CEH

Hello...

These types of classes are usually kind of expensive. They can also be even more expensive if you have to travel to the school. I chose to do the self study course through Ec-Council. It saved me well over a grand, since there was no training in my area at the time. A few things you need to look at before doing the self study.....You have to get an approval voucher from Ec-Council before taking the exam. You get this voucher by attending one of the schools or by filling out a form that says you have at least 2 years security experience. So, if you don't have the experience and you want to take the test, you will have to attend a school. (check out Intense schools). As far as the actual test is concerned....version 3 (the current version) is 225.00....120 questions...and it was a lot more difficult than I thought it would be. I was really suprised. You really need to know the tools......The certificate is one of the nicer ones that I have seen...And the membership card is pretty cool...It is a bootable linux cd....I hope this answers some of your questions.

Do you think it's possible that I pass this exam with the certs I have? Been through three years of college taking IS courses, got my Associates. Been on this current job for 6 months. This combined with the fact that I'm genuinely interested in this cert and am willing to study harder than ever before. I don't mind it being difficult, in fact I prefer that as opposed to simple.

How exactly do I get the material for the self study track? I was approved, by the way.

I see the book on amazon for much cheaper than ECC offers it. Do you happen to know if the amazon book is for the new test version?

Version 2.3 of the exam expired on 30th July 2004, and the self study guide is from November 2003, so I guess the book is not updated for version 3 (or 3.1 which will include an extra module 'Module 22: Penetration Testing Methodologies')

Congrats on getting approved!

You can order the self study kit straight from EC-Council. You can get the actual book for a lot less money on the web....but, you will not get the extra material that is needed for the exam. Looking back, I am very glad that I ordered the self study kit.

Ah, so the $160 is for an entire kit and not just the book?

Just ordered the kit from ECC. Hopefully it arrives soon.

I'm curious what the difference is between the self-study kit and the official study guide from Amazon, as I read that the book contains a CD-rom with (some of) the tools listed in the exam objectives.

Did you receive it yet Lost? Is it worth the extra $$?

Haven't received it yet, but I'll post what all it contains when I do.

Thanks. I'm considering buying the Hacking Exposed book as well as I read it is a good additional source for the exam. If you want a head start you can download a Sample Chapter (PDF) about Enumeration (corresponds with Module 4 of the CEH objectives) from:
http://shop.osborne.com/cgi-bin/osborne/0072227427.html

xevious

I ordered the self-study kit from EC-council which had a label of pre-3.01 release on the box several months ago.

It contained:

1 Study book: Hacker's Beware (red & white cover)
2 large 2" 3-ring binders with lab and reading modules
2 Knoppix CDs: 1 with tools and the other I forgot.

I'll check it out tonight for a more exact listing of material. I've been carrying the study book in the car, but left the remaining stuff in the box.

The kit was shipped from Malaysia, so it may take a bit to arrive. FYI

Also, while mentioning Knoppix...

have a look at the STD distro. (Security Tools Distribution) at www.knoppix-std.org

or the Auditor's collection toolkit (based on knoppix live) at http://moser-informatik.ch/?page=products&lang=eng

-Xevious

Webmaster, you may want to check out 'Hacking: The Art of Exploitation'

Not sure how much of it will be on the exam, but I'm reading it now and it's a fantastic book.

xevious

A fun book to read is 'The Hacker Diaries : Confessions of Teenage Hackers.' It has a bunch of stories about hackers, the underground scene, and how they eventually got caught.

-Xevious

FYI
CEH kit contains:

1. Pen & small note pad
1. Study book: Hackers Beware (book sold on ebay)
1. Knoppix Live CD
1. Resource CD
2. 2" 3-ring binder (hardcopy lab modules)

Thanks for the tips. I'll check out both of those books. Security, and hacking in particular, is definitely a topic that sticks better when reading multiple different books.

Another book I really enjoyed reading is The Art of Deception by Kevin Mitnick. It's about social engineering and I think it is a must read for everyone, even if you're not in IT.

Xevious wrote:

CEH kit contains:

1. Pen & small note pad
1. Study book: Hackers Beware (book sold on ebay)
1. Knoppix Live CD
1. Resource CD
2. 2" 3-ring binder (hardcopy lab modules)

So I guess the most valuable item on that list (compared with the official study guide) are the binders right?

Thanks for the Knoppix links, pretty cool.

I'll probably have to remaster it before it will work with my crappy Realtek wireless network card though...

Webmaster wrote:

So I guess the most valuable item on that list (compared with the official study guide) are the binders right?

Yes, use the binders to highlight the areas you really need to know. Use that as the foundation of your studies.

How did you setup labs to study for this?

LostInSpace wrote:

How did you setup labs to study for this?

Sorry, it took a while to respond to this...I have been out of the office teaching a course and preparing for my new job!

The way I did the labs on this was to setup multiple machines with different operating systems....some patched others not...I used some of my cisco routers to separate the networks and some linksys wireless routers for that portion. This was easy since I work at a place where I had about 50 computers to work with. If you only have a few machines that you can work with....Setup a Linux box and a Windows 2000 server w/ FTP, IIS, and AD. Then use the tools on the cds. If you know the stuff in the binders of the self study kit, you should be ok.

I didn't want to start a new post, so I hope you answer this.

What tools are on the exam? I mean, the cd contains many more tools than what are covered in the text. Does the exam only really cover which ones are in the text? I just need to know which ones that I should look over more thoroughly and which ones I should browse through. A lot of them are the same, so picking it's tough to pick out defining features of some.

Any input would be appreciated, thanks a lot.

(Ten9t6 has some very busy weeks... he'll be back though

)

I don't know if this helps, but I noticed a list at the ec-council site, my expectation is that they can all be part of the exam:
http://eccouncil.org/312-50.htm

Are there more/others on the CD than listed at that page?

JOblessELement

Sheesh, there's a certication for being a "ethical" hacker?

What next? CETT ... Certified Ethical Test Taker? They really need one of those.

Webmaster: Yes, a lot more. The modules/tools listed on that page correspond with the modules/tools in the binders. I'm assuming that anything NOT in the binders/on the web site will not be heavily tested upon and are just included for completeness.

I assume the same, but I hope ten9t6 can confirm this, as my guess is not as good as yours. I think I would go through them to see 'what' they do (instead of how they work exactly and the correct syntax/parameters).

(Ten9t6 just started a new job which is keeping him kind of occupied.)

To anyone that's taken this exam.

The numerous exploits covered in the 'Hacker's Beware' book, are they covered on the exam? I realize a few general ones may be covered, but will I need to memorize every exploit they mention, as well as what it exploits and what OS's it's used against?

feline78

hi all,
i just submiited my application for approval of the EC0-350 exam. could anyone tell me how long they take to reply in this matter?

A day or two.

Sulblk27

OK silly question...however, am I understanding that I don't need a voucher to get the study guides/books ? The voucher is just for the exam? (Not that I'm nowhere near where I want to be in order to take it...)

feline78

Hi all,
i did finally get approved by the ec council to sit for the ceh exam, just waiting for the study kit to arrive.
what i would really like to know from the people who have cleared this exam is that how much has the cert helped in their career? did they get any benefits such as a better job, raise etc?

I doubt this certification will get you a raise or career advancement. The material isn't that advanced. It teaches some theory, but it is mostly tools.
I'm not saying you won't learn anything while preparing for it, just that if you're looking to advance in your career with a certification, I would go for something else.

This book does teach a bit on how you would go about pen testing a network.

However, it is mostly a listing of tools, how to use those tools, counter/use them for positive results. With some of the tools, it doesn't go into much detail pertaining to how they work.

All around, it has some decent material. It will introduce you to things you can (and should) expand upon in your own time. It will by no means make you a "Certified Ethical Hacker", however.

It doesn't come close to going into enough detail you would need to truly exploit things like sequence number prediction and buffer overflows. However, the sections on scanning, fingerprinting, and enumeration were fairly decent.