CEH practice

hi all..

Study material used

1) official guide
2) exam cram
3) review guide
4) basic use of etheral and nmap

but the auestion is how to get a fell of questions and depth of the question. Is there any any material where in i can test my ethical hacking skill and security skills concepts in general

Find more posts tagged with

Comments

dynamik

PrepLogic offers a practice exam, and EC Council recommends that on their site.

sexion8

nanga wrote:

hi all..
but the auestion is how to get a fell of questions and depth of the question. Is there any any material where in i can test my ethical hacking skill and security skills concepts in general

Your best bet is to try to understand as much as you can overall about most subjects. The exam was easy for me but I also have a lot of experience in the industry (over 10 years). I saw people fail it horribly who I thought would pass the exam.

Focus on understanding the common tools, usage in each module and you will do fine. Understand what tool does what SPECIFICALLY, its parameters, how you would use them, etc., I suggest playing with Backtrack for at least 6months to a year if you have zero experience either professionally or even on a hobby level.

shednik

sexion8 wrote:

Your best bet is to try to understand as much as you can overall about most subjects. The exam was easy for me but I also have a lot of experience in the industry (over 10 years). I saw people fail it horribly who I thought would pass the exam.

Focus on understanding the common tools, usage in each module and you will do fine. Understand what tool does what SPECIFICALLY, its parameters, how you would use them, etc., I suggest playing with Backtrack for at least 6months to a year if you have zero experience either professionally or even on a hobby level.

Are there any books you would recommend as well to go with that aside from the CEH course materials and such?

rbutturini

Have you looked into the De-ICE simulated environment liveboot CDs?
http://www.de-ice.net/

These will help you with several of the exam concepts.

sexion8

shednik wrote:

Are there any books you would recommend as well to go with that aside from the CEH course materials and such?

Yes no yes no yes no... Here are books I recommend you read for the sake of learning and understanding "hacking" (if we resume calling it so) Hacking Exposed 5th Edition, Counter Hack Reloaded, Hacker's Challenge (Mike Schiffman), Stealing the Network: How to Own the Box... Stay away from CEH: Official Certified Ethical Hacker Review Guide: Exam 312-50 its a waste of money.

So again, let me ramble on this for a minute or two to help you understand a thing or two... What is it you ultimately want to do, actually learn the trade, or just cert for whatever reason. I can guarantee you that if you get into it wanting to learn, you will, can and perhaps excel at it. If you go into it solely looking for a paper, than read anything from A-Z on the subject, memorize what sounds juicy and roll the dice.

The C|EH and CHFI were easy to me and they were also disappointing. I took C|EH v5 and finished it pretty fast in fact both exams in under two hours. I did not study, I took a bootcamp my company paid for and spent half the time actually teaching others and assisting the proctor in easy to understand terms. (He's a CISSP, C|EH, CHFI, A+, MC*you_name_it, Security+). The initial leaning for the C|EH was to be a sort of pentesting, knowledgeable cert which turned into a marketing fiasco. 1) Do not think it is all that easy, you do have to understand the common bodies of it all, but it is slightly above an entry level certification.

So... Determine what you want to do. Do you want to learn the trade and prosper, or solely pass a cert, hope to get a job with your new found cert only to get fired weeks or months later because you chose to memorize, without actually understanding how to implement and work with specific tools, areas of security. I know plenty of well certified people who know little and are often opening up www.JoeBlowSecurityConsulting.com because they couldn't make it in the real world.

My advice, take the books I recommended, understand them as best as you can. Practice them in lab environments, implement different attacks and understand what is happening throughout the scenario. Understand what to look for in a sniffer as many vary, understand what scanners are to be used where, when and why. Understand a lot of the modules at their core and use (real world/lab use) the top tools in those modules until you can recall specific attack vectors, information gathering vectors as if your brain were a command line terminal.

I guarantee you this method works better than simply trying to memorize since as you begin to use different tools and work with different scenarios, you will see that 1) the fundamental core remains the same 2) you understand things easier (which means you've memorized it) 3) the knowledge you gain can be carried on into other certs, e.g. OPST, OSCP, GPEN, etc.

rbutturini

Great post above! I can vouch for the books from EC-council not being worth the paper they are printed on. They're basically bound copies of the slides from the course. To add to the book list, I like Grey Hat Hacking myself.

You really have to know the concepts of what makes the tools useful, why they do what they do, etc. to truly benefit from earning the certification. Just knowing a few nmap switches and "leet" hacking tools will make you look foolish if you ever have to do an actual pentest. Understanding the concepts and the technologies in play make you able to adapt and react to a dynamic live environment and be a more successful security professional.

Back to the exam, It is NOT an easy exam by any stretch of the imagination. That being said it certainly isn't as hard as say an OSCP or something which involves actual sitting down and implementing the skills you are to have learned, but you really do need to know a lot of vocabulary, details about attacks and threats, and TCP/IP networking. WIth the number of questions on the exam, there's a very broad range of material that can be covered.

Just a few extra thoughts...

shednik

sexion8 wrote:

So again, let me ramble on this for a minute or two to help you understand a thing or two... What is it you ultimately want to do, actually learn the trade, or just cert for whatever reason. I can guarantee you that if you get into it wanting to learn, you will, can and perhaps excel at it. If you go into it solely looking for a paper, than read anything from A-Z on the subject, memorize what sounds juicy and roll the dice.

Well to answer your question I am not just looking for another piece of paper to have, the CEH or atleast what can be learned from the objectives are what interests me. I plan to move into security in the next few years once I find a spot open at my company. I do appreciate your insight into the security field as i've read many of your posts before. You stated in another thread before that you recommend 6 months to a year just learning backtrack, which is something I plan to do more and more once grad school lets up a bit. Once I start reading some of those books I'll be ready for more questions, I've heard some good things about this book any insight on this one??