Question Regarding CEH

I was just wandering, you guys that have passed the CEH exam, are you guys programmer, network administrator, network security, what are you mostly? I was just wandering because I dont know any programming and I wanted to know if you needed to know programming to understand the exam.

Find more posts tagged with

Comments

philbm900

Any respond, any info?

Just want to know if you have to be a programmer to be a good penetration tester or you just need networking skills?

tibul

hmm i cant see that people would need to be a programmer to go for this qualification as mostly from what i have read you use tools already in excistence for the penetration testing etc.

Webmaster

You don't need to be a 'great' programmer (though it helps a lot), but you should be able to create a simple script, interpret basic code, etc. But the CEH is created mainly for sys and network admins, not for programmers.

keatron

Webmaster wrote:

You don't need to be a 'great' programmer (though it helps a lot), but you should be able to create a simple script, interpret basic code, etc. But the CEH is created mainly for sys and network admins, not for programmers.

This is 100% accurate. Although, keep in mind, the C|EH DOES NOT make you a good pen tester. It gives you a solid introduction into what pen testing is all about. What you want to strive for after the C|EH is understanding why and how the tools work the way they do. Then you'll eventually want to get into coding a scripting to create your own tools/exploits. I'll admit, most of the stuff I've created is not pretty (I don't spend time on fancy GUI's), but it works exactly like I want it to, and that's what's important. Keep in mind, programming is just like anything else, it should be geared toward whatever your end goal is. I don't write software for a living, so I'm not interested in putting in the time to become a great developer. I do indeed spend time interpreting perl scripts and creating my own in order to bring about a desired result. Look at it this way; you have different levels of runners. Some are marathon runners who practice a lot and spend a good amount of time training. Then you have your casual runners who might run 2 miles 3 days a week just to stay in shape. Think of me as the casual runner (snippet coder), and someone like JD as the marathon runner (developer i.e programming/coding god). So do you need to be able to write code to get through the C|EH exam? No. But as a security professional, it should be a goal.

However, I do have the version 5 instructor and student manuals for the C|EH classes, and for the first time, there's nearly an entire module devoted to creating things via scripts and basic coding. For example, trojans, exploits, etc. So you might not be asked any coding questions on the current exam, but as soon as the new version of the exam hits, you might see more.

philbm900

Just wandering at what age you guys started programming.... I heard alot of people say they knew how too program in 4 different languagues when they were 18. It makes me look like I am super late.

philbm900

Any replies?.......

seuss_ssues

Once you have a good foundation of programming logic picking up new languages is fairly easy.

JDMurray

keatron wrote:

Think of me as the casual runner (snippet coder), and someone like JD as the marathon runner (developer i.e programming/coding god).

Me? A (*cough cough*) "programming/coding god?"

I'm more of a "software Oracle" that purports to commune with the software Gods.

Actually, I consider myself to be an opinionated software hack who just happens to have earned most of my paychecks by writing software for the past, uh, 23 years. Still, thanks keatron for the honorific appellation.

JDMurray

philbm900 wrote:

Just wandering at what age you guys started programming.... I heard alot of people say they knew how too program in 4 different languagues when they were 18. It makes me look like I am super late.

This will depend upon how old a person is. Kids today have the technology to start learning programming as soon as they learn to use a mouse and keyboard. Today's "twenty-somethings" had easy access to computers as teenagers. Us "older folks" didn't get to touch a computer until we got to college, when people didn't learn to program unless they went to college.

Most 18yo kids are looking to inflate their public image in ways that can't be easily disproved by other people. Saying that you can program in four different computer languages isn't the same as programming in four different languages well (not that most people at that age would know what "programming well" is). There is the occasional prodigy, but they are already majoring in math or CS by age 16, and their skills are evident without the need to brag.

Don't limit yourself by what other people have accomplished--or said that they accomplished--by a certain age. The sooner you start learning program, studying a foreign language, practicing a sport, playing a musical instrument, or whatever, the sooner you will get better at it. "Time spent" is always the first prerequisite for acquiring skills and gaining experience.

holysheetman

I'm a network administrator / server farm administrator working as a contractor for the Navy. I work at a military base but I don't utilize any of the tools I learned while preparing for the CEH exam; hope that gives you an idea of how useless the CEH really is

keatron

holysheetman wrote:

I'm a network administrator / server farm administrator working as a contractor for the Navy. I work at a military base but I don't utilize any of the tools I learned while preparing for the CEH exam; hope that gives you an idea of how useless the CEH really is

There's probably a dedicated security team (or the Navy does it themselves). With that being said, I could see how you can describe it as useless because obviously your job description doesn't entail you doing anything to make any use of it. That's just like saying I have a CCIE but I do SQL programming so my CCIE is useless. As a server or server farm administrator, I can't see why you wouldn't be testing the latest exploits against your server configurations (not live but via VMWare with configurations mirroring your production environment). Besides, if you're a sub-contractor for DoD then you're probably explicitly prohibited from using any tools in the C|EH curriculum or any tools remotely similar to them. I can't count how many times a vulnerability was announced, someone released a script or exploit module for the vulnerability (metasploit module for example), then a patch was released to address that vulnerability. I proceed to modify the exploit/script based on what I know the patch to have addressed and how it supposedly addressed it, then proceed to carry out the same exploit with only minor modifications to publicly available tools and scripts. This is what it's all about.

crap I forgot my old pwd

When I was 18 I was more concerned with certs than with programming languages. I finished up Security+, i-Net+, A+, and Network+ all in high school but I was also learning Java. Now I'm 19 and in college, I've become much more proficient with C++ and have gotten even better with Java. I have no difficulties understanding the material on C|EH. As long as you know the basics (loops, if else, identifiers, return types, etc) then you can easily pick up other languages as well. I wanna do C|EH but I have NO time with my class schedules to study for it : \ I must say though, the best hacking tools are the ones you make yourself to do one specific function. Sometimes you need to get something done, and nobody else has written a program to do it, so for the real world, you should know how to code (especially since tons of tools are open source).

keatron

crap I forgot my old pwd wrote:

When I was 18 I was more concerned with certs than with programming languages. I finished up Security+, i-Net+, A+, and Network+ all in high school but I was also learning Java. Now I'm 19 and in college, I've become much more proficient with C++ and have gotten even better with Java. I have no difficulties understanding the material on C|EH. As long as you know the basics (loops, if else, identifiers, return types, etc) then you can easily pick up other languages as well. I wanna do C|EH but I have NO time with my class schedules to study for it : \ I must say though, the best hacking tools are the ones you make yourself to do one specific function. Sometimes you need to get something done, and nobody else has written a program to do it, so for the real world, you should know how to code (especially since tons of tools are open source).

The very essence of my point. The whole concept of doing to a system what it wasn't designed for, or doing something a savy network admin would never think of hinges on your individual creativity. If you're stuck with only using out of the box programs and tools, then you're limited to how creative you can be. Again, the real value of the C|EH is letting you see how and why some of the most popular and effective boxed tools work. Once you understand the how and why, you can then began to come up with your own possibilities and creation. And that's when this job of pen testing becomes a hobby, something you love to do, like a drug you can't get enough of.