Passed my CEH today

Sat my CEH today and passed. Took ~50 minutes to do the exam. Nothing too strenuous in the questions apart from two left of field ones (XORing and HD failure rates).

Did 7 weeks of studying during office hours with the Study Guide and the AIO (v

. Also used Skillset Pro but I wouldn't really recommend that.

On to the next one now! OSCP I think

Find more posts tagged with

Comments

E Double U

Congratulations!

636-555-3226

congraz l33t hax0r, now go forth and pillage the earth!

DAVIS NGUYEN

Congrats!

CuttlefishJones

Thanks!

I thought I'd fill in the gaps and list the resources I used whilst I studied, hopefully they'll be useful for other people too!

Books:
Matt Walker AIO (for the version 8 - the latest edition wasn't available) - I'd recommend this as good reading and not just for the CEH
The official study guide - covers the topics but is light on content, obviously meant to be used in conjunction with the labs
(Be warned though - both these books contain errors!)
Metasploit - The penetration testers guide. Just a really handy book to have.
The NMAP manual - essential reading!
Network Warrior - Really in depth guide to networking and associated tech.

Web Resources:
SCADAhacker.com - absolutely stacks of useful documents here especially this!
phrack.org
Wikipedia - now that you can select sections and create your own books it's become a really useful resource for reference.
cybrary.it - ethical penetration testers, advanced penetration testing, cryptography - all good courses and free!

I also used Skillset but I can't really recommend that as it has just too many errors and is just not focused enough.

Toys:
Kali Linux VM with metasploitable and a couple of other VMs (Linux, windows, Honeypot) networked together for abuse.

I have to admit that I haven't come into this 'green' as it were. I've been coding for well over 20 years (I started with Z80asm when I was very young!) and have been doing computer 'security' (ahem), though primarily focused on server hardening, for the past decade or so. I just don't have any legitimate industry certificates to back it up, so the CEH was the first I needed to paint the colour of my hat white. So to speak... My academic background is very much computer centric with AI being my degree of choice. So I had some advantages to start.

As for anyone about to, or think of, taking the exam. DON'T PANIC! It's a lot of material to cover and it is pretty dense. You do need a thorough understanding of the technology you'll be using. If you don't then it's easy to be caught off guard by the wording of a question more than anything else. Focus on the OSI model, what constitues a packet (TCP, IP, Ethernet etc) how it all links together. Learn NMap. Learn your OS'es (I'm primarily a Linux guy so windows was always a vague annoyance I've had to wrap my head around!)

And have fun, this is the wild west of the tech industry. Everyday new protocols, tech, and ideas come into to play. It's a rich and fertile playground with plenty of rewards for those that want to join in.

bamahonky

Congrats

whoknew

CuttlefishJones wrote: »

Sat my CEH today and passed. Took ~50 minutes to do the exam. Nothing too strenuous in the questions apart from two left of field ones (XORing and HD failure rates).

Did 7 weeks of studying during office hours with the Study Guide and the AIO (v. Also used Skillset Pro but I wouldn't really recommend that.

On to the next one now! OSCP I think

First off, congrats & well done on becoming a CEH. Secondly, a quick comment on that "Hard Drive Failure Rates" question. That question, in reality, has nothing, nada, zilch to do with hard drive failures. That type of question is straight outta the CISSP & is actually a risk analysis question. The organizational Asset in question could be a warehouse, a delivery vehicle, a piece of manufacturing hardware, etc. What the exam is seeking to discover if you know the default equation for risk analysis costing which is:

ALE = AV * ARO * EF where ALE = Annualized Loss Expectancy, AV = Asset Value, ARO = Annual Rate of Occurrences & EF = Exposure Factor

and as an the Single Loss Expectancy or SLE = AV * EF, you may see this equation expressed as ALE = ARO * SLE. SSDD really.

Had more than a few of these types of questions on the CISSP.

greg9891

Congrats!

winona_ryder

Congratulations, Nice first step. Don't lose the motivation

CuttlefishJones

There were no simulations in the exam, it was just multiple choice. But the answers were well structure in that you had to think about them; there were no obvious incorrect ones. It was the full 125 questions. It really didn't seem like that many when I was doing the exam though.

I got an email after the exam calling me in for a CRA! I get the feeling I should have taken longer over the questions, I think I finished far too quickly and triggered some alarm bells! No problems though I've got the cert now without any hassles

horusthesun

congrats !!!