CEH Pass 12/11/2016

dayglo

The other threads here and on Reddit were spot-on concerning what to study for. Here are my additional thoughts:
- I'm the kind of person who overthinks, so I decided to decide on an answer and not go back and change it.
- One question on ALE, one on hping, one on netcat, one on shellshock, one on Heartbleed. Surprisingly none on the cloud.
- The practice tests on Gratis, skillset, etc were very useful in that I knew that I mastered knowledge of a subject when I knew the answer BEFORE reading the choices, or when I said to myself, "their answer is wrong"
- I paid for the ec-council training (my job reinbursed me). I listened to the iClass training to and from work, and during lunch (3 hours a day). The transcender tests were definitely helpful. Knowing that I had a free retest if I failed also was good to know.
- udemy had a nice "CEH boot camp" video which was on sale for $10. Very much worth it at that price, for the practice questions alone. Again, I listened every day to and from work. Modifying the playback speed enabled me to listen to it two or three times without my my wondering.
- of course, don't forget the cybrary CEH video. a bit outdated, but still extremely useful.

Good Luck!

xxxkaliboyxxx

Congrats, Did you do any reading material besides practice test?

[Deleted User]

Congrats!!! What's next on your journey?

dayglo

I only used reading materials for the sample questions at the end of each chapter. I found that I work best by watching and listening to videos. But to each his own...

dayglo

kMastaFlash wrote: »

Congrats!!! What's next on your journey?

I'm over 50, and realized that I'm competing with kids who are right out of school with a variety of certifications and my years of experience no longer gets me in the door.

So, I've been on a certification run for the last two years, picking up the AWS Certified Architect/Developer/Sysops "Trifecta" and CISM in addition to the CEH.

The biggest difference for me was not listening to music or the sports station during my commute, or relaxing at lunch, but instead use cybrary, podcasts and Udemy each day. And by varying speeds, I was able to listen to each video several times without it sounding exactly the same That meant an extra three hours each day of study time for me in addition to whatever I could do after work. I just wish I did this sooner.

I haven't decided yet if I should do the CISSP or the just-announced Amazon Security exam. Or hopefully both next year I have a 15 year-old at home, so I know I'm not going to retire anytime soon and need to stay relevant in the security field.

xxxkaliboyxxx

This is awesome, congrats once again! BTW in my small job hunt experience, I have noticed any good company would gladly take someone with experience over certification straight out of school.

dayglo

xxxkaliboyxxx wrote: »

This is awesome, congrats once again! BTW in my small job hunt experience, I have noticed any good company would gladly take someone with experience over certification straight out of school.

That's IF you make it past the HR filter....

xxxkaliboyxxx

dayglo wrote: »

That's IF you make it past the HR filter....

To put it in prospective, I have no degree or certs, just 8 years of "experience". I have interviewed F2F with Google and verzion at the engineer level. I made it pass the filters just fine. To make it clear, I got beaten out at the final interview by someone I can only assume is superhuman lol, jk. I also got accepted into two other government jobs with my same credentials GS9 level.

Mike7

dayglo wrote: »

- One question on ALE, one on hping, one on netcat, one on shellshock, one on Heartbleed. Surprisingly none on the cloud.

During my ECSA course, the cloud penetration testing lab requires us to check for and exploit Heartbleed.

jazz_01

Congratulations!

E Double U

dayglo wrote: »

The biggest difference for me was not listening to music or the sports station during my commute, or relaxing at lunch,

I made the same adjustment and it has paid off. Congratulations!

DAVIS NGUYEN

Congrats!

xxxkaliboyxxx

update: I still haven't schedule my test, I'm slacking!!

ethical-hacker-73

I am over 50 as well.

I passed the CEH v9 today.

My suggestions.

Understand the following:

firewalking
nmap -A and -O commands
when to use hping
when a Microsoft O/S will not respond to ICMP
LM vs NTLM
password salting
Rainbow attacks
RC4, AES, PKI
process to encrypt message
use of hashes for integrity
written auth for pen testing
understanding impact of Heartbleed and ShellShock (Bashshells and O/S impacted)
few questions on IPSec (know what layer of OSI)
some interesting router protocol questions on OSPF
of course a subnet mask question
a IP4 vs IP6 question
know when to use HIPAA
some WireShark filter commands (4 or 5 of those)
know TCP three-way hand shake
a few IPS vs IDS and stateful firewall questions
MAC flooding and CAM buffer overflow
know asymmetric vs symmetric advantages

nithichris

Could you please let me know the podcasts you have used for CEH preparation

xxxkaliboyxxx

nithichris wrote: »

Could you please let me know the podcasts you have used for CEH preparation

Check out "Paul's Security Weekly", that is what I used.

Louie1277

Thank you for sharing this info. I know i'm up there on my age too but I'm looking to take this cert down the road in a couple months. Just need to find the right material, and really get into this. At the moment i'm working on getting my MCSA for work. once I'm done with that I will move toward this cert.

ethical-hacker-73 wrote: »

I am over 50 as well.

I passed the CEH v9 today.

My suggestions.

Understand the following:

firewalking
nmap -A and -O commands
when to use hping
when a Microsoft O/S will not respond to ICMP
LM vs NTLM
password salting
Rainbow attacks
RC4, AES, PKI
process to encrypt message
use of hashes for integrity
written auth for pen testing
understanding impact of Heartbleed and ShellShock (Bashshells and O/S impacted)
few questions on IPSec (know what layer of OSI)
some interesting router protocol questions on OSPF
of course a subnet mask question
a IP4 vs IP6 question
know when to use HIPAA
some WireShark filter commands (4 or 5 of those)
know TCP three-way hand shake
a few IPS vs IDS and stateful firewall questions
MAC flooding and CAM buffer overflow
know asymmetric vs symmetric advantages