CEH exam cost doubt

Offtopic

Am I correct in understanding that in order to write ceh exam i need to
1. Spend $850 USD plus pay fee for course to an approved institute? So total will be more than 2k
2. Prove that i have more than 2 years experience by paying $100 to EC council and then pay another $500/$600 for wxam to EC / pearson vue
Can someone please clarify?

LaSeeno

You are correct, unfortunately. I already paid my $100, not too happy to drop another $650 for the exam in a few weeks.

Moldygr33nb3an

Offtopic wrote: »

Am I correct in understanding that in order to write ceh exam i need to
1. Spend $850 USD plus pay fee for course to an approved institute? So total will be more than 2k
2. Prove that i have more than 2 years experience by paying $100 to EC council and then pay another $500/$600 for wxam to EC / pearson vue
Can someone please clarify?

Yes, the CEH is really expensive.

Mike7

Offtopic wrote: »

Can someone please clarify?

The options are listed on https://cert.eccouncil.org/application-process-eligibility.html#ceh

DatabaseHead

A lot of security jobs either require or prefer the candidate possess that certification. Second only to the CISSP.

IMO I would forget Security + and those others and just get the CEH until you had the experience for the CISSP. Just saying...

ethical-hacker-73

I passed the CEH v9 today.

My suggestions.

Understand the following:

firewalking
nmap -A and -O commands
when to use hping
when a Microsoft O/S will not respond to ICMP
LM vs NTLM
password salting
Rainbow attacks
RC4, AES, PKI
process to encrypt message
use of hashes for integrity
written auth for pen testing
understanding impact of Heartbleed and ShellShock (Bashshells and O/S impacted)
few questions on IPSec (know what layer of OSI)
some interesting router protocol questions on OSPF
of course a subnet mask question
a IP4 vs IP6 question
know when to use HIPAA
some WireShark filter commands (4 or 5 of those)
know TCP three-way hand shake
a few IPS vs IDS and stateful firewall questions
MAC flooding and CAM buffer overflow
know asymmetric vs symmetric advantages

Offtopic

I am not sure why CEH is considered one of three Elites. When i searched for jobs requiring cissp, there were 222 job postings. Cisa resulted in 172 jobs.ceh? Only 26.

TechGuru80

If you have two years experience, you can pay the $100 fee plus the exam fee and be good to go...you don't have to buy the official courseware if you want to use books like Matt Walker's AIO. If you don't have the two years experience it will be drastically more expensive.

ethical-hacker-73

About the test:

There will be three or four questions that you have to allow for cultural differences, as if the test was translated from Spanish to English.

Like: If the car is speeding then the police will be told as soon as the driver understands.

Also, be prepared for smashed up NMAP results in a horizontal line, like:

Host is up. Not shown 979 ports. 21/tcp open, 22/tcp open, etc.

I think Youtube videos are better than the books.

yoba222

Offtopic wrote: »

I am not sure why CEH is considered one of three Elites. When i searched for jobs requiring cissp, there were 222 job postings. Cisa resulted in 172 jobs.ceh? Only 26.

CEH is certainly not. It was a joke. There was a job posting where some clueless HR monkey considered the CEH on equal footing with certs requiring much more time and effort to achieve. It was sarcasm.

TechGromit

ethical-hacker-73 wrote: »

I passed the CEH v9 today.

My suggestions.

Understand the following:

Except for the questions about HIPPA and OSCP all of the materiel looks like stuff I learned taking the GSEC. I always thought the CEH was a pentest related certification, it looks more like a basic foundational cyber security cert, like Security+ / GSEC to me.

cyberguypr

First rule of Infosec: the terms 'CEH' and 'elite' should never be within 500 yards of each other.

impelse

This would be eternal discussion, really the CEH is general knowledge for penetration testing and allow you pass the HR or recruiter filter. For real pentest is worthless.

coffeeisgood

Offtopic wrote: »

I am not sure why CEH is considered one of three Elites. When i searched for jobs requiring cissp, there were 222 job postings. Cisa resulted in 172 jobs.ceh? Only 26.

As I spend more & more time studying for the CEH, I am learning some good tools, tricks & information to reinforce what I already know. I actually really enjoy some of the material. As for it's actual professional value? There is some but overall I feel its a potential future HR check / filter. Some of my clients might be slightly impressed but if that was my only cert? I sure hope not. If my employer was not paying the cost of CEH exam w/ a little bump for me if I pass at the end, not sure I would spend my own coin.

I paid my own way for my CISSP & CISA... it was those certs that landed my interview for my job (cracked the HR barrier). I knew a little in the industry I was trying to crack into & had some experience, so it was that & my glorious personality landed my job today.

curious, where did you see CEH was one of the 3 elites? (CISSP, CISA &... ?)
as for value for jobs, I would lean on these a bit more... CISM, OSCP, PMP
(yes I know PMP isn't a "tech" cert but combined with other tech certs, it fits the conversation here)

OSCP might not have more # of job "postings" but I bet there are more actual jobs that would snatch you up faster vs just the CEH
that said, I'm curious of the number of OSCP's that also have their CEH. I bet it's pretty high.
The CEH seems like its like dipping your toes in the pool water to see if its too cold or hot. OSCP is jumping in the pool.

IronmanX

coffeeisgood wrote: »

curious, where did you see CEH was one of the 3 elites? (CISSP, CISA &... ?)

OSCP might not have more # of job "postings" but I bet there are more actual jobs that would snatch you up faster vs just the CEH
that said, I'm curious of the number of OSCP's that also have their CEH. I bet it's pretty high.
The CEH seems like its like dipping your toes in the pool water to see if its too cold or hot. OSCP is jumping in the pool.

If you search top certs CEH is always in there.
Not saying it should be but it is.

As far as job posting go I saw this recently:
[h=3]Job Board Search Results[/h]

[TH]Certification
[/TH]
[TH]SimplyHired
[/TH]
[TH="colspan: 2"]Indeed
[/TH]
[TH]LinkedIn Jobs
[/TH]
[TH="colspan: 2"]TechCareers
[/TH]
[TH]Total
[/TH]


[TH]CEH
[/TH]
1,977

2,184

1,427

257

5,845



[TH]CISM
[/TH]
3,286

3,585

2,337

10,629

19,837



[TH]CISSP
[/TH]
10,526

11,617

7,632

15,212

44,987



[TH]GSEC
[/TH]
1,317

1,477

954

128

3,876



[TH]Security+
[/TH]
3,038

3,396

1,275

1,431

9,140






I think OSCP fills a niche and its never really going to be a top cert. (Pen test niche)
Top for that niche sure but for general IT Security probably not.

bigdogz

The CEH is a good foundation for InfoSec. There are others which cost more but give you a better ROI.

Good Luck

beads

Two things made the CEH what it is today. First it was the first cert in the "pen testing" (a generous description of the coursework and exam itself); two, it was almost immediately adopted by the DoD as a second tier requirement. Through in the fact even a government employee can pass it and you've got the current situation.

Only to make it worse is the acceptance of WGU endorsing it as well. Really its all but frowned upon by many security people.

- b/eads

Dr. Fluxx

I posted on this briefly elsewhere on here, but i had ultimately decided against the CEH. The name itself being cringeworthy aside, I actually completed the Ver 8 study guide/questions and, in comparison to the OSCP, youll drown quickly if you tried to perform a pentest based on the CEH.


Practical skills are completely non-existent with this cert.
Its an HR cert pretty much. But the real question is, why dont i have it.


Well, Im paying out of pocket, so cost.

This cert, for what ive studied, and researched, others confirming my thoughts, is not worth what you pay at all.
So i decided to get the OSCP for, which im preparing for as that will be money well spent and ill have an extremely solid foundation thats not based on general, loose theory.

Remedymp

Dr. Fluxx wrote: »

I posted on this briefly elsewhere on here, but i had ultimately decided against the CEH. The name itself being cringeworthy aside, I actually completed the Ver 8 study guide/questions and, in comparison to the OSCP, youll drown quickly if you tried to perform a pentest based on the CEH.


Practical skills are completely non-existent with this cert.
Its an HR cert pretty much. But the real question is, why dont i have it.


Well, Im paying out of pocket, so cost.

This cert, for what ive studied, and researched, others confirming my thoughts, is not worth what you pay at all.
So i decided to get the OSCP for, which im preparing for as that will be money well spent and ill have an extremely solid foundation thats not based on general, loose theory.

Based on your post: I have now decided against taking this exam. Thanks.

OctalDump

I don't know what it costs. I had the exam paid for as part of a Master's course I did (it was a "bonus" if you passed the subject, you got a voucher for this exam). So it was good value for me

I do still see it listed in the same breath as CISSP and GIAC certs. But it definitely is entry level penetration testing, with some use for incident handling. Sort of what Net+ is to Cisco CCNA/CCNP/CCIE. If you really want to get into pen testing, then as part of your track I'd suggest elearnsecurity's Junior Pen Test cert, and eventually OSCP. Even then, that's just to orient yourself, in much the same way as a CCNA R+S isn't really going to put you in the position of designing complex, multi-campus networks, or the MCSA for engineering an Enterprise Windows environment. It's necessary knowledge, but not sufficient.

The other certs in pentesting that have some visibility are OSCP and GIAC's GPEN and GCIH. Those are also not cheap, and OSCP has a higher barrier to entry. CREST also has some recognition is some markets (UK and Australia, perhaps others). And most people hiring pen testers put a low priority on certification, relative to say networking. They are much more interested in other proof of competence such as capture the flag, genuine interest in the area, and ability. You are more likely to have an interview that asks about your home lab, what tools you like, what you've done, how you might approach a problem, than about how well you did on the OSCP.

So, with CEH you get the name, and you get some basics in the field of pentesting. What that is worth to you only you can answer.

McxRisley

In addition to what OctalDump said about the interviews, You can expect to have questions over several different scenarios and what your methodology for that scenario would be as well as syntax for several different tools. This is one apect where the OSCP shines, If you have done most of the labs and passed the exam you should have your methodology for different scenarios down pact at this point. You will leave the course with an entirely different mindset and thought process when it is all said and done(at least I did).

bjpeter

CEH costs just as much as a wedding dress if you decide to buy the iLearn package! Haha!

OctalDump

bjpeter wrote: »

CEH costs just as much as a wedding dress if you decide to buy the iLearn package! Haha!

"Darling, we can get married, or I can get certified. It's a tough choice, I know, but..."

SteveLavoie

I think this exam is too expensive... I would have done it but seriously it is more expensive then CISSP. As I am Canadian, I had to factor a 30% more due to exchange rate.. it's almost 1000$ CAN!.

So my infosec cert track is: SSCP --> CISSP --> OSCP

I know I can get CEH with a few week of reading, but not at this price. If I got a beta exam promo or a promo in the 300$USD, I would do it

Dr. Fluxx

NP.

I just felt I get more bang for my buck.

The CEH around the same price of the CISSP if im not mistaken and thats just insane.

bjpeter

OctalDump wrote: »

"Darling, we can get married, or I can get certified. It's a tough choice, I know, but..."

"...I know what I want, and I want to get certified."

bamahonky

I was lucky to have my employer to pay for the application fee and the exam fee. For me, it was a fun exam to study. If you can get your employer to pay for it, go for it.

redworld

bamahonky wrote: »

I was lucky to have my employer to pay for the application fee and the exam fee. For me, it was a fun exam to study. If you can get your employer to pay for it, go for it.

Basically. It's a relatively easy test and ultimately doesn't prove much other than book knowledge of attacks, tools, and some basic networking.

I wouldn't have paid $800 out of pocket for mine but if you can get your employer to foot the bill, it's a no-brainer for the HR filter.

e: Or if you want to work network defense in compliance with 8570, then totally worth it.

IronmanX

What redworld said^

I thought the course was fun. I had mine paid for by the company.

I didn't think the test was that easy.
I thought it covered a wide area of subject matter and the questions where not well written.

Dr. Fluxx

Ive heard alot of people say the exam was not well written. I just dont understand of all the exams that prove ones skill, the DoD chose a sketchy one like the CEH as a requirement.