Just passed my CEH =)
ChaseBenfield
Member Posts: 13 ■□□□□□□□□□
in CEH
Hey all,
I just passed my CEH exam a few days ago at Pearson VUE and thought I might be able to save others studying a ton of time.
What I studied:
I took the initiative to set up a hack lab on Windows 7 Ultimate with Kali Linux, Windows 8, Windows Server 2008, and Windows Server 2012 Virtual Box VM's. With these I went through all labs provided in paper version and aspen pdf version lab manuals (more in pdf and the pdf books actually have pages of text to accompany slides in paper back version). I also played with all the tools provided not covered in the lab manuals.
What WAS NOT on the Exam:
Honestly the whole experience was really fun for me. I can't wait to dive deeper. I am studying for the CHFI now and will schedule that within the month. Not as hyped up for CHFI because the course material isn't very technical. I would prefer to move onto the Penetration Testing with Kali certification, but unfortunately I am under a scholarship atm and don't have the cash on hand to invest in that.
I just passed my CEH exam a few days ago at Pearson VUE and thought I might be able to save others studying a ton of time.
What I studied:
- Official CEH books (Volume 1, Volume 2, Lab Manuals, and Aspen pdf versions)
- Matt Walker AIO exam guide
- Sybex
- Boson
I took the initiative to set up a hack lab on Windows 7 Ultimate with Kali Linux, Windows 8, Windows Server 2008, and Windows Server 2012 Virtual Box VM's. With these I went through all labs provided in paper version and aspen pdf version lab manuals (more in pdf and the pdf books actually have pages of text to accompany slides in paper back version). I also played with all the tools provided not covered in the lab manuals.
What WAS NOT on the Exam:
- ANYTHING FROM MATT WALKER AIO EXAM
- ANYTHING FROM SYBEX Other than information you may need if you don't know basic networking and the like.
- ANYTHING FROM BOSON I learned a ton of information since I studied all rights wrong answers and scored 100% just didn't help for the exam.
- TOOLS, TOOLS, TOOLS from lab manuals. Many with specific questions on the operation of tools, and syntax of command based tools.
- QUESTIONS ON RECENT EXPLOITS WITHIN THE LAST FEW YEARS FUNNY CONSIDERING OFFICIAL MATERIAL WAS COPYRIGHTED IN 2011
- SCENARIO QUESTIONS BASED OFF CONCEPTS FROM OFFICIAL MATERIALS Basically know how attacks work along with respective ports, protocols, architecture, victims/attacker relationships, and OSI layers. If you know this and can visually recall the processes in the slides you are good.
Honestly the whole experience was really fun for me. I can't wait to dive deeper. I am studying for the CHFI now and will schedule that within the month. Not as hyped up for CHFI because the course material isn't very technical. I would prefer to move onto the Penetration Testing with Kali certification, but unfortunately I am under a scholarship atm and don't have the cash on hand to invest in that.
Comments
I did the 'v8' (I think, it was close to the change over), and found that there was stuff in the Boson that wasn't in the AIO that was tested, so I'm not sure that the AIO was ever completely complete.
PS
Congrats on the pass.
I'm studying for CEH too at the moment. A little overwhelmed with all the tools to be honest. Without violating the NDA, would you mind sharing what's the breakdown percentage in terms of tools and their syntax, exploits, and theories?
I read that this version had like Risk Management, ALE/SLE, HIPAA, Threat Modeling, Incident Management, etc. Did you see those on the exam?
Thanks again Chase, and congratulations on the pass. Awesome job!
Please forget v8. It is v9 already. No matter what voucher you have. AIO book is too simple for the exam.
What you should expect.
1. Review the exam outline,
Certified Ethical Hacker Exam Information
Tools/systems/programs are 32% (40 Questions)
2. Review the course outline,
http://www.eccouncil.org/Certification/professional-series/ceh-course-outline
Find and understand what are the possible tools and threat of each topic
Could you share if you saw questions like Risk Management, Threat Modelling, HIPAA/SOX/ISO, ALE/SLE calculations and the works?
How about scenario based questions? Would they revolve around theory or how the exploitation would work?
Thanks!
Risk Management, Threat Modelling, HIPAA/SOX/ISO, ALE/SLE calculations (Yes)
Scenario based questions (Both)
Transmosis | http://transmosis.com | LinkedIn | https://linkedin.com/in/t1mku
If evil be spoken of you and it be true, correct yourself, if it be a lie, laugh at it. - Epictetus
The only real failure in life is not to be true to the best one knows. - Buddha
If you are not willing to learn, no one can help you. If you are determined to learn, no one can stop you. - Unknown
Hey,
Honestly I am not 100% sure of the specifics for Risk Management, ALE/SLE, HIPAA, Threat Modeling, Incident Management, but that rings a bell. I am very familiar with all of that information from a combination of experience, my undergraduate/graduate degrees, and studying for my PMP. I generally just thank my lucky stars for those questions and move on to the next one without much thought. I can say that nothing from those knowledge areas was deep in the weeds, but that could be due to my previous exposure.
Considering tools, my only advice is to get hands on in a lab and keep logs analyzing you're approach and results. There was a wide range on the exam.
https://cert.eccouncil.org/images/doc/CEH-Exam-Blueprint-v2.0.pdf
Just passed my CEH today. Took me 45 minutes to pass with 80+ percent score. In fact it wasn't that bad as many people here whined. I do have some experience in the field of security (thouh I'm not a pen-tester) and that surely helped.
Most of the questions I've seen already on different testing sites (skillset, sample CEH tests around the Internet) in slightly different wordings. Either way the questions are pretty simple if you understand the topic and not trying to memorize the exam ****.
I believe the question set was of an updated version, as i've seen several questions on year 2014's exploits.
yes, there were couple of questions related to the ALE, HIPAA and other weird looking acronyms, but guys, seriously, it is not a rocket science and if you are able to multiply couple of numbers and understand what the word 'annual' means - these won't surprise you.
The exam definitely needs prior knowledge. Just remember, that it is an exam to test your security expertise, which, for the notice, is very valuable in the world. Don't expect an easy ride as you have to know how systems work beforehand and memorizing everything just won't work.
What i've used in my study was Matt Walkers second edition book and ECCouncil's study outline. What I'd done - read both, googled everything, that was unknown or unclear for me and wrote down for my further reference. Also I've played around with the mentioned tools. The same applied to the newly added material - mobile threats, cloud computing and so on.
On the other hand there were several errors in wording, mistypings and unclear questions. I believe it is what had cut my score by 14 percent.
So as the final word - don't be afraid and dig deep to find your answers and good luck on the exam.
It is your personal IPS to stop the attack.