Passed my CEH today
CuttlefishJones
Member Posts: 13 ■□□□□□□□□□
in CEH
Sat my CEH today and passed. Took ~50 minutes to do the exam. Nothing too strenuous in the questions apart from two left of field ones (XORing and HD failure rates).
Did 7 weeks of studying during office hours with the Study Guide and the AIO (v. Also used Skillset Pro but I wouldn't really recommend that.
On to the next one now! OSCP I think
Did 7 weeks of studying during office hours with the Study Guide and the AIO (v. Also used Skillset Pro but I wouldn't really recommend that.
On to the next one now! OSCP I think
Comments
-
E Double U Member Posts: 2,233 ■■■■■■■■■■Congratulations!Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
-
CuttlefishJones Member Posts: 13 ■□□□□□□□□□Thanks!
I thought I'd fill in the gaps and list the resources I used whilst I studied, hopefully they'll be useful for other people too!
Books:
Matt Walker AIO (for the version 8 - the latest edition wasn't available) - I'd recommend this as good reading and not just for the CEH
The official study guide - covers the topics but is light on content, obviously meant to be used in conjunction with the labs
(Be warned though - both these books contain errors!)
Metasploit - The penetration testers guide. Just a really handy book to have.
The NMAP manual - essential reading!
Network Warrior - Really in depth guide to networking and associated tech.
Web Resources:
SCADAhacker.com - absolutely stacks of useful documents here especially this!
phrack.org
Wikipedia - now that you can select sections and create your own books it's become a really useful resource for reference.
cybrary.it - ethical penetration testers, advanced penetration testing, cryptography - all good courses and free!
I also used Skillset but I can't really recommend that as it has just too many errors and is just not focused enough.
Toys:
Kali Linux VM with metasploitable and a couple of other VMs (Linux, windows, Honeypot) networked together for abuse.
I have to admit that I haven't come into this 'green' as it were. I've been coding for well over 20 years (I started with Z80asm when I was very young!) and have been doing computer 'security' (ahem), though primarily focused on server hardening, for the past decade or so. I just don't have any legitimate industry certificates to back it up, so the CEH was the first I needed to paint the colour of my hat white. So to speak... My academic background is very much computer centric with AI being my degree of choice. So I had some advantages to start.
As for anyone about to, or think of, taking the exam. DON'T PANIC! It's a lot of material to cover and it is pretty dense. You do need a thorough understanding of the technology you'll be using. If you don't then it's easy to be caught off guard by the wording of a question more than anything else. Focus on the OSI model, what constitues a packet (TCP, IP, Ethernet etc) how it all links together. Learn NMap. Learn your OS'es (I'm primarily a Linux guy so windows was always a vague annoyance I've had to wrap my head around!)
And have fun, this is the wild west of the tech industry. Everyday new protocols, tech, and ideas come into to play. It's a rich and fertile playground with plenty of rewards for those that want to join in. -
whoknew Member Posts: 49 ■■■□□□□□□□CuttlefishJones wrote: »Sat my CEH today and passed. Took ~50 minutes to do the exam. Nothing too strenuous in the questions apart from two left of field ones (XORing and HD failure rates).
Did 7 weeks of studying during office hours with the Study Guide and the AIO (v. Also used Skillset Pro but I wouldn't really recommend that.
On to the next one now! OSCP I think
First off, congrats & well done on becoming a CEH. Secondly, a quick comment on that "Hard Drive Failure Rates" question. That question, in reality, has nothing, nada, zilch to do with hard drive failures. That type of question is straight outta the CISSP & is actually a risk analysis question. The organizational Asset in question could be a warehouse, a delivery vehicle, a piece of manufacturing hardware, etc. What the exam is seeking to discover if you know the default equation for risk analysis costing which is:
ALE = AV * ARO * EF where ALE = Annualized Loss Expectancy, AV = Asset Value, ARO = Annual Rate of Occurrences & EF = Exposure Factor
and as an the Single Loss Expectancy or SLE = AV * EF, you may see this equation expressed as ALE = ARO * SLE. SSDD really.
Had more than a few of these types of questions on the CISSP."I got a BAD feeling about this..."
What's Next: CISM, CompTIA CySA+ & PenTest+, OSCP, CCNP Security, GSEC, GPEN -
greg9891 Member Posts: 1,189 ■■■■■■■□□□Congrats!:
Upcoming Certs: VCA-DCV 7.0, VCP-DCV 7.0, Oracle Database 1Z0-071, PMP, Server +, CCNP
Proverbs 6:6-11Go to the ant, you sluggard! Consider her ways and be wise, Which, having no captain, Overseer or ruler, Provides her supplies in the summer, And gathers her food in the harvest. How long will you slumber, O sluggard?
When will you rise from your sleep? A little sleep, a little slumber, A little folding of the hands to sleep, So shall your poverty come on you like a prowler And your need like an armed man. -
winona_ryder Member Posts: 42 ■□□□□□□□□□Congratulations, Nice first step. Don't lose the motivation
-
CuttlefishJones Member Posts: 13 ■□□□□□□□□□There were no simulations in the exam, it was just multiple choice. But the answers were well structure in that you had to think about them; there were no obvious incorrect ones. It was the full 125 questions. It really didn't seem like that many when I was doing the exam though.
I got an email after the exam calling me in for a CRA! I get the feeling I should have taken longer over the questions, I think I finished far too quickly and triggered some alarm bells! No problems though I've got the cert now without any hassles