn't based on any material. If that is the case it's strange that the EC-Council are selling a bunch of unrelated books. I would try and delay your deadline for a few months until other material comes out. If you have no other option I'd say your best chance would be to memorise the AIO book as best as possible and look up some of the new v9 material online and hope the stuff you read covers what the questions will.
    The exam isn't based on material. It's based on a Job Task Analysis (JTA) and includes psychometric testing evaluations, standard settings, and other required processes. https://en.wikipedia.org/wiki/Job_analysis How to Succeed at Psychometric Tests: 10 Steps (with Pictures) https://en.wikipedia.org/wiki/Standard-setting_study So yes, the books are related. The exam just isn't developed from them.
  • IronmanXIronmanX Member Posts: 323 ■■■□□□□□□□
    BillV_ wrote: »
    CEH is not supposed to be equivalent to GPEN. They are very different. GPEN has many more similarities to ECSA/LPT than it does CEH. That's not to say that you couldn't take the GPEN course and apply some of that to CEH, but you'll be missing out on a lot of other "fundamental" concepts (i.e., GPEN is more advanced).

    Can you elaborate?

    The objectives seem very similar to me:
    GIAC GPEN Certification | Network Penetration Testing Certification
    Ethical Hacking and Countermeasures Course Outline | EC-Council

    I'm aware you work/volunteer at EC Council, so it is not like i'm trying to convince you of one being better. I am just genuinely interested on what your(or others) thought process is on this.
  • BillV_BillV_ Member Posts: 114 ■□□□□□□□□□
    IronmanX wrote: »
    Can you elaborate? The objectives seem very similar to me: GIAC GPEN Certification | Network Penetration Testing Certification Ethical Hacking and Countermeasures Course Outline | EC-Council I'm aware you work/volunteer at EC Council, so it is not like i'm trying to convince you of one being better. I am just genuinely interested on what your(or others) thought process is on this.
    The CEH was built differently from the GPEN. The GPEN is focused specifically on network penetration testing. And it does a good job on this but doesn't go beyond that scope. The CEH is a much broader course with coverage on a lot of different topics. It is more ethical hacking fundamentals across a wide spectrum, whereas GPEN is a bit deeper and narrower in scope. I did the CEH/ECSA/LPT before doing the GPEN back when it was released and, at least at that time, it seemed more comparable to ECSA/LPT. I suspect it's still the same unless something has changed.
  • OctalDumpOctalDump Member Posts: 1,722
    BillV_ wrote: »
    The CEH was built differently from the GPEN. The GPEN is focused specifically on network penetration testing. And it does a good job on this but doesn't go beyond that scope. The CEH is a much broader course with coverage on a lot of different topics. It is more ethical hacking fundamentals across a wide spectrum, whereas GPEN is a bit deeper and narrower in scope. I did the CEH/ECSA/LPT before doing the GPEN back when it was released and, at least at that time, it seemed more comparable to ECSA/LPT. I suspect it's still the same unless something has changed.

    Yeah, that's almost the impression I got reading the info on their sites and what people were saying about. It is interesting that you say GPEN is narrower in scope, seems like CEH might be a useful prequel to GPEN (or at least reading the CEH books).
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • renacidorenacido Member Posts: 387 ■■■■□□□□□□
    Cyberscum wrote: »
    As I stated before, "that an employer would use THIS cert as a baseline for adv pen/security folks."

    I commend EC on their marketing campaign in establishing the cert. Other than that, they provide nothing compared to other certs available.

    Standardized testing is a dumb ass idea in the first place. It proves nothing and if you understand test taking methodology you can literally pass any standardized test with little to no effort.

    First, I agree that a "baseline cert" is trumped by relevant experience backed up by references. If you're a mid-career or senior infosec guy your boss shouldn't need you to pass CEH just to reassure himself that he hired the right person for the job, that is stupid. However, depending on where you work there are scenarios where even a senior pentest/security dude may be asked to knock out a CEH for a reason that's not totally stupid.

    I could see it being important if you work as a consultant, it would help in marketing your services since it's a very well-known cert and much more obvious as to what it's for to a layman than OSCP. It's also way cheaper and more well-known than GPEN. And if you aren't going to be doing external pentesting as a consultant, say you are more of an analyst, engineer, architect, etc, than a pentester, then OSCP is more advanced than what should be considered a "baseline" cert for your role. Other than that though, I'd agree that making you get CEH at this point is kinda stupid. But there is a silver lining.

    FWIW, having the CEH will make your resume pop up more often when recruiters look for infosec guys. Just like CISSP, which is the only reason I have either of them. Consider it search engine optimization for your resume. Having those letters in your Linkedin profile opens more doors, though experience trumps any cert when it comes to actually getting a job.

    Second, there is relevant knowledge in the scope of CEH, be it in the EC Council curriculum or other study guides that is helpful for non-pentesters and pentesters alike. But like anything, you get what you give. If you just study enough to pass the test, you won't get much out of it. If you dig into the material and do some good labbing (get updated versions of the tools to make it more relevant), you will end up with a better understanding of common attack methods and vectors, as well as a better understanding of an attacker's mindset. This is very useful to anyone in infosec.

    My two cents.
  • CyberscumCyberscum Member Posts: 795 ■■■■■□□□□□
    The reason the head wants to have the cert is that he wants to be part of the "new industry standard."

    We work alongside a contracting agency that requires that all security personnel have CEH at a min so he wants to follow suite.

    I actually agree with you though that you get what you put in. Interesting perspective and it actually helps me digest obtaining the cert.
  • CyberscumCyberscum Member Posts: 795 ■■■■■□□□□□
    Mike7 wrote: »
    It is now v9. I suggest you use the following materials
    Certified Ethical Hacker Assessment | EC-Council

    I took the test and got a 60% with no study thus far. I guess I am not such a bad ass hahah.
  • ITforyearsITforyears Member Posts: 35 ■■□□□□□□□□
    I studied on v7 and v8 modules and my government voucher was for v8, so I was surprised by many version9 questions and material. But if you have a good foundation and knowledge on IT security, you can still pass the exam.
  • ITforyearsITforyears Member Posts: 35 ■■□□□□□□□□
    OctalDump wrote: »
    Yeah, that's almost the impression I got reading the info on their sites and what people were saying about. It is interesting that you say GPEN is narrower in scope, seems like CEH might be a useful prequel to GPEN (or at least reading the CEH books).

    It is interesting that you wrote that. I think my GPEN training and knowledge helped me alot in passing CEH. Its funny that CEH is more of an 8570 requirement for pen testing than having the GPEN.
  • E Double UE Double U Member Posts: 2,233 ■■■■■■■■■■
    Cyberscum wrote: »
    I took the test and got a 60% with no study thus far. I guess I am not such a bad ass hahah.

    I got 62% so I am 2% more badass than you lol.
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • TuningislifeTuningislife Member Posts: 49 ■■■□□□□□□□
    E Double U wrote: »
    I got 62% so I am 2% more badass than you lol.


    Holy Sh!tsnacks! I did better than expected on mine:

    Exceeds expectations! You scored 74%

    Last course I took was back in 2013.
    Completed: B.S. & M.S. in Cybersecurity, and MBA @ UMUC
Sign In or Register to comment.