Attaining CEH v9 in 2 months

Z0sickx

Hello all i need to study and get this cert in about 2 months, my background has been mostly technical for the last 5 years in CND field, I have basic understanding of the OSI and how things move through each layer of the OSI, and have used Nessus for many years, along with using Redhat for the past 4 years. So to give myself the best chance for success on my first try what do i need to do?

From what i have gathered:

-BOSON
-did you guys do the official training? or option 2 where you get supervisor sign off to buy the voucher? if $3,000 puts me on the best path for getting this quicker i am open to it..
-Ilabs
-CEH all in one book
-Skillset

With that all said, i need the community guidance on this. and if this is realistic

chrsnlde

I self-studied. You can pass this in under two months relying on Matt Walker's AIO if you supplement it with Boson or Skillset. The key is to read, do the chapter quizzes, and then do lots and lots of practice tests. Just don't do the same practice test over and over again. Get fresh questions so you aren't memorizing the answers. Ideally you should be doing a practice test of 200-500 questions, ever day, for two to three weeks. For topics that you struggle with, it helps to teach it to someone else. The way I like to do this is by pretending my boss emailed me asking me to explain the topic to a sales exec.

Z0sickx

I've been studying for about 3 weeks total reading the sybex book, looking to buy either Boson or skillset...which would give the most accurate representation of C|EH v9 test. overall i think this test is very straightforward just comes down to memorizing some key topics. Skillset has a sale at 50% off.. so i could buy both for $150

thoughts?

BuzzSaw

I think your approach sounds pretty solid given your background. To answer your question, I found Boson to be fairly accurate in terms of what the test is like. In fact there may be a few times the test was easier than Boson.

My my only suggestion to add would be the following:

1. Georgia Weidman's Advanced Pen Testing course on Cybrary (free)
2. Build a small lab. This will vary in cost or it could be done with some of the entry level free virtualization software.
3. Practice on some Vulhub machines, or other purposely vulnerable systems.

Z0sickx

BuzzSaw wrote: »

I think your approach sounds pretty solid given your background. To answer your question, I found Boson to be fairly accurate in terms of what the test is like. In fact there may be a few times the test was easier than Boson.

My my only suggestion to add would be the following:

1. Georgia Weidman's Advanced Pen Testing course on Cybrary (free)
2. Build a small lab. This will vary in cost or it could be done with some of the entry level free virtualization software.
3. Practice on some Vulhub machines, or other purposely vulnerable systems.

Thanks buzz i have KALI linux on a VM and a spare unpatched windows 7 Laptop i don't use anymore, i am in a bit of a bind i have about 3 weeks to left before i have to take my exam (oct 11 deadline) and i wanted a buffer just in case. so i'm looking to maximize my time and identify my weak spots. Also have the Sybex V9 test book (via safaritextbooks)

I think i will go ahead and purchase BOSON 15% discount to

Z0sickx

I must say the BOSON simulation test was...quite hard..i feel like **** now.. i feel reading the sybex book didn't even cover half the stuff i asked

BuzzSaw

Z0sickx wrote: »

I must say the BOSON simulation test was...quite hard..i feel like **** now.. i feel reading the sybex book didn't even cover half the stuff i asked

I can relate. I was in the exact same boat. I felt great about a week and a half before my test . . .bought the Boson sim and then felt terrible. But there is good news:

1. The Boson test (in my experience anyways) was a little harder than the real exam. I say a little on purpose.
2. The Boson engine gives GREAT references. In my experience, I took a note book and wrote EVERY wrong answer down. Followed the references listed, and tried to absorb as much as possible
3. You still have 3 weeks!

I think you got this. I think you have enough time to get comfortable.

My next suggestion would be to "save" one of the exam's in Boson. IIRC you have 2 or 3 mock exams. "Save" one of those. Study up, and take the last one maybe a week before. This will sort of give you a double blind approach if that makes sense.

BuzzSaw

Z0sickx wrote: »

I must say the BOSON simulation test was...quite hard..i feel like **** now.. i feel reading the sybex book didn't even cover half the stuff i asked

Also, meant to ask: What parts make you feel worse? Did you feel pretty good with the tools \ workflow \ technology aspects? How did you feel more about the compliance sections of the test?

I would say that if you nailed the tech portion and fell a little flat on the compliance section, then I can tell you that the Boson test had a little more compliance than the actual test does

Z0sickx

i'm using the SYBEX V9 test book (free as contractor). took one of the practice test and got about 24 questions wrong so thats around 80% pass rate. i am also using the CEH v8 test engine but its weighted differently then v9 so i get about 66-70% on that. At the top of my head I seem pretty bad at remembering the Different Malware/viruses/ and what each did what, along with the which tool is appropriate for each situation, also NetBios, SMB, and some of the stupid terminology. its all doable it just getting that material set in stone in my head


also are there any metasploit specific questions on the exam? all my practice test so far have no really had any..only see it as multiple choice question for something unrelated

also got the 7 day free trial for CBT nuggets so i'm going to watch those videos since that seems to help with my learning, and what helped me passing the CASP

Z0sickx

bump on metasploit knowledge needed for exam?

BuzzSaw

Z0sickx wrote: »

bump on metasploit knowledge needed for exam?

Not that I remember. Well not specific knowledge as in command. I do remember a couple that may have been questions about in general "Which tool would you use to do XYZ" ... And I think metaspolit may have been available as an answer a few times. So, general knowledge? yes. Expert level knowledge? no.

BuzzSaw

Z0sickx wrote: »

i'm using the SYBEX V9 test book (free as contractor). took one of the practice test and got about 24 questions wrong so thats around 80% pass rate. i am also using the CEH v8 test engine but its weighted differently then v9 so i get about 66-70% on that. At the top of my head I seem pretty bad at remembering the Different Malware/viruses/ and what each did what, along with the which tool is appropriate for each situation, also NetBios, SMB, and some of the stupid terminology. its all doable it just getting that material set in stone in my head


also are there any metasploit specific questions on the exam? all my practice test so far have no really had any..only see it as multiple choice question for something unrelated

also got the 7 day free trial for CBT nuggets so i'm going to watch those videos since that seems to help with my learning, and what helped me passing the CASP

Make sure you are taking notes, either on paper or an app like OneNote or something. In my experience writing notes helps concrete things in pretty well. I would just make sure you are being efficient with your studying and you'll get there.

When are you testing?

CuttlefishJones

I'm in a similar boat, only that I have a couple of weeks to get up to speed I'm using Skillset (really not worth the money, most of the questions seem to have been written by a dyslexic yoda), the official Sybex v9 study guide - covers all the topics but with almost zero depth, and the Matt Walker v8 study guide which is much, mucg more in depth than the official guide. There is a new version of the Matt Walker book coming out next week though that covers the v9. Which I am definitely going to get.

Also check out https://scadahacker.com/library/ as there is a huge amount of useful documentation here including a crib sheet for the CEH (it's old but still quite handy). I've also got Kali running in a VM and a stack of other VM (mix of linux, windows, metaspoitable, a honeypot) running to abuse at will. And also hit the wiki, you can create your own books from articles to create a study guid of your own. Something I am fidnig very useful. I've also signed up for Cybrary.it and am currently working through the Pentesting and Ethical Hacking course and the Advanced Penetration Course. Though there is loads of good stuff on there as well.

And yes, I'm not sleeping much at the moment (:

Z0sickx

BuzzSaw wrote: »

Make sure you are taking notes, either on paper or an app like OneNote or something. In my experience writing notes helps concrete things in pretty well. I would just make sure you are being efficient with your studying and you'll get there.

When are you testing?

I'm handwriting since that helped me with my CASP, i'm waiting for approval on my Application so as soon as i get that i can schedule it...target date is OCT 1

Z0sickx

CuttlefishJones wrote: »

I'm in a similar boat, only that I have a couple of weeks to get up to speed I'm using Skillset (really not worth the money, most of the questions seem to have been written by a dyslexic yoda), the official Sybex v9 study guide - covers all the topics but with almost zero depth, and the Matt Walker v8 study guide which is much, mucg more in depth than the official guide. There is a new version of the Matt Walker book coming out next week though that covers the v9. Which I am definitely going to get.

Also check out https://scadahacker.com/library/ as there is a huge amount of useful documentation here including a crib sheet for the CEH (it's old but still quite handy). I've also got Kali running in a VM and a stack of other VM (mix of linux, windows, metaspoitable, a honeypot) running to abuse at will. And also hit the wiki, you can create your own books from articles to create a study guid of your own. Something I am fidnig very useful. I've also signed up for Cybrary.it and am currently working through the Pentesting and Ethical Hacking course and the Advanced Penetration Course. Though there is loads of good stuff on there as well.

And yes, I'm not sleeping much at the moment (:

i started with cybrary course but the guy goes off lane and I feel it has no structure per se. I signed up for free 7 day trail with CBT nuggets and liked it alot better

using BOSON +PocketPrep+(might get cbt for 1 month just so i can use transcender)

BuzzSaw

You both should also check out Georgia Weidman's course on Cybrary - it is pretty Kali specific, but I think it is a good compliment with the CEH studies.

Z0sickx

BuzzSaw wrote: »

You both should also check out Georgia Weidman's course on Cybrary - it is pretty Kali specific, but I think it is a good compliment with the CEH studies.

reading Matt walkers newest book via SafariTextbooks...love the format much better then Sybex. i'm big on structured presentation and it just clicks the way he presents it

kalik

You can laugh at skillset questions and the workding - I agree it's ridiculous sometimes, but the fact is - some of those questions are identical to the exam questions (with the retarded wording as well). I've only done around 300 questions and I found at least 1 identical question on the exam.

All I did was 2 weeks of studying the official ECC CEHv9 documentation and doing those 300 questions on skillset - 2 weeks later I was CEH, so it really is enough.

CuttlefishJones

kalik wrote: »

You can laugh at skillset questions and the workding - I agree it's ridiculous sometimes, but the fact is - some of those questions are identical to the exam questions (with the retarded wording as well). I've only done around 300 questions and I found at least 1 identical question on the exam.

All I did was 2 weeks of studying the official ECC CEHv9 documentation and doing those 300 questions on skillset - 2 weeks later I was CEH, so it really is enough.

I have noticed that the EC-Council seem to have a few issues with grammer (sic). I was hoping that it wouldn't be the case as crazy worded questions are the thing I find hardest in exams ><