CEH

/usr/usr Member Posts: 1,768 ■■■□□□□□□□
Anyone have information on how difficult this cert is and how much is costs to attend the training?

I emailed to find out about training centers, and they didn't tell me, but simply asked for my contact information....bah.
«134

Comments

  • Ten9t6Ten9t6 Member Posts: 691
    Hello...

    These types of classes are usually kind of expensive. They can also be even more expensive if you have to travel to the school. I chose to do the self study course through Ec-Council. It saved me well over a grand, since there was no training in my area at the time. A few things you need to look at before doing the self study.....You have to get an approval voucher from Ec-Council before taking the exam. You get this voucher by attending one of the schools or by filling out a form that says you have at least 2 years security experience. So, if you don't have the experience and you want to take the test, you will have to attend a school. (check out Intense schools). As far as the actual test is concerned....version 3 (the current version) is 225.00....120 questions...and it was a lot more difficult than I thought it would be. I was really suprised. You really need to know the tools......The certificate is one of the nicer ones that I have seen...And the membership card is pretty cool...It is a bootable linux cd....I hope this answers some of your questions.
    Kenny

    A+, Network+, Linux+, Security+, MCSE+I, MCSE:Security, MCDBA, CCNP, CCDP, CCSP, CCVP, CCIE Written (R/S, Voice),INFOSEC, JNCIA (M and FWV), JNCIS (M and FWV), ENA, C|EH, ACA, ACS, ACE, CTP, CISSP, SSCP, MCIWD, CIWSA
  • /usr/usr Member Posts: 1,768 ■■■□□□□□□□
    Do you think it's possible that I pass this exam with the certs I have? Been through three years of college taking IS courses, got my Associates. Been on this current job for 6 months. This combined with the fact that I'm genuinely interested in this cert and am willing to study harder than ever before. I don't mind it being difficult, in fact I prefer that as opposed to simple.

    How exactly do I get the material for the self study track? I was approved, by the way.
  • /usr/usr Member Posts: 1,768 ■■■□□□□□□□
    I see the book on amazon for much cheaper than ECC offers it. Do you happen to know if the amazon book is for the new test version?
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    Version 2.3 of the exam expired on 30th July 2004, and the self study guide is from November 2003, so I guess the book is not updated for version 3 (or 3.1 which will include an extra module 'Module 22: Penetration Testing Methodologies')

    Congrats on getting approved!
  • Ten9t6Ten9t6 Member Posts: 691
    You can order the self study kit straight from EC-Council. You can get the actual book for a lot less money on the web....but, you will not get the extra material that is needed for the exam. Looking back, I am very glad that I ordered the self study kit.
    Kenny

    A+, Network+, Linux+, Security+, MCSE+I, MCSE:Security, MCDBA, CCNP, CCDP, CCSP, CCVP, CCIE Written (R/S, Voice),INFOSEC, JNCIA (M and FWV), JNCIS (M and FWV), ENA, C|EH, ACA, ACS, ACE, CTP, CISSP, SSCP, MCIWD, CIWSA
  • /usr/usr Member Posts: 1,768 ■■■□□□□□□□
    Ah, so the $160 is for an entire kit and not just the book?
  • /usr/usr Member Posts: 1,768 ■■■□□□□□□□
    Just ordered the kit from ECC. Hopefully it arrives soon.
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    I'm curious what the difference is between the self-study kit and the official study guide from Amazon, as I read that the book contains a CD-rom with (some of) the tools listed in the exam objectives.

    Did you receive it yet Lost? Is it worth the extra $$?
  • /usr/usr Member Posts: 1,768 ■■■□□□□□□□
    Haven't received it yet, but I'll post what all it contains when I do.
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    Thanks. I'm considering buying the Hacking Exposed book as well as I read it is a good additional source for the exam. If you want a head start you can download a Sample Chapter (PDF) about Enumeration (corresponds with Module 4 of the CEH objectives) from:
    http://shop.osborne.com/cgi-bin/osborne/0072227427.html
  • xeviousxevious Member Posts: 59 ■■□□□□□□□□
    I ordered the self-study kit from EC-council which had a label of pre-3.01 release on the box several months ago.

    It contained:

    1 Study book: Hacker's Beware (red & white cover)
    2 large 2" 3-ring binders with lab and reading modules
    2 Knoppix CDs: 1 with tools and the other I forgot.

    I'll check it out tonight for a more exact listing of material. I've been carrying the study book in the car, but left the remaining stuff in the box.

    The kit was shipped from Malaysia, so it may take a bit to arrive. FYI

    Also, while mentioning Knoppix...

    have a look at the STD distro. (Security Tools Distribution) at www.knoppix-std.org

    or the Auditor's collection toolkit (based on knoppix live) at http://moser-informatik.ch/?page=products&lang=eng

    -Xevious
  • /usr/usr Member Posts: 1,768 ■■■□□□□□□□
    Webmaster, you may want to check out 'Hacking: The Art of Exploitation'

    Not sure how much of it will be on the exam, but I'm reading it now and it's a fantastic book.
  • xeviousxevious Member Posts: 59 ■■□□□□□□□□
    A fun book to read is 'The Hacker Diaries : Confessions of Teenage Hackers.' It has a bunch of stories about hackers, the underground scene, and how they eventually got caught.

    -Xevious


    FYI
    CEH kit contains:

    1. Pen & small note pad
    1. Study book: Hackers Beware (book sold on ebay)
    1. Knoppix Live CD
    1. Resource CD
    2. 2" 3-ring binder (hardcopy lab modules)
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    Thanks for the tips. I'll check out both of those books. Security, and hacking in particular, is definitely a topic that sticks better when reading multiple different books.

    Another book I really enjoyed reading is The Art of Deception by Kevin Mitnick. It's about social engineering and I think it is a must read for everyone, even if you're not in IT.
    Xevious wrote:
    CEH kit contains:

    1. Pen & small note pad
    1. Study book: Hackers Beware (book sold on ebay)
    1. Knoppix Live CD
    1. Resource CD
    2. 2" 3-ring binder (hardcopy lab modules)
    So I guess the most valuable item on that list (compared with the official study guide) are the binders right?

    Thanks for the Knoppix links, pretty cool. icon_cool.gif
    I'll probably have to remaster it before it will work with my crappy Realtek wireless network card though...
  • Ten9t6Ten9t6 Member Posts: 691
    Webmaster wrote:
    So I guess the most valuable item on that list (compared with the official study guide) are the binders right?

    Yes, use the binders to highlight the areas you really need to know. Use that as the foundation of your studies.
    Kenny

    A+, Network+, Linux+, Security+, MCSE+I, MCSE:Security, MCDBA, CCNP, CCDP, CCSP, CCVP, CCIE Written (R/S, Voice),INFOSEC, JNCIA (M and FWV), JNCIS (M and FWV), ENA, C|EH, ACA, ACS, ACE, CTP, CISSP, SSCP, MCIWD, CIWSA
  • /usr/usr Member Posts: 1,768 ■■■□□□□□□□
    How did you setup labs to study for this?
  • Ten9t6Ten9t6 Member Posts: 691
    How did you setup labs to study for this?

    Sorry, it took a while to respond to this...I have been out of the office teaching a course and preparing for my new job! :D

    The way I did the labs on this was to setup multiple machines with different operating systems....some patched others not...I used some of my cisco routers to separate the networks and some linksys wireless routers for that portion. This was easy since I work at a place where I had about 50 computers to work with. If you only have a few machines that you can work with....Setup a Linux box and a Windows 2000 server w/ FTP, IIS, and AD. Then use the tools on the cds. If you know the stuff in the binders of the self study kit, you should be ok.
    Kenny

    A+, Network+, Linux+, Security+, MCSE+I, MCSE:Security, MCDBA, CCNP, CCDP, CCSP, CCVP, CCIE Written (R/S, Voice),INFOSEC, JNCIA (M and FWV), JNCIS (M and FWV), ENA, C|EH, ACA, ACS, ACE, CTP, CISSP, SSCP, MCIWD, CIWSA
  • /usr/usr Member Posts: 1,768 ■■■□□□□□□□
    I didn't want to start a new post, so I hope you answer this. :D

    What tools are on the exam? I mean, the cd contains many more tools than what are covered in the text. Does the exam only really cover which ones are in the text? I just need to know which ones that I should look over more thoroughly and which ones I should browse through. A lot of them are the same, so picking it's tough to pick out defining features of some.

    Any input would be appreciated, thanks a lot.
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    (Ten9t6 has some very busy weeks... he'll be back though :))

    I don't know if this helps, but I noticed a list at the ec-council site, my expectation is that they can all be part of the exam:
    http://eccouncil.org/312-50.htm

    Are there more/others on the CD than listed at that page?
  • JOblessELementJOblessELement Member Posts: 134
    Sheesh, there's a certication for being a "ethical" hacker?

    What next? CETT ... Certified Ethical Test Taker? They really need one of those.
    I am free of all prejudices. I hate everyone equally.
  • /usr/usr Member Posts: 1,768 ■■■□□□□□□□
    Webmaster: Yes, a lot more. The modules/tools listed on that page correspond with the modules/tools in the binders. I'm assuming that anything NOT in the binders/on the web site will not be heavily tested upon and are just included for completeness.
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    I assume the same, but I hope ten9t6 can confirm this, as my guess is not as good as yours. I think I would go through them to see 'what' they do (instead of how they work exactly and the correct syntax/parameters).

    (Ten9t6 just started a new job which is keeping him kind of occupied.)
  • /usr/usr Member Posts: 1,768 ■■■□□□□□□□
    To anyone that's taken this exam.

    The numerous exploits covered in the 'Hacker's Beware' book, are they covered on the exam? I realize a few general ones may be covered, but will I need to memorize every exploit they mention, as well as what it exploits and what OS's it's used against?
  • feline78feline78 Member Posts: 8 ■□□□□□□□□□
    hi all,
    i just submiited my application for approval of the EC0-350 exam. could anyone tell me how long they take to reply in this matter?
  • /usr/usr Member Posts: 1,768 ■■■□□□□□□□
  • Sulblk27Sulblk27 Member Posts: 148
    OK silly question...however, am I understanding that I don't need a voucher to get the study guides/books ? The voucher is just for the exam? (Not that I'm nowhere near where I want to be in order to take it...)
    Someone asked me when will my studying be over......
  • feline78feline78 Member Posts: 8 ■□□□□□□□□□
    Hi all,
    i did finally get approved by the ec council to sit for the ceh exam, just waiting for the study kit to arrive.
    what i would really like to know from the people who have cleared this exam is that how much has the cert helped in their career? did they get any benefits such as a better job, raise etc?
  • /usr/usr Member Posts: 1,768 ■■■□□□□□□□
    I doubt this certification will get you a raise or career advancement. The material isn't that advanced. It teaches some theory, but it is mostly tools.
    I'm not saying you won't learn anything while preparing for it, just that if you're looking to advance in your career with a certification, I would go for something else.
  • /usr/usr Member Posts: 1,768 ■■■□□□□□□□
    This book does teach a bit on how you would go about pen testing a network.

    However, it is mostly a listing of tools, how to use those tools, counter/use them for positive results. With some of the tools, it doesn't go into much detail pertaining to how they work.

    All around, it has some decent material. It will introduce you to things you can (and should) expand upon in your own time. It will by no means make you a "Certified Ethical Hacker", however.

    It doesn't come close to going into enough detail you would need to truly exploit things like sequence number prediction and buffer overflows. However, the sections on scanning, fingerprinting, and enumeration were fairly decent.
  • /usr/usr Member Posts: 1,768 ■■■□□□□□□□
    By the way, I'm taking this exam on December 30th.

    I haven't sat for an exam since May, when I got my Security+...so I'm a bit nervous. Wish me luck!
Sign In or Register to comment.